See wam Menu

Overview of the WAM Services API

The WAM Services API enables you to create and deploy WAM services for use from custom access control rules, session event handlers, login modules, callback handlers, and other services.

WAM services are useful for implementing centralized business functionality that can be reused from any of these components.

WAM services are not intended to replace application server components like servlets, Enterprise Java Beans, or CORBA objects. They are very lightweight and are designed to support caching and performance enhancements to security-related business logic.

In fact, WAM services can easily make use of servlets and EJBs by hosting client code that accesses them. Each loaded WAM service has a single instance, so they must be written to be thread-safe and they should be designed to be as fast and efficient as possible.

We provide some tips on how to accomplish this in Programming with WAM Services.

WAM ships with two standard services available from every security domain:

  • LdapConnectionPoolService: Used by the WAM LdapLoginModule to improve authentication performance and scalability.

  • UserRepositoryService: Enables loading and reloading of users, passwords, and roles from a WAM XML-formatted file. Values are cached in memory for high-performance authentication from the WAM XmlLoginModule.

You might find it useful to create a custom service that can send an email or text message to an administrator on certain security events, or a service that computes the number of days left in a user’s web site subscription.

These services are general enough that they may be useful from access control rules, session event handlers, login modules, and so forth. Making them WAM services enables you to leverage and reuse them.

Overview of WAM Services

Each WAM security domain has a service manager, which may manage zero or more WAM services. A service instance is available only to components within the same security domain, so a service foo hosted within the system security domain is not accessible from components in security domain

Figure 1 shows the relationship of high-level WAM components to WAM services.

Figure 1 - WAM services are managed and accessible only within the scope of a security domain

WAM services are registered within the service-manager element of security-domain.xml. When the enclosing security domain is loaded, each service registered with a service manager is loaded.

A service is configured via its initialize method and is given a ServiceConfig Object, which provides access to the following:

  • Configuration parameters as name/value pairs.

  • The Logger for the enclosing security domain.

  • A ServiceFinder for accessing other services within the security domain.

Services must indirectly implement the WAM service interface defined by class com.cafesoft.core.service.Service.

If a service implements interface com.cafesoft.core.service.LifecycleService, then that service is started and stopped when the security domain is started and stopped. This gives services a way to gracefully set up and clean up application state before and after service requests can be made.

The Services you write should define an interface that extends one of these two types, adding whatever business-level methods are appropriate for the service.

A service is uniquely identified by its String identifier, which must be unique within its security domain. It can be looked up by this identifier or by its type, which is defined by the Java interface class that it implements.

So, if a service is implemented by class, which implements the Java interface, then its service type is

You’ll see how the service type is used in the examples provided in this section.

Have a Question?

Have a how-to question? Seeing a weird error? Contact us.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.