By configuring authentication,
you can reliably determine
the identity of the requester. WebSphere® eXtreme Scale supports both client-to-server
and server-to-server authentication.
Authentication
flow
Figure 1. Authentication
flow
The previous diagram shows two
application servers. The first
application server hosts the web application, which is also a WebSphere eXtreme Scale client. The second
application server hosts a container server. The catalog server is
running in a stand-alone Java virtual machine (JVM) instead of WebSphere Application Server.
The arrows marked
with numbers in the diagram indicate the authentication flow:
- An
enterprise application user accesses the web browser, and logs
in to the first application server with a user name and password.
The first application server sends the client user name and password
to the security infrastructure to authenticate to the user registry.
This user registry is a keystore. As a result, the security information
is stored on the WebSphere Application Server thread.
- The JavaServer Pages (JSP) file acts as a WebSphere eXtreme Scale client to retrieve
the security information from the client property file. The JSP application
that is acting as the WebSphere eXtreme Scale client
sends the WebSphere eXtreme Scale client
security credential along with the request to the catalog server.
Sending the security credential with the request is considered a runAs model.
In a runAs model, the web browser client runs as a WebSphere eXtreme Scale client to access the
data stored in the container server. The client uses a Java virtual
machine (JVM)-wide client credential to connect to the WebSphere eXtreme Scale servers. Using the
runAs model is like connecting to a database with a data source level
user ID and password.
- The catalog server receives the WebSphere eXtreme Scale client credential,
which includes the WebSphere Application Server security
tokens. Then, the catalog server calls the authenticator plug-in to
authenticate the client credential. The authenticator connects to
the external user registry and sends the client credential to the
user registry for authentication.
- The client sends the user
ID and password to the container server
that is hosted in the application server.
- The container service,
hosted in the application server, receives
the WebSphere eXtreme Scale client credential,
which is the user id and password pair. Then, the container server
calls the authenticator plug-in to authenticate the client credential.
The authenticator connects to the keystore user registry and sends
the client credential to the user registry for authentication
Learning objectives
With the lessons
in this module, you learn how to:
- Configure WebSphere eXtreme Scale client
security.
- Configure WebSphere eXtreme Scale catalog
server security.
- Configure WebSphere eXtreme Scale container
server security.
- Install and run the sample application.
Time required
This
module takes approximately
60 minutes.