Administration guide > Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS
Secure the deployment environment > Tutorial: Integrate WebSphere eXtreme Scale security with WAS >
Introduction: Integrate WebSphere eXtreme Scale security with WAS using the WAS Authentication plug-ins
In this tutorial, you integrate WebSphere eXtreme Scale security with WAS. First, you configure authentication with a simple web application that uses authenticated user credentials from the current thread to connect to the ObjectGrid. Then, you investigate the encryption of data that is transferred between the client and server with transport layer security.
To give users varying levels of permissions, you can configure Java Authentication and Authorization Service (JAAS). After completing the configuration, you can use the xsadmin tool to monitor the data grids and maps.
This tutorial assumes that all of the WebSphere eXtreme Scale clients, container servers, and catalog servers are deployed in the WAS environment.
Learning objectives
The learning objectives for this tutorial follow:
- Configure WebSphere eXtreme Scale to use WAS authentication plug-ins
- Configure WebSphere eXtreme Scale transport security to use WAS CSIv2 configuration
- Use Java™ Authentication and Authorization Service (JAAS) authorization in WAS
- Use a custom login module for group-based JAAS authorization
- Use WebSphere eXtreme Scale xsadmin tool in WAS environment
Time required
This tutorial takes approximately 4 hours from start to finish.
Skill level
Intermediate.
Audience
Developers and administrators that are interested in the security integration between WebSphere eXtreme Scale and WAS.
System requirements and topology
- WAS v6.1 or v7.0.0.11 or later
- WebSphere eXtreme Scale v7.0 or v7.1 with interim fix PM20613 must be installed on the WAS nodes.
- Update the Java runtime to apply the following fix: IZ79819: IBMJDK FAILS TO READ PRINCIPAL STATEMENT WITH WHITESPACE FROM SECURITY FILE
This tutorial uses four WAS application servers and one deployment manager to demonstrate the sample.
Prerequisites
A basic understanding of the following items is helpful before you start this tutorial:
- WebSphere eXtreme Scale programming model
- Basic WebSphere eXtreme Scale security concepts
- Basic WAS security concepts
For a background information about WebSphere eXtreme Scale and WAS security integration, see Security integration with WAS.
Modules in this tutorial
- Module 1: Prepare WAS
Before you start the tutorial to integrate with WebSphere eXtreme Scale, create a basic security configuration in WAS.
- Module 2: Configure WebSphere eXtreme Scale to use WAS Authentication plug-ins
After you have created the WAS configuration, you can integrate WebSphere eXtreme Scale authentication with WAS.
- Module 3: Configure transport security
Configure transport security to secure data transfer between the clients and servers in the configuration.
- Module 4: Use Java Authentication and Authorization Service (JAAS) authorization in WAS
Now that you have configured authentication for clients, you can further configure authentication to give different users varying permissions. For example, an operator user might only be able to view data, while an administrator user can perform all operations.
- Module 1: Prepare the mixed WAS and stand-alone environment
Before you start the tutorial, create a basic topology that includes container servers that run within WAS. In this tutorial, the catalog servers run in stand-alone mode.
- Module 2: Configure WebSphere eXtreme Scale authentication in a mixed environment
By configuring authentication, you can reliably determine the identity of the requester. WebSphere eXtreme Scale supports both client-to-server and server-to-server authentication.
- Module 3: Configure transport security
Configure transport security to secure data transfer between the clients and servers in the configuration.
- Module 4: Use Java Authentication and Authorization Service (JAAS) authorization in WAS
Now that you have configured authentication for clients, you can further configure authorization to give different users varying permissions. For example, an "operator" user might only be able to view data, while a "manager" user can perform all operations.
Related information
WAS: Securing applications and their environment
WebSphere eXtreme Scale security overview
Install WebSphere eXtreme Scale