Tutorial: Integrate WebSphere eXtreme Scale security in a mixed environment with an external authenticator
This tutorial demonstrates how to secure WebSphere® eXtreme Scale servers that are partially deployed in a WebSphere Application Server environment.
In the deployment
for this tutorial, the container servers
are deployed in WebSphere Application Server.
The catalog server is deployed as stand-alone server, and is started
in a Java Standard Edition (Java SE) environment.
Because the catalog server is not deployed in WebSphere Application Server, you cannot use the WebSphere Application Server Authentication plug-ins. For more information about the process of configuring WebSphere Application Server Authentication plug-ins, see Tutorial: Integrate WebSphere eXtreme Scale security with WebSphere Application Server. In this tutorial, a different authenticator is required for catalog server authentication. You configure a keystore authenticator to authenticate the clients.
Learning objectives
The learning objectives for this tutorial follow:- Configure WebSphere eXtreme Scale to use the KeyStoreLoginAuthenticator plug-in
- Configure WebSphere eXtreme Scale transport security to use WebSphere Application Server CSIv2 configuration and the WebSphere eXtreme Scale properties file
- Use Java™ Authentication and Authorization Service (JAAS) authorization in WebSphere Application Server
- Use the xscmd utility to monitor the data grids and maps that you created in the tutorial.
Time required
This tutorial takes approximately 4 hours from start to finish.- Introduction: Security in a mixed environment
In this tutorial, you integrate WebSphere eXtreme Scale security in a mixed environment. The container servers run within WebSphere Application Server, and the catalog service runs in stand-alone mode. Because the catalog server is in stand-alone mode, you must configure an external authenticator. - Module 1: Prepare the mixed WebSphere Application Server and stand-alone environment
Before you start the tutorial, you must create a basic topology that includes container servers that run within WebSphere Application Server. In this tutorial, the catalog servers run in stand-alone mode. - Module 2: Configure WebSphere eXtreme Scale authentication in a mixed environment
By configuring authentication, you can reliably determine the identity of the requester. WebSphere eXtreme Scale supports both client-to-server and server-to-server authentication. - Module 3: Configure transport security
Configure transport security to secure data transfer between the clients and servers in the configuration. - Module 4: Use Java Authentication and Authorization Service (JAAS) authorization in WebSphere Application Server
Now that you have configured authentication for clients, you can further configure authorization to give different users varying permissions. For example, an "operator" user might only be able to view data, while a "manager" user can perform all operations. - Module 5: Use the xscmd utility to monitor data grids and maps
You can use the xscmd utility to show the primary data grids and map sizes of the Grid data grid. The xscmd tool uses the MBean to query all of the data grid artifacts, such as primary shards, replica shards, container servers, map sizes, and other data.