Client properties file

You can create a properties file based on your requirements for WebSphere® eXtreme Scale client processes.

Sample client properties file

You can use the sampleClient.properties file that is in the wxs_home/properties directory to create your properties file.

Specifying a client properties file

You can specify the client properties file in one of the following ways. Specifying a setting by using one of the items later in the list overrides the previous setting. For example, if you specify a system property value for the client properties file, the properties in that file override the values in the objectGridClient.properties file that is in the class path.

  1. As a well-named file anywhere in the class path. Putting this file in the system current directory is not supported:
    objectGridClient.properties
  2. As a system property in either a stand-alone or WebSphere Application Server configuration. This value can specify a file in the system current directory, but not a file in the class path:
    -Dobjectgrid.client.props=file_name
  3. As a programmatic override by using the ClientClusterContext.getClientProperties method. The data in the object is populated with the data from the properties files. You cannot configure security properties with this method.

Client properties

listenerHost
Specifies the host name to which the Object Request Broker (ORB) binds.

For a multiple network card configuration, set the listener host and port to let the Object Request Broker in the JVM know the IP address on which to bind. For the client, use the client properties file. If you do not specify which IP address to use, the following problems might occur: connection timeouts, unusual API failures, and clients that seem to hang.

listenerPort
Specifies the port number to which the Object Request Broker (ORB) binds.
preferLocalProcess
This property is not currently used. It is reserved for future use.
preferLocalHost
This property is not currently used. It is reserved for future use.
preferZones
Specifies a list of preferred routing zones. Each specified zone is separated by a comma in the form: preferZones=ZoneA,ZoneB,ZoneC

Default: no value

requestRetryTimeout
Specifies how long to retry a request (in milliseconds). Use one of the following valid values:
  • A value of 0 indicates that the request should fail fast and skip over the internal retry logic.
  • A value of -1 indicates that the request retry timeout is not set, meaning that the request duration is governed by the transaction timeout. (Default)
  • A value over 0 indicates the request entry timeout value in milliseconds. Exceptions that cannot succeed even if tried again such as a DuplicateException exception are returned immediately. The transaction timeout is still used as the maximum time to wait.

Security client properties

  • General security properties
    securityEnabled
    Enables WebSphere eXtreme Scale client security. This setting should match with the securityEnabled setting in theWebSphere eXtreme Scale server properties file. If the settings do not match, an exception results.

    Default: false

  • Credential authentication configuration properties
    credentialAuthentication
    Specifies the client credential authentication support. Use one of the following valid values:
    • Never: The client does not support credential authentication.
    • Supported: The client supports credential authentication if the server also supports credential authentication. (Default)
    • Required: The client requires credential authentication.
    authenticationRetryCount
    Specifies the number of times that authentication is tried if the credential is expired. If the value is set to 0, attempts to authenticate are not tried again.

    Default: 3

    credentialGeneratorClass
    Specifies the name of the class that implements the com.ibm.websphere.objectgrid.security.plugins.CredentialGenerator interface. This class is used to get credentials for clients.

    Default: no value

    credentialGeneratorProps
    Specifies the properties for the CredentialGenerator implementation class. The properties are set to the object with the setProperties(String) method. The credentialGeneratorprops value is used only if the value of the credentialGeneratorClass property is not null.
  • Transport layer security configuration properties
    transportType
    Specifies the client transport type. The possible values are:
    • TCP/IP: Indicates that the client only supports TCP/IP connections.
    • SSL-Supported: Indicates that the client supports both TCP/IP and Secure Sockets Layer (SSL) connections. (Default)
    • SSL-Required: Indicates that the client requires SSL connections.
  • SSL configuration properties
    alias
    Specifies the alias name in the keystore. This property is used if the keystore has multiple key pair certificates and you want to select one of the certificates.

    Default: no value

    contextProvider
    Specifies the name of the context provider for the trust service. If you indicate a value that is not valid, a security exception results that indicates that the context provider type is incorrect.

    Valid values: IBMJSSE2, IBMJSSE, IBMJSSEFIPS, and so on.

    protocol
    Indicates the type of security protocol to use for the client. Set this protocol value based on which Java™ Secure Socket Extension (JSSE) provider you use. If you indicate a value that is not valid, a security exception results that indicates that the protocol value is incorrect.

    Valid values: SSL, SSLv2, SSLv3, TLS, TLSv1, and so on.

    [Version 8.6.0.5 and later]SP800-131
    [Version 8.6.0.5 and later]Indicates the SP800-131a mode that is in use for data protection. The National Institute of Standards and Technology (NIST) published Special Publications 800-131a (SP800-131a), which defines a standard for levels of data protection with transport layer security (TLS). For more information about how to configure SP800-131a, see Configuring WebSphere eXtreme Scale to use NIST SP800-131a.

    Valid values: off, transition, strict.

    keyStoreType
    Indicates the type of keystore. If you indicate a value that is not valid, a runtime security exception occurs.

    Valid values: JKS, JCEK, PKCS12, and so on.

    trustStoreType
    Indicates the type of truststore. If you indicate a value that is not valid, a runtime security exception results.

    Valid values: JKS, JCEK, PKCS12, and so on.

    keyStore
    Specifies a fully qualified path to the keystore file.

    Example:

    etc/test/security/client.private

    trustStore
    Specifies a fully qualified path to the truststore file.

    Example:

    etc/test/security/server.public

    keyStorePassword
    Specifies the string password to the keystore. You can encode this value or use the actual value.
    trustStorePassword
    Specifies a string password to the truststore. You can encode this value or use the actual value.