ArcGIS Server can be secured with users and roles from a custom identity store.
Note:
Custom identity stores will not be supported after the 10.7.x release cycle. See Control access in ArcGIS Server for recommended security configurations.
To do this, ArcGIS Server provides a Java interface that can be extended to define the user and role management functions. Through this capability, any custom identity store that is accessible through Java may be used to configure ArcGIS Server security. For example, a relational database system can be used as a custom identity store through that database's JDBC (Java Database Connectivity) API.
The main steps to configure a custom identity store using Java are as follows:
- Set up a Java development environment.
- Implement the identity store in Java.
- Deploy the custom identity store to ArcGIS Server.
- Configure ArcGIS Server to use the custom identity store.
Set up a Java development environment
- Install ArcGIS Server on your development environment.
- Create a Java project in a Java IDE of your choice.
- Add the following Java libraries to the project's build path:
- <ArcGIS Server installation directory>\framework\lib\server\arcgis-admin.jar
- <ArcGIS Server installation directory>\framework\lib\server\arcgis-common.jar
- Create a Java class that implements the following interfaces:
- com.esri.arcgis.discovery.admin.security.UserStore
- com.esri.arcgis.discovery.admin.security.RoleStore
Note:
For the Java documentation, see <ArcGIS Server installation directory>\help\samples\java\javadoc\index.html.
Implement the identity store in Java
Implement the methods for the UserStore and RoleStore interfaces. See <ArcGIS Server installation directory>\help\samples\java\CustomFileStore\ for a sample implementation.
Deploy the custom identity store to ArcGIS Server
- Bundle the custom identity store implementation into a .jar file.
- Stop the ArcGIS Server process.
- Deploy the custom identity store .jar file and any other additional java libraries to the <ArcGIS Server installation directory>\framework\lib\server\ folder.
- Start the ArcGIS Server process.
Configure ArcGIS Server to use the custom identity store
- Open the ArcGIS Server Administrator Directory and log in.
- Click security > config > updateIdentityStore.
- Enter the User Store configuration in JSON format. The syntax is as follows:
{ "type": "JAVA", "class": "Fully qualified Java User Store class name", "properties": { "Property One": "value", .... "Property X": "value" } }
The type and class parameters are required. The individual store properties are optional and depend on your custom identity store implementation. For example, if the required parameters are hard-coded in your implementation, you do not need to specify any properties:
{ "type": "JAVA", "class": "Fully qualified Java User Store class name", "properties": {} }
- Enter the Role Store configuration in JSON format. The syntax is as follows:
{ "type": "JAVA", "class": "Fully qualified Java Role Store class name", "properties": { "Property One": "value", .... "Property X": "value" } }
- Click update to save your configuration.