Configuring Big Match web application security (V11.5.0.4)

The Big Match offering includes three distinct web applications. By default, security is enabled for all three. To manage security for the web applications, edit the server.xml configuration file associated with the WebSphere® Liberty Profile instance.

Before you begin

This topic assumes that you have edited the port number designations if necessary. For more information, see the link at the end of this topic about checking for port conflicts.

About this task

The Big Match offering takes advantage of the security features provided by IBM® WebSphere Liberty profile. Specifically, the Basic Registry creates and stores user credentials. For more detail about Hortonworks security, including information about users and groups, see the links at the end of this topic.

You can edit the server.xml file to make changes to permissions. For example, you might specify:
  • BigMatchConfigUser - The BigMatchConfigUser security role governs access to the InfoSphere® Big Match Console application.
  • BigMatchUser - The BigMatchUser security role governs access to the InfoSphere Big Match Search interface sample. To configure the search interface sample itself, see the link at the end of this topic about installing and configuring the interface sample.
<security-role name="BigMatchConfigUser">
   <user name ="jsmith"/>
   <user name="jdoe"/>
</security-role>
<security-role name="BigMatchUser">
   <group name="financeDept"/>
</security-role>
For more information about the syntax for specifying security roles, see the link at the end of this topic about getting started with WebSphere Liberty Profile security.

By default the Big Match WebSphere Liberty Profile instance will use the same Java installation that is running Ambari Server. This can be modified by editing the /usr/ibmpacks/current/bigmatch/wlp/usr/servers/bigmatch-server/server.env file and setting the value of JAVA_HOME to some other JDK/JRE.

Note: To ensure that you are not vulnerable to various SSL attacks, make sure that you use a patched version of JAVA and WebSphere Liberty Profile. For more details, see the security bulletin links at the end of this topic.