Overview of the WAM Services API
The WAM Services API enables you to create and deploy WAM services for use from custom access control rules, session event handlers, login modules, callback handlers, and other services.
WAM services are useful for implementing centralized business functionality that can be reused from any of these components.
WAM services are not intended to replace application server components like servlets, Enterprise Java Beans, or CORBA objects. They are very lightweight and are designed to support caching and performance enhancements to security-related business logic.
In fact, WAM services can easily make use of servlets and EJBs by hosting client code that accesses them. Each loaded WAM service has a single instance, so they must be written to be thread-safe and they should be designed to be as fast and efficient as possible.
We provide some tips on how to accomplish this in Programming with WAM Services.
WAM ships with two standard services available from every security domain:
LdapConnectionPoolService: Used by the WAM LdapLoginModule to improve authentication performance and scalability.
UserRepositoryService: Enables loading and reloading of users, passwords, and roles from a WAM XML-formatted file. Values are cached in memory for high-performance authentication from the WAM XmlLoginModule.
You might find it useful to create a custom service that can send an email or text message to an administrator on certain security events, or a service that computes the number of days left in a user’s web site subscription.
These services are general enough that they may be useful from access control rules, session event handlers, login modules, and so forth. Making them WAM services enables you to leverage and reuse them.
Each WAM security domain has a service manager, which may manage zero or more
WAM services. A service instance is available only to components within the
same security domain, so a service
hosted within the
system security domain
is not accessible from components in security domain
Figure 1 shows the relationship of high-level WAM components to WAM services.
Figure 1 - WAM services are managed and accessible only within the scope of a security domain
WAM services are registered within the service-manager element of
When the enclosing security domain is loaded, each service registered with a
service manager is loaded.
A service is configured via its
and is given a ServiceConfig Object, which provides access to the following:
Configuration parameters as name/value pairs.
The Logger for the enclosing security domain.
A ServiceFinder for accessing other services within the security domain.
Services must indirectly implement the WAM service interface defined by class
If a service implements interface
then that service is started and stopped when the security domain is started
and stopped. This gives services a way to gracefully set up and clean up application
state before and after service requests can be made.
The Services you write should define an interface that extends one of these two types, adding whatever business-level methods are appropriate for the service.
A service is uniquely identified by its String identifier, which must be unique within its security domain. It can be looked up by this identifier or by its type, which is defined by the Java interface class that it implements.
a service is implemented by class
implements the Java interface
com.mycompany.services.MyService, then its service
You’ll see how the service type is used in the examples provided in this section.