Control which users have specific permissions to access
the data grid in WebSphere® Application Server deployments
in the same way that you control access to the data grid in stand-alone
deployments.
About this task
Even if a client is authenticated, that might not be enough
to protect data grid access. If you use the KeyStoreLoginAuthenticator,
usually you only define a few identities, and all of the identities
might have full access to the data grid. In this case, authorization
might not be necessary. However, if LDAP authentication is used, there
might be many identities in the LDAP server that must not be granted
access to grid data or operations.Attention: It is not
necessary to specify MBeanPermissions for WebSphere Application Server deployments of eXtreme Scale servers because JMX
access is controlled by the WebSphere Application Server, itself.
Procedure
- Enable access control for the data grid.
Specify
securityEnabled=”true”
in the
ObjectGrid.xml file for the deployed data grid.
Specify this setting for each
grid you define. After you configure this setting, no reads or writes
are run on data grid entries except for identities that have been
granted permissions in a policy file.
- Create a policy file.
- Configure each container server to load this policy file.
You can specify the policy file in the Generic JVM arguments
of the application server where the container runs. For more information
about setting the server properties file with JVM properties, see
Lesson 2.2: Configure catalog server security.
-Djava.security.auth.policy=<policy file>