Module 4: Use Java Authentication and Authorization Service (JAAS) authorization in WebSphere Application Server
Now that you have configured authentication for clients, you can further configure authorization to give different users varying permissions. For example, an "operator" user might only be able to view data, while a "manager" user can perform all operations.
After authenticating a client, as in the previous module in this tutorial,
you can give security privileges through eXtreme Scale
authorization mechanisms. The previous module of this tutorial demonstrated how to enable
authentication for a data grid using integration with WebSphere® Application Server.
As a result, no unauthenticated client can connect to the eXtreme Scale servers or submit requests to your system. However,
every authenticated client has the same permission or privileges to the server, such as reading,
writing, or deleting data that is stored in the ObjectGrid maps. Clients can also issue any type of
query.
This part of the tutorial demonstrates how to use eXtreme Scale authorization to give authenticated users varying privileges. WebSphere eXtreme Scale uses a permission-based authorization mechanism. You can assign different permission categories that are represented by different permission classes. This module features the MapPermission class. For a list of all possible permissions, see Client authorization programming.
In WebSphere eXtreme Scale, the
com.ibm.websphere.objectgrid.security.MapPermission class represents
permissions to the eXtreme Scale resources, specifically the
methods of the ObjectMap or JavaMap interfaces. WebSphere eXtreme Scale defines the following permission strings to access the
methods of ObjectMap and JavaMap:
- read: Grants permission to read the data from the map.
- write: Grants permission to update the data in the map.
- insert: Grants permission to insert the data into the map.
- remove: Grants permission to remove the data from the map.
- invalidate: Grants permission to invalidate the data from the map.
- all: Grants all permissions to read, write, insert, remote, and invalidate.
Learning objectives
After completing the lessons in this module, you know how to:- Enable authorization for WebSphere eXtreme Scale.
- Enable user-based authorization.
Time required
This module takes approximately 60 minutes.- Lession 4.1: Enable WebSphere eXtreme Scale authorization
To enable authorization in WebSphere eXtreme Scale, you must enable security on a specific ObjectGrid. - Lesson 4.2: Enable user-based authorization
In the authentication module of this tutorial, you created two users: operator and manager. You can assign varying permissions to these users with Java Authentication and Authorization Service (JAAS) authorization.