By configuring client security on a catalog service domain,
you can define default client authentication configuration properties.
These
properties are used when a client properties file is not located in
the Java virtual machine (JVM) that is hosting the client or when
the client does not programmatically specify security properties. If
a client properties file exists, the properties that you specify in
the console override the values in the file. You can override these
properties by specifying a splicer.properties file
with the com.ibm.websphere.xs.sessionFilterProps custom property or
by splicing the application EAR file.
Before you begin
- You must
know the CredentialGenerator implementation
that you are using to authenticate clients with the remote data grid.
You can use one of the implementations that are provided by WebSphere® eXtreme Scale: UserPasswordCredentialGenerator or WSTokenCredentialGenerator.
You
can also use a custom implementation of the CredentialGenerator interface.
The custom implementation must be in the class path of the runtime
client and the server. If you are configuring an HTTP session scenario
with WebSphere Application Server, you must put
the implementation in the class path of the deployment manager and
the class path of the application server in which the client is running.
- You must have a catalog service domain defined. See Creating catalog service domains in WebSphere Application Server for more information.
About this task
You must configure client security on the catalog service
domain when you have enabled credential authentication on the server
side, by configuring one of the following scenarios:
- The server-side
security policy has the credentialAuthentication property
set to Required.
- The server-side security
policy has the credentialAuthentication property
set to Supported AND an authorizationMechanism has
been specified in the ObjectGrid XML file.
In these scenarios,
a credential must be passed from the client.
The credential that is passed from the client is retrieved from the
getCredential method
on a class that implements the
CredentialGenerator interface.
In
an HTTP session configuration scenario, the run time must know the
CredentialGenerator implementation
to use to generate a credential that is passed to a remote data grid.
If you do not specify the
CredentialGenerator implementation
class to use, the remote data grid would reject requests from the
client because the client cannot be authenticated.
Procedure
Define client security properties. In the
WebSphere Application Server administrative console,
click . Specify
client security properties
on the page and save your changes. See
Client security properties for
a list of the properties you can set.
Results
The
client security properties that you configured on the
catalog service domain are used as default values. The values you
specify override any properties that are defined in the
client.properties files.
What to do next
Configure your applications to use
WebSphere eXtreme Scale for session management.
See
Configuring WebSphere Application Server HTTP session persistence to a data grid for more information.