Configuring client security on a catalog service domain

By configuring client security on a catalog service domain, you can define default client authentication configuration properties. These properties are used when a client properties file is not located in the Java virtual machine (JVM) that is hosting the client or when the client does not programmatically specify security properties. If a client properties file exists, the properties that you specify in the console override the values in the file. You can override these properties by specifying a splicer.properties file with the com.ibm.websphere.xs.sessionFilterProps custom property or by splicing the application EAR file.

Before you begin

  • You must know the CredentialGenerator implementation that you are using to authenticate clients with the remote data grid. You can use one of the implementations that are provided by WebSphere® eXtreme Scale: UserPasswordCredentialGenerator or WSTokenCredentialGenerator.

    You can also use a custom implementation of the CredentialGenerator interface. The custom implementation must be in the class path of the runtime client and the server. If you are configuring an HTTP session scenario with WebSphere Application Server, you must put the implementation in the class path of the deployment manager and the class path of the application server in which the client is running.

  • You must have a catalog service domain defined. See Creating catalog service domains in WebSphere Application Server for more information.

About this task

You must configure client security on the catalog service domain when you have enabled credential authentication on the server side, by configuring one of the following scenarios:
  • The server-side security policy has the credentialAuthentication property set to Required.
  • The server-side security policy has the credentialAuthentication property set to Supported AND an authorizationMechanism has been specified in the ObjectGrid XML file.
In these scenarios, a credential must be passed from the client. The credential that is passed from the client is retrieved from the getCredential method on a class that implements the CredentialGenerator interface. In an HTTP session configuration scenario, the run time must know the CredentialGenerator implementation to use to generate a credential that is passed to a remote data grid. If you do not specify the CredentialGenerator implementation class to use, the remote data grid would reject requests from the client because the client cannot be authenticated.

Procedure

Define client security properties.
In the WebSphere Application Server administrative console, click System administration > WebSphere eXtreme Scale > Catalog service domains > catalog_service_domain_name > Client security properties. Specify client security properties on the page and save your changes. See Client security properties for a list of the properties you can set.

Results

The client security properties that you configured on the catalog service domain are used as default values. The values you specify override any properties that are defined in the client.properties files.

What to do next

Configure your applications to use WebSphere eXtreme Scale for session management. See Configuring WebSphere Application Server HTTP session persistence to a data grid for more information.