|
IBM WebSphereTM eXtreme Scale, Release 8.6 API Specification |
|||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||
See:
Description
| Class Summary | |
|---|---|
| AgentPermission | This class represents permissions to the datagrid agents. |
| AnonymousPrincipal | This Principal class represents an anonymous user. |
| MapPermission | This class represents permissions to the ObjectMap. |
| ObjectGridPermission | This class represents permissions to the ObjectGrid. |
| SecurityConstants | This class contains the constants used for security configuration. |
| ServerMapPermission | This class represents permissions to an ObjectMap hosted in a server, that is, a server-side distributed map. |
| Exception Summary | |
|---|---|
| ObjectGridSecurityException | This exception represents a general ObjectGrid security exception. |
This package has the class MapPermission and class AdminPermission which represents the permissions for to access the ObjectGrid maps and ObjectGrid administration respectively.
There are five actions with the permission object ObjectMapPermission.
| com.ibm.websphere.objectgrid.ObjectMap/ com.ibm.websphere.objectgrid.JavaMap |
|
|---|---|
| Read | boolean containsKey(Object) |
| boolean equals(Object) | |
| Object get(Object) | |
| Object get(Object, Serializable) | |
| List getAll(List) | |
| List getAll(List keyList, Serializable) | |
| List getAllForUpdate(List) | |
| List getAllForUpdate(List, Serializable) | |
| Object getForUpdate(Object) | |
| Object getForUpdate(Object, Serializable) | |
| write | Object put(Object key, Object value) |
| void put(Object, Object, Serializable) | |
| void putAll(Map) | |
| void putAll(Map, Serializable) | |
| void update(Object, Object) | |
| void update(Object, Object, Serializable) | |
| insert | public void insert(Object, Object) |
| void insert(Object, Object, Serializable) | |
| remove Object remove(Object) | |
| void removeAll(Collection) | |
| invalidate | public void invalidate(Object, boolean) |
| void invalidateAll(Collection, boolean) | |
| int setTimeToLive(int) |
An authroizationMechanism setting of the ObjectGrid has two possible values:
JAAS and custom. Users can also use API ObjectGrid.setAuthorizationMechanism(int) to set which authorization mechanism the object grid will use.
A value "JAAS" means ObjectGrid will rely on JAAS authorization mechanism to handle
the authorization. A JAAS policy file should be configured to associate permissions with a set of credentials
and/or groups of credentials. We recommend that groups should be used as then new users
can be added to groups without modifying the policy file.
A value "custom" means ObjectGrid will rely on custom authorization mechanism
to handle the authorization. Users can set call
ObjectGrid.setObjectGridAuthorization(com.ibm.websphere.objectgrid.security.plugins.ObjectGridAuthorization ogAuthorization)
to set their custom authorization plug-in. Users can also configure the objectgrid.xml
to achieve the same result.
An AdminPermission has two types: ADMIN and MONITOR. An AdminPermission with ADMIN name grants permissions to access all the ManagementMBean methods. An AdminPermission with MONITOR name grants permissions to access the ManagementMBean read-only methods. Therefore, ADMIN permission implies MONITOR permission.
The detailed operations granted to users with different permissions are listed in the following table. These operations correspond to the methods in the ManagementMBean interface:
| operations | admin | monitor |
|---|---|---|
| startServer | Y | N |
| stopServer | Y | N |
| forceStopServer | Y | N |
| setServerTrace | Y | N |
| retrieveServerStatus | Y | Y |
| getMapStats | Y | Y |
| getOGStats | Y | Y |
| getReplicationStats | Y | Y |
The table can read like this: If the client has admin permission, it can execute "startServer" task; if the client has monitor permission, it cannot execute "startServer" task.
An AgentPermission represents permissions to the datagrid agents. The name of the permission is the full name of the ObjectGrid map, and the action is a "," delimited string of agent implementation class names or package names.
The following methods in the class
AgentManager requires
AgentPermission:
AgentManager.callMapAgent(MapGridAgent, Collection)AgentManager.callMapAgent(MapGridAgent)AgentManager.callReduceAgent(ReduceGridAgent, Collection)AgentManager.callReduceAgent(ReduceGridAgent, Collection)An ObjectGridPermission represents permissions to an ObjectGrid. The name of the permission is the ObjectGrid name, and the action is either "query" or "dynamicmap".
The detailed methods which require different permissions are listed in the following table:
| methods | action |
|---|---|
Session.createObjectQuery(String) |
query |
EntityManager.createQuery(String) |
query |
Session.getMap(String) |
dynamicmap |
An ServerMapPermission represents permissions to an ObjectMap hosted in a server. The name of the permission is the full name of the ObjectGrid map name, and the action is either "replicate" or "dynamicIndex".
The detailed methods which require different ServerMapPermission are listed in the following table:
| methods | action |
|---|---|
ClientReplicableMap.enableClientReplication(Mode, int[], ReplicationMapListener) |
replicate |
BackingMap.createDynamicIndex(String, boolean, String, DynamicIndexCallback) |
dynamicIndex |
BackingMap.removeDynamicIndex(String) |
dynamicIndex |
SecurityConstants class contains constants used for representing the security parameters.
|
IBM WebSphereTM eXtreme Scale, Release 8.6 API Specification |
|||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | |||||||||