|
IBM WebSphereTM eXtreme Scale, Release 8.6 API Specification |
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
See:
Description
Interface Summary | |
---|---|
Authenticator | This plugin can be used to authenticate an ObjectGrid client to an ObjectGrid server based on the credential provided by the client. |
Credential | This interface represents a credential used by an ObjectGrid client. |
CredentialGenerator | This plugin is used to get a Credential representing this client. |
ObjectGridAuthorization | This plugin can be used to authorize ObjectGrid , ObjectMap and
JavaMap accesses to the Principal s represented
by a Subject object. |
SecureTokenManager | This interface is used by ObjectGrid servers to transform an object to a secure token and vice versa. |
SubjectSource | This plugin can be used to get a Subject which represents
an ObjectGrid client. |
SubjectValidation | This plugin can be used to validate that a Subject
passed to the ObjectGrid is a valid Subject which has not been
tampered with. |
Exception Summary | |
---|---|
CannotGenerateCredentialException | This exception indicates a credential cannot be generated. |
ExpiredCredentialException | This exception indicates that the credential used for authentication is expired. |
InvalidCredentialException | This exception indicates that the credential used for authentication is invalid. |
InvalidSubjectException | This exception indicates the Subject passed to an ObjectGrid server is not a valid subject. |
This package contains the interfaces for adding plug-ins to the ObjectGrid security framework and assoicated Exception classes.
The plug-ins in this package are used for authentication and authorization. Below is a brief summary of these plug-ins.
com.ibm.websphere.objectgrid.security.plug-ins.Credential
plug-in
represents a client credential. It is passed from the clien to server for
authentication. It could be a user password pair, a kerberos ticket, etc.
com.ibm.websphere.objectgrid.security.plug-ins.CredentialGenerator
plug-in
is used to get a Credential representing this client. It is a factory for the Credential
object.
com.ibm.websphere.objectgrid.security.plug-ins.Authenticator
plug-in is used for an ObjectGrid client to authenticate to an ObjectGrid server.
com.ibm.websphere.objectgrid.security.plug-ins.SubjectSource
plug-in
is used to get a Subject instance representing the ObjectGrid client. This plug-in
is used when ObjectGrid security is on. The method getSubject
is
called by ObjectGrid runtime when ObjectGrid.getSession() method is
used to get a session. This plug-in is normally used for a local ObjectGrid and
provides a mechanism to plug in application server-specific way to retrieve a
Subject object from the environment.
com.ibm.websphere.objectgrid.security.plug-ins.SubjectValidation
plug-in
is used to validate a Subject object passed to the ObjectGrid. A typical scenario
where this plug-in can be used usually have the following
characteristics:
The last bullet is usually the most difficult to satisify. This will require the support from the originator of the Subject object.
For example, when a ObjectGrid client is running in WebSphere Application Server (WAS) Extended Deployment (XD) which also hosts the ObjectGrid server. The client can retrieve the runAs Subject and then pass it to the ObjectGrid instance. The ObjectGrid Server will then invoke the SubjectValidation mechanism, which uses WAS-specific APIs to validate the Subject object has not been tampered with.
com.ibm.websphere.objectgrid.security.plug-ins.MapAuthorization
plug-in
is used to check whether the user represented by the Subject object has
a speicfied ObjectMapPermission. Users can implement this interface to plug
in their own authorization mechanism. For example, users can plug in their
authorization mechanism, which uses
Tivoli Access Manager Authorization Server .
Starting from WebSphere XD 6.1, MapAuthorization
has been deprecated.
Users can use ObjectGridAuthorization
to authorize map accesses.
com.ibm.websphere.objectgrid.security.plug-ins.AdminAuthorization
plug-in
can be used to authorize management operations to the principals contained in
the Subject object. The permissions for the management operations are represented
by AdminPermission
objects.
com.ibm.websphere.objectgrid.security.plug-ins.ObjectGridAuthorization
plug-in
can be used to authorize ObjectGrid
, ObjectMap
and
JavaMap
accesses to the Principal
s represented
by a Subject
object. All access and operations to ObjectGrid can be
authorized using this plug-in.
For details about how to use these plug-ins, please refer to individual JavaDoc and ObjectGrid programming guide.
|
IBM WebSphereTM eXtreme Scale, Release 8.6 API Specification |
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |