Client properties file
You can create a properties file based on your requirements for WebSphere® eXtreme Scale client processes.
Sample client properties file
You can use the sampleClient.properties file that is in the wxs_home/properties directory to create your properties file.
Specifying a client properties file
You can specify the client properties file in one of the following ways. Specifying a setting by using one of the items later in the list overrides the previous setting. For example, if you specify a system property value for the client properties file, the properties in that file override the values in the objectGridClient.properties file that is in the class path.
- As a well-named file anywhere in the class path. Putting this file in the system current
directory is not supported:
objectGridClient.properties
- As a system property in either a stand-alone or WebSphere Application Server
configuration. This value can specify a file in the system current directory, but not a file in the
class path:
-Dobjectgrid.client.props=file_name
- As a programmatic override by using the ClientClusterContext.getClientProperties method. The data in the object is populated with the data from the properties files. You cannot configure security properties with this method.
Client properties
- listenerHost
- Specifies the host name to which the Object Request Broker (ORB) binds.
For a multiple network card configuration, set the listener host and port to let the Object Request Broker in the JVM know the IP address on which to bind. For the client, use the client properties file. If you do not specify which IP address to use, the following problems might occur: connection timeouts, unusual API failures, and clients that seem to hang.
- listenerPort
- Specifies the port number to which the Object Request Broker (ORB) binds.
- preferLocalProcess
- This property is not currently used. It is reserved for future use.
- preferLocalHost
- This property is not currently used. It is reserved for future use.
- preferZones
- Specifies a list of preferred routing zones. Each specified zone is separated by a comma in the
form: preferZones=ZoneA,ZoneB,ZoneC
Default: no value
- requestRetryTimeout
- Specifies how long to retry a request (in milliseconds). Use one of the following valid values:
- A value of 0 indicates that the request should fail fast and skip over the internal retry logic.
- A value of -1 indicates that the request retry timeout is not set, meaning that the request duration is governed by the transaction timeout. (Default)
- A value over 0 indicates the request entry timeout value in milliseconds. Exceptions that cannot succeed even if tried again such as a DuplicateException exception are returned immediately. The transaction timeout is still used as the maximum time to wait.
Security client properties
- General security properties
- securityEnabled
- Enables WebSphere eXtreme Scale client security. This setting should
match with the securityEnabled setting in theWebSphere eXtreme Scale server
properties file. If the settings do not match, an exception results.
Default: false
- Credential authentication configuration properties
- credentialAuthentication
- Specifies the client credential authentication support. Use one of the following valid values:
- Never: The client does not support credential authentication.
- Supported: The client supports credential authentication if the server also supports credential authentication. (Default)
- Required: The client requires credential authentication.
- authenticationRetryCount
- Specifies the number of times that authentication is tried if the credential is expired. If the
value is set to 0, attempts to authenticate are not tried again.
Default: 3
- credentialGeneratorClass
- Specifies the name of the class that implements the
com.ibm.websphere.objectgrid.security.plugins.CredentialGenerator interface. This
class is used to get credentials for clients.
Default: no value
- credentialGeneratorProps
- Specifies the properties for the CredentialGenerator implementation class. The properties are set to the object with the setProperties(String) method. The credentialGeneratorprops value is used only if the value of the credentialGeneratorClass property is not null.
- Transport layer security configuration properties
- transportType
- Specifies the client transport type. The possible values are:
- TCP/IP: Indicates that the client only supports TCP/IP connections.
- SSL-Supported: Indicates that the client supports both TCP/IP and Secure Sockets Layer (SSL) connections. (Default)
- SSL-Required: Indicates that the client requires SSL connections.
- SSL configuration properties
- alias
- Specifies the alias name in the keystore. This property is used if the keystore has multiple key
pair certificates and you want to select one of the certificates.
Default: no value
- contextProvider
- Specifies the name of the context provider for the trust service. If you indicate a value that
is not valid, a security exception results that indicates that the context provider type is
incorrect.
Valid values: IBMJSSE2, IBMJSSE, IBMJSSEFIPS, and so on.
- protocol
- Indicates the type of security protocol to use for the client. Set this protocol value based on
which Java™ Secure Socket Extension (JSSE) provider you use. If
you indicate a value that is not valid, a security exception results that indicates that the
protocol value is incorrect.
Valid values: SSL, SSLv2, SSLv3, TLS, TLSv1, and so on.
- SP800-131
- Indicates the SP800-131a mode that is in use for data protection. The National Institute of
Standards and Technology (NIST) published Special Publications 800-131a (SP800-131a), which defines
a standard for levels of data protection with transport layer security (TLS). For more information
about how to configure SP800-131a, see Configuring WebSphere eXtreme Scale to use NIST SP800-131a.
Valid values: off, transition, strict.
- keyStoreType
- Indicates the type of keystore. If you indicate a value that is not valid, a runtime security
exception occurs.
Valid values: JKS, JCEK, PKCS12, and so on.
- trustStoreType
- Indicates the type of truststore. If you indicate a value that is not valid, a runtime security
exception results.
Valid values: JKS, JCEK, PKCS12, and so on.
- keyStore
- Specifies a fully qualified path to the keystore
file.
Example:
etc/test/security/client.private
- trustStore
- Specifies a fully qualified path to the truststore
file.
Example:
etc/test/security/server.public
- keyStorePassword
- Specifies the string password to the keystore. You can encode this value or use the actual value.
- trustStorePassword
- Specifies a string password to the truststore. You can encode this value or use the actual value.