Lesson 2.2: Configure catalog server security
A catalog server contains two different levels of security information: The security properties that are common to all the WebSphere® eXtreme Scale servers, including the catalog service and container servers, and the security properties that are specific to the catalog server.
About this task
To configure the security XML descriptor file, create a -Dobjectgrid.cluster.security.xml.url property in the Java™ virtual machine (JVM) argument. The file name specified for this property is in an URL format, such as file:///samples_home/security/securityWAS2.xml.
securityWAS2.xml file
<securityConfig xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://ibm.com/ws/objectgrid/config/security ../objectGridSecurity.xsd"
xmlns="http://ibm.com/ws/objectgrid/config/security">
<security securityEnabled="true">
<authenticator
className="com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenAuthenticator">
</authenticator>
</security>
</securityConfig>
The following properties are defined in the
securityWAS2.xml file: - securityEnabled
- The securityEnabled property is set to true, which indicates to the catalog server that the WebSphere eXtreme Scale global security is enabled.
- authenticator
- The authenticator is configured as the com.ibm.websphere.objectgrid.security.plugins.builtins.WSTokenAuthenticator class. With this built-in implementation of the Authenticator plug-in, the WebSphere eXtreme Scale server can convert the security tokens to a Subject object. See Security integration with WebSphere Application Server for more information about how the security tokens are converted.
catServer2.props file
- securityEnabled
- The securityEnabled property is set to true to indicate that this catalog server is a secure server.
- credentialAuthentication
- The credentialAuthentication property is set to Required, so any client that is connecting to the server is required to provide a credential.
- secureTokenManagerType
- The secureTokenManagerType is set to none to indicate that the authentication secret is not encrypted when joining the existing servers.
- authenticationSecret
- The authenticationSecret property is set to ObjectGridDefaultSecret. This secret string is used to join the eXtreme Scale server cluster. When a server joins the data grid, it is challenged to present the secret string. If the secret string of the joining server matches the string in the catalog server, the joining server is accepted. If the string does not match, the join request is rejected.
- transportType
- The transportType property is set to TCP/IP initially. Later in the tutorial, transport security is enabled.
Setting the server properties file with JVM properties
Set the server properties file on the deployment manager server. If you are using a different topology than the topology for this tutorial, set the server properties file on all of the application servers that you are using to host catalog servers.
Procedure
Lesson checkpoint
You configured catalog server security by associating the securityWAS2.xml and catServer2.props files with the deployment manager, which hosts the catalog server process in the WebSphere Application Server configuration.