This site contains the documentation that is relevant to older WSO2 product versions and offerings.
For the latest WSO2 documentation, visit https://wso2.com/documentation/.

Customizing User Management

Owned by Former user (Deleted)
Last updated: Oct 31, 2014
3 min read

You can create a custom implementation of the user management functionality and use it in WSO2 products. The following sections describe the user management architecture to help you understand how to customize it:

User management architecture

The complete functionality and contents of a user store is called a realm. The realm includes the user management classes, configuration, and repository. A realm is exposed as a service so that other classes can interact with the user store.

Following is more information about the user management classes.

User Store Manager

The User Store Manager is responsible for managing the underlying user store. It is represented by the UserStoreManager Java interface. There can be different User Store Manager implementations to connect with different user stores, but you can configure only one User Store Manager implementation in a single user realm (that is, a single WSO2 Carbon instance). The User Store Manager can be operated in both read/write mode and read-only mode. In read-only mode, you can only connect with an existing user store. WSO2 products provide the following default User Store Manager implementations:

  • JDBCUserStoreManager (read and write)
  • LDAPUserStoreManager (read-only)
  • ApacheDSUserStoreManager (read and write)

You can write a custom user store manager implementation by implementing UserStoreManager or by extending AbstractUserStoreManager or one of the default implementations.

Using JDBCUserStoreManager

The JDBCUserStoreManager class uses a schema that is specific to WSO2 Carbon. It contains the following tables:

  • UM_USER: Contains user names and passwords
  • UM_ROLE: Contains role names
  • UM_USER_ROLE: Contains user role mappings
  • UM_USER_ATTRIBUTE: Contains user attributes. There can be any attribute ID and a value for that attribute ID that is associated with a user’s profile.

You can find the full schema of these tables from the database script files in the <PRODUCT_HOME>/dbscripts directory. Note that these scripts also contain schemas for other tables that are used for user management and registry functions. If your organization contains an existing JDBC user store that you want to use with a WSO2 product, you must extend JDBCUserStoreManager and write a new implementation for your user store according to your schema.

Authorization Manager

The Authorization Manager uses role-based access control (RBAC) to protect resources related to the WSO2 Carbon platform. The default implementation of the Authorization Manager is JDBCAuthorizationManager, which uses a permission model specific to WSO2 Carbon and uses the authorization data that is stored in tables in the JDBC database. You can replace this implementation with a custom implementation (for example, if you want to use a XACML authorization manager) and use it with WSO2 products.

Claim Manager

In WSO2 Identity Server, the Claim Manager is responsible for adding/deleting claims and mapping claims from one namespace to another. The default implementation is DefaultClaimManager, which is used to store claim data in tables of the JDBC database.

##TBD: add info from here: http://pushpalankajaya.blogspot.com/2013/09/how-to-write-custom-user-store-manager.html