You can store authorization information in a data store other than the ACDB. The authorization delegate establishes a connection to the data store where the authorization information is stored, and retrieves authorization information.
To configure the authorization delegate to access an alternate data store:
Create a custom EJB that implements the com.sybase.ep.security.authorization.AuthorizationDelegate local interface, and deploy it to your application server. For information about this interface, see the SMAPI documentation. For information about implementing custom EJBs, see the EAServer Programmer’s Guide.
The default configuration included with the product uses the com.sybase.ep.security.authorizationdelegate/ACDBAuthDelegate component.
Disable implicit role mapping. Edit the security.propeties file, and set the value of the defaultRolemappingEnabled property to false.
Restart your application server for the changes to take effect.
In the com.sybase.ep.security.sessionsvcs/PortalSession component, reassign the ejb/AuthorizationDelegate local EJB reference to point to your newly created EJB component. For EAServer, see “Creating Web Applications” in the EAServer Programmer’s Guide. For WebLogic, see the BEA documentation.
If you use a custom authorization delegate to access a data store other than the ACDB, Enterprise Security Manager will not work. As an alternative, you can create your own management tools to configure Enterprise Security services.
If you use the authorization delegate to access another data store, any programming that you have done using either the existing Security Object Management API or SCAPI (a framework that allows cross-platform development) will not work.
If you write a custom authorization delegate that does
not use the standard ACDB schema,
you must disable implicit role mapping—see “Implicit role mapping”.
