WebSphere eXtreme Scale Administration Guide > Secure the deployment environment
Security integration with WebSphere Application Server
WebSphere eXtreme Scale provides several security features to integrate with the WebSphere Application Server security infrastructure.
Authentication integration
When eXtreme Scale clients and servers are running in WebSphere Application Server and in the same security domain, you can use the WebSphere Application Server security infrastructure to propagate the client authentication credentials to the eXtreme Scale server. For example, if a servlet acts as an eXtreme Scale client to connect to an eXtreme Scale server in the same security domain, and the servlet is already authenticated, it is possible to propagate the authentication token from the client (servlet) to the server, and then use the WebSphere Application Server security infrastructure to convert the authentication token back to the client credentials.
Distributed security integration with WebSphere Application ServerFor the distributed ObjectGrid model, the security integration can be completed by using the following classes:
com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenCredentialGenerator
com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenAuthenticator
com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenCredential
See Application client authentication for more information. The following example illustrates how to use the WSTokenCredentialGenerator class:
/** * connect to the ObjectGrid Server. */ protected ClientClusterContext connect() throws ConnectException { ClientSecurityConfiguration csConfig = ClientSecurityConfigurationFactory .getClientSecurityConfiguration(proFile); CredentialGenerator gen = getWSCredGen(); csConfig.setCredentialGenerator(gen); return objectGridManager.connect(csConfig, null); } /** * Get a WSTokenCredentialGenerator * private CredentialGenerator getWSCredGen() { WSTokenCredentialGenerator gen = new WSTokenCredentialGenerator( WSTokenCredentialGenerator.RUN_AS_SUBJECT); return gen; }
On the server side, use the WSTokenAuthentication authenticator to authenticate the WSTokenCredential object.
Local security integration with WebSphere Application ServerFor the local ObjectGrid model, the security integration can be completed by using the following two classes:
- com.ibm.websphere.objectgrid.security.plugins.builtins.WSSubjectSourceImpl
- com.ibm.websphere.objectgrid.security.plugins.builtins.WSSubjectValidationImpl
For more information about these classes, see Local security. You can configure the WSSubjectSourceImpl class as the SubjectSource plug-in, and the WSSubjectValidationImpl class as the SubjectValidation plug-in.
Parent topic
Secure the deployment environment