There are five actions with the permission object ObjectMapPermission.
com.ibm.websphere.objectgrid.ObjectMap/ com.ibm.websphere.objectgrid.JavaMap |
|
---|---|
Read | boolean containsKey(Object) |
boolean equals(Object) | |
Object get(Object) | |
Object get(Object, Serializable) | |
List getAll(List) | |
List getAll(List keyList, Serializable) | |
List getAllForUpdate(List) | |
List getAllForUpdate(List, Serializable) | |
Object getForUpdate(Object) | |
Object getForUpdate(Object, Serializable) | |
write | Object put(Object key, Object value) |
void put(Object, Object, Serializable) | |
void putAll(Map) | |
void putAll(Map, Serializable) | |
void update(Object, Object) | |
void update(Object, Object, Serializable) | |
insert | public void insert(Object, Object) |
void insert(Object, Object, Serializable) | |
remove Object remove(Object) | |
void removeAll(Collection) | |
invalidate | public void invalidate(Object, boolean) |
void invalidateAll(Collection, boolean) | |
int setTimeToLive(int) |
An authroizationMechanism setting of the ObjectGrid has two possible values: JAAS and custom. Users can also use API {@link com.ibm.websphere.objectgrid.ObjectGrid#setAuthorizationMechanism(int)} to set which authorization mechanism the object grid will use.
A value "JAAS" means ObjectGrid will rely on JAAS authorization mechanism to handle
the authorization. A JAAS policy file should be configured to associate permissions with a set of credentials
and/or groups of credentials. We recommend that groups should be used as then new users
can be added to groups without modifying the policy file.
A value "custom" means ObjectGrid will rely on custom authorization mechanism
to handle the authorization. Users can set call
{@link com.ibm.websphere.objectgrid.ObjectGrid#setObjectGridAuthorization(com.ibm.websphere.objectgrid.security.plugins.ObjectGridAuthorization ogAuthorization)}
to set their custom authorization plug-in. Users can also configure the objectgrid.xml
to achieve the same result.
An AdminPermission has two types: ADMIN and MONITOR. An AdminPermission with ADMIN name grants permissions to access all the ManagementMBean methods. An AdminPermission with MONITOR name grants permissions to access the ManagementMBean read-only methods. Therefore, ADMIN permission implies MONITOR permission.
The detailed operations granted to users with different permissions are listed in the following table. These operations correspond to the methods in the ManagementMBean interface:
operations | admin | monitor |
---|---|---|
startServer | Y | N |
stopServer | Y | N |
forceStopServer | Y | N |
setServerTrace | Y | N |
retrieveServerStatus | Y | Y |
getMapStats | Y | Y |
getOGStats | Y | Y |
getReplicationStats | Y | Y |
The table can read like this: If the client has admin permission, it can execute "startServer" task; if the client has monitor permission, it cannot execute "startServer" task.
An AgentPermission represents permissions to the datagrid agents. The name of the permission is the full name of the ObjectGrid map, and the action is a "," delimited string of agent implementation class names or package names.
The following methods in the class {@link com.ibm.websphere.objectgrid.datagrid.AgentManager} requires AgentPermission:
An ObjectGridPermission represents permissions to an ObjectGrid. The name of the permission is the ObjectGrid name, and the action is either "query" or "dynamicmap".
The detailed methods which require different permissions are listed in the following table:
methods | action |
---|---|
{@link com.ibm.websphere.objectgrid.Session#createObjectQuery(String)} | query |
{@link com.ibm.websphere.objectgrid.em.EntityManager#createQuery(String)} | query |
{@link com.ibm.websphere.objectgrid.Session#getMap(String)} | dynamicmap |
An ServerMapPermission represents permissions to an ObjectMap hosted in a server. The name of the permission is the full name of the ObjectGrid map name, and the action is either "replicate" or "dynamicIndex".
The detailed methods which require different ServerMapPermission are listed in the following table:
methods | action |
---|---|
{@link com.ibm.websphere.objectgrid.ClientReplicableMap#enableClientReplication(Mode, int[], ReplicationMapListener)} | replicate |
{@link com.ibm.websphere.objectgrid.BackingMap#createDynamicIndex(String, boolean, String, DynamicIndexCallback)} | dynamicIndex |
{@link com.ibm.websphere.objectgrid.BackingMap#removeDynamicIndex(String)} | dynamicIndex |
SecurityConstants class contains constants used for representing the security parameters.