IBM Security Verify

 View Only
  • 1.  Creating a Custom password rule

    Posted Tue May 17, 2022 08:49 AM

    Hi everyone,

    I´m working on a custom password rule for Password Policies.

    I have created a Java class that implements Rule interface with their must methods.

    I registered the class in the Shared Libraries and paste the .jar in the correspondent route. After that, registered the custom rule in the passwordrules.properties, with the follow nomenclature: password.rule.package.className=true

    So, the custom rule is available in the rules of the policy, but when I set any value to the text-box as parameter for the class and click Apply, I received the same error.

    <LogText><![CDATA[CTGIMO002E An unhandled error occurred. The following error occurred.
    Error: java.lang.NullPointerException ]]></LogText>
    <Source FileName="com.ibm.itim.apps.ejb.policy.PasswordPolicyManagerBean" Method="checkPasswordRulesWellFormed"/>
    <TranslationInfo Type="JAVA" Catalog="tmsMessages" MsgKey="standardException.runtimeException"><Param><![CDATA[java.lang.NullPointerException]]></Param></TranslationInfo>
    </Message>

    <LogText><![CDATA[CTGIMU132E The password policy rules are not valid.]]></LogText>
    <Source FileName="(null)" Method="null"/>
    <TranslationInfo Type="JAVA" Catalog="com.ibm.itim.ui.resources.UIMessageResources" MsgKey="PASSWORD_POLICY_INVALID"></TranslationInfo>
    </Message>

    Does anyone knows if I´m avoiding some step or doing something wrong?

    Thanks in advance.

    Rafa



    ------------------------------
    Rafael García
    ------------------------------


  • 2.  RE: Creating a Custom password rule
    Best Answer

    Posted Wed May 18, 2022 03:32 AM
    You are obviously doing something wrong :-) - the problem is that a couple trace statements does not really help...

    I believe you steps for setting up the jar looks correct - so I believe you problem is in your password Java code. 

    I assume you are working of the samples - if not what guidelines are you using ? 
    Have you enabled (debug) logging in your code - that is always a good idea to find out what you are missing
    What IDE do you use to develop this - WebSphere allows you to setup remote debugging in e.g. Eclipse which makes it possible to trace your code very efficiently. I believe this also works for IntelliJ but as I am only using Eclipse I do not really know how that works...

    But without your source code it is very difficult to understand what your underlying problem...

    ------------------------------
    Franz Wolfhagen
    IAM Technical Architect for Europe - Certified Consulting IT Specialist
    IBM Security Expert Labs
    ------------------------------



  • 3.  RE: Creating a Custom password rule

    Posted Thu May 19, 2022 06:00 AM
    You are right Franz. I revised the trace.log file and the NullPointerException was throw it in a custom method that I used for writing logs in the Java code (I´m using Eclipse). So deleting him, the problem is solved and the rest of the custom rule is working.

    If someone knows some code to write logs on msg.log file, please share it :)

    Yeah, I´m basing on jars samples of ISIM and this guidelines: https://steffend.wordpress.com/2013/05/22/itim-5-1-password-policy-with-regular-expression/

    Thank you very Much Franz!

    ------------------------------
    Rafael García
    ------------------------------



  • 4.  RE: Creating a Custom password rule

    Posted Thu May 19, 2022 07:09 AM
    One way of logging that I use (and just to be clear - I am NOT a Java programmer but only playing with this - so do not take my word for the absolute truth) is through this private class (you will need to reference your class instead of mine) :
    private static final PDLogger trace = JLogUtil.getTraceLogger("com.ibm.itim.tools.provider.NullProvider");​

    Then you can log using statements like this :

    //Error level tracing 
    trace.exception(Level.ERROR, this, "your trace text", e);
    //Debug DEBUG_MIN,DEBUG_MID and DEBUG_MAX tracing
    trace.exception(Level.DEBUG_MID, this, "your trace text", null);

    I borrowed this from a sample for custom ServiceProvider implementation as you may guess :-)


    For logging to work you need to add your package to the ISIM enRoleLogging.properties e.g. - if this is defined as the package :
    package com.ibm.isim.custom.passwordrules;​
    To have it log you need to have a statement like this in enRoleLogging.properties :
    ## custom logger 
    logger.trace.com.ibm.itim.custom.passwordrules.level=DEBUG_MAX
    ​​


    ------------------------------
    Franz Wolfhagen
    IAM Technical Architect for Europe - Certified Consulting IT Specialist
    IBM Security Expert Labs
    ------------------------------