WebSphere eXtreme Scale Administration Guide > Secure the deployment environment



Security integration with WebSphere Application Server


WebSphere eXtreme Scale provides several security features to integrate with the WebSphere Application Server security infrastructure.


Authentication integration

When eXtreme Scale clients and servers are running in WebSphere Application Server and in the same security domain, you can use the WebSphere Application Server security infrastructure to propagate the client authentication credentials to the eXtreme Scale server. For example, if a servlet acts as an eXtreme Scale client to connect to an eXtreme Scale server in the same security domain, and the servlet is already authenticated, it is possible to propagate the authentication token from the client (servlet) to the server, and then use the WebSphere Application Server security infrastructure to convert the authentication token back to the client credentials.


Distributed security integration with WebSphere Application Server

For the distributed ObjectGrid model, the security integration can be completed by using the following classes:

com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenCredentialGenerator

com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenAuthenticator

com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenCredential

See Application client authentication for more information. The following example illustrates how to use the WSTokenCredentialGenerator class:

/**
 * connect to the ObjectGrid Server.
 */
protected ClientClusterContext connect() throws ConnectException {
  ClientSecurityConfiguration csConfig = ClientSecurityConfigurationFactory
  .getClientSecurityConfiguration(proFile);

  CredentialGenerator gen = getWSCredGen();

  csConfig.setCredentialGenerator(gen);

  return objectGridManager.connect(csConfig, null);
}

/**
 * Get a WSTokenCredentialGenerator
 *
private CredentialGenerator getWSCredGen() {
    WSTokenCredentialGenerator gen = new WSTokenCredentialGenerator(
        WSTokenCredentialGenerator.RUN_AS_SUBJECT);
    return gen;
}

On the server side, use the WSTokenAuthentication authenticator to authenticate the WSTokenCredential object.


Local security integration with WebSphere Application Server

For the local ObjectGrid model, the security integration can be completed by using the following two classes:

For more information about these classes, see Local security. You can configure the WSSubjectSourceImpl class as the SubjectSource plug-in, and the WSSubjectValidationImpl class as the SubjectValidation plug-in.



Parent topic

Secure the deployment environment


+

Search Tips   |   Advanced Search