[IS 7.x] Refactor custom user store manager documentation

[JayaShakthi97]

Purpose

Refactor the custom user store manager documentation for IS 7.x products. IS 6.x, IS 5.11, IS 5.10 also need to be updated.

• Mention UniqueID user store managers as the default ones to be extended.
  • Update method references to UniqueID user store managers methods.
  • Provide an improved categorization of available methods.
  • Update the sample code.
• Mention the possibility of extending Non-UniqueID user store managers for compatibility.
• Mention AbstractUserStoreManager as the more advanced usecase.

Related PRs

• N/A

Test environment

Security checks

• Followed secure coding standards in http://wso2.com/technical-reports/wso2-secure-engineering-guidelines?
• Ran FindSecurityBugs plugin and verified report?
• Confirmed that this PR doesn't commit any keys, passwords, tokens, usernames, or other secrets?

Summary by CodeRabbit

• Documentation
  • Restructured custom user store manager guide with simplified, capability-focused approach
  • Updated code examples and prerequisites to reflect modern patterns
  • Added clearer guidance on base class selection and implementation
  • Introduced new sections for advanced scenarios and legacy compatibility
  • Enhanced deployment workflow with step-by-step instructions

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

This pull request updates a documentation guide for implementing custom user store managers, reorganizing content to emphasize UniqueID-based approaches, modernizing code examples with current dependency versions, updating deployment procedures, and introducing clearer structural guidance for choosing appropriate base classes.

Changes

Cohort / File(s)

Summary

Documentation Reorganization & Modernization en/includes/references/extend/user-stores/write-a-custom-user-store-manager.md

Comprehensive restructure of custom user store manager guide with refocused emphasis on UniqueID user store managers. Reorganized into new sections (Before you begin, Available methods, Implement a custom JDBC user store manager, Deploy and configure, Try out the sample, Advanced topics). Updated code examples with modern patterns, Jasypt-based password encoding, and revised authentication flow references. Modernized prerequisites, Maven/Java version requirements, repository URLs, and dependency versions. Enhanced deployment guidance with updated configuration steps. Replaced exhaustive method tables with capability-centered layout. Removed deprecated content and added explicit guidance for non-UniqueID scenarios and required constructor signatures.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 A documentation hop through clearer paths so bright,
UniqueID managers now shimmer in the light,
Code examples dance with modern, fresh refrain,
The guide is reorganized, simplified, and plain!
From user store depths, a better guide takes flight! 🌟

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The PR description covers purpose and security checks but lacks critical information required by the template.	Add test environment details (JDK versions, operating systems, databases, browsers tested) and explain why FindSecurityBugs plugin was not run if applicable.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: refactoring documentation for custom user store managers in IS 7.x.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In
`@en/includes/references/extend/user-stores/write-a-custom-user-store-manager.md`:
- Around line 332-376: The DB resources (Connection from getDBConnection(),
PreparedStatement prepStmt, and ResultSet rs) are not closed and rollback calls
a new getDBConnection(); fix by obtaining the Connection once into a local
variable (e.g., Connection dbConnection = this.getDBConnection()), wrap the
PreparedStatement and ResultSet in try-with-resources (or ensure finally closes
them) and perform rollback/commit on that same local dbConnection instead of
calling getDBConnection() again; ensure dbConnection is closed in a finally
block (or try-with-resources) after commit/rollback and adjust the
authentication logic around these resources (references: getDBConnection,
dbConnection, prepStmt, rs, passwordEncryptor.checkPassword).

🧹 Nitpick comments (1)

en/includes/references/extend/user-stores/write-a-custom-user-store-manager.md (1)

333-333: Consider minimizing password String exposure.

The password is extracted to a String using String.copyValueOf(), which creates an immutable string that remains in memory until garbage collected. While this is common in many implementations, consider working with character arrays when possible to allow explicit clearing after use.

Note: This may require checking if the downstream Jasypt API supports character array inputs. If not, the current approach is acceptable for sample code.

Also applies to: 395-395

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

en/includes/references/extend/user-stores/write-a-custom-user-store-manager.md (1)

141-208: Update Java prerequisite and Carbon dependency versions for IS 7.x compatibility.

Java 1.8 is outdated; WSO2 IS 7.x requires Java 11 minimum (supported versions are Java 11 and Java 17; IS 7.1 also supports Java 21). Update the prerequisites section accordingly.

The sample pom.xml uses outdated Carbon library versions (4.10.42). For IS 7.x custom user store manager samples, use org.wso2.carbon.user.core version 4.4.11 instead, and verify all other Carbon dependencies (user.api, utils) match the product-aligned versions for the target IS 7.x release.

Also verify the maven-compiler-plugin version (currently 3.8.1) is still current for IS 7.x builds.

♻️ Duplicate comments (1)

en/includes/references/extend/user-stores/write-a-custom-user-store-manager.md (1)

332-375: Resource leak in JDBC sample (already noted previously).

The connection, statement, and result set aren’t closed, and rollback uses a fresh getDBConnection() call instead of the same connection. This was flagged in prior review comments and remains in the sample.

[ashensw]

The database resources (Connection, PreparedStatement, ResultSet) are not properly closed in a finally block. Shall we use try-with-resources and improve the sample code?

[ashensw]

This rollback logic creates a new connection instead of using the existing one. Let's improve it as well.

if (dbConnection != null) {
        try {
            dbConnection.rollback();
        } catch (SQLException e1) {
            log.error("Transaction rollback failed", e1);
        }
    }
throw new UserStoreException("Authentication Failure", exp);

[ashensw]

We don't need to mention about legacy classes in the latest docs IMO.

[ashensw]

Let's use org.wso2.custom.user.store.CustomUserStoreManager is also here to be consistent.