Administration guide > Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS


Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS >

< Previous | Next >


Module 4: Use Java Authentication and Authorization Service (JAAS) authorization in WAS

Now that you have configured authentication for clients, you can further configure authentication to give different users varying permissions. For example, an operator user might only be able to view data, while an administrator user can perform all operations.

After authenticating a client, as in the previous module in this tutorial, you can give security privileges through eXtreme Scale authorization mechanisms. The previous module of this tutorial demonstrated how to enable authentication for a data grid using integration with WAS. As a result, no unauthenticated client can connect to the eXtreme Scale servers or submit requests to the system. However, every authenticated client has the same permission or privileges to the server, such as reading, writing, or deleting data that is stored in the ObjectGrid maps. Clients can also issue any type of query.

This part of the tutorial demonstrates how to use eXtreme Scale authorization to give authenticated users varying privileges. WebSphere eXtreme Scale uses a permission-based authorization mechanism. You can assign different permission categories that are represented by different permission classes. This module features the MapPermission class. For a list of all possible permissions, see Client authorization programming.

In WebSphere eXtreme Scale, the com.ibm.websphere.objectgrid.security.MapPermission class represents permissions to the eXtreme Scale resources, specifically the methods of the ObjectMap or JavaMap interfaces. WebSphere eXtreme Scale defines the following permission strings to access the methods of ObjectMap and JavaMap:

The authorization occurs when an eXtreme Scale client uses a data access API, such as the ObjectMap ,JavaMap, or EntityManager APIs. The eXtreme Scale runtime checks corresponding map permissions when the method is called. If the required permissions are not granted to the client, an AccessControlException exception results. This tutorial demonstrates how to use Java™ Authentication and Authorization Service (JAAS) authorization to grant authorization map access for different users.


Learning objectives

After completing the lessons in this module, you know how to:


Time required

This module takes approximately 60 minutes.


Prerequisites

You must complete the prior modules in this tutorial before configuring authentication.


Lessons in this module


Related information

Client authorization reference

< Previous | Next >