Authenticating client requests in WebSphere Application Server

Requests that WebSphere® Application Server receives from the eXtreme Scale data grid must be authenticated.

Before you begin

Authentication requirements for eXtreme Scale clients are determined by the settings in the server properties file. A sample server properties file is provided in was_root/optionalLibraries/ObjectGrid/properties/sampleServer.properties.

About this task

You must configure authentication for eXtreme Scale servers that are running under WebSphere Application Server using the following steps.

Procedure

Create the server properties file.
Using this sample server properties file, create a server properties file that contains the following lines:
```
securityEnabled=true
credentialAuthentication=Required
```
Unless the credentialAuthentication=Required property exists, the grid is not secure, and unauthenticated users can perform grid operations.
Restriction: You cannot specify the property, credentialAuthentication=Required, for the dynamic cache provider.
Create the security descriptor XML file.
When the property, credentialAuthentication, is set to Required or Supported, you must specify a security descriptor XML file. See the following example:
```
<securityConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://ibm.com/ws/objectgrid/config/security ../objectGridSecurity.xsd"
	xmlns="http://ibm.com/ws/objectgrid/config/security">

	<security securityEnabled="true">
		<authenticator
	className="com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenAuthenticator">
		</authenticator>
	</security>
</securityConfig>
```
The security descriptor XML file specifies the authenticator to be used. When all eXtreme Scale clients and servers are running under WebSphere Application Server, you can use the WSTokenAuthenticator authenticator. Two other authenticators are shipped with eXtreme Scale, the KeyStoreLoginAuthenticator and the LDAPLoginAuthenticator. For more information about configuring LDAP authentication for eXtreme Scale, see Enabling LDAP authentication in eXtreme Scale catalog and container servers. To use the keystore and login authenticators with eXtreme Scale running under WebSphere Application Server, a JAAS configuration is needed. For more information about configuring keystore authentication for eXtreme Scale, see Enabling keystore authentication in eXtreme Scale container and catalog servers.
Create the JAAS configuration, unless you are using the WSTokenAuthenticator authenticator.
Point each catalog server at the server properties file using the following JVM arguments.
Configure these properties using the WebSphere Application Server administration console Servers > all servers > server_name > Process definition > Java virtual machine-generic JVM arguments. The following arguments are required:
```
-Dobjectgrid.server.props=<server property file name>
-Dobjectgrid.cluster.security.xml.url=file://<security descriptor XML file>
```
Point each container server to the server properties file using this JVM argument:
```
-Dobjectgrid.server.props=<server property file name>
```

What to do next

WebSphere eXtreme Scale clients must be configured to pass appropriate credentials. Complete this configuration using a client properties file. See the following example of the WSTokenAuthenticator authenticator:

securityEnabled=true
credentialAuthentication=supported
credentialGeneratorClass=com.ibm.websphere.security.plugins.builtins.WSTokenCredentialGenerator

A client must be configured to use this file. When the client is running under WebSphere Application Server. Configure the client with the following JVM argument:

-Dobjectgrid.client.props=<client properties file>

To secure the grid deployment, set application security and Java 2 Security for WebSphere Application Server servers that are hosting eXtreme Scale servers. Use the WebSphere Application Server administrative console security configuration panel to enable these settings.

Now, you can proceed to the next step, Authorizing access to the data grid in WebSphere Application Server.