About this task
Applications reference the connection factory, which establishes
the connection to the remote data grid. Each connection factory hosts
a single
eXtreme Scale client
connection that is reused for all application components.
Important: Since the eXtreme Scale client connection might include a near cache, it is important
that applications do not share a connection. A connection factory
must exist for a single application instance to avoid problems sharing
objects between applications.
You can set the credential generator with the API or in the client
properties file. In the client properties file, the securityEnabled
and credentialGenerator properties are used.
Attention: In the following example, some lines of code are continued on the
next line for publication purposes.
securityEnabled=true
credentialGeneratorClass=com.ibm.websphere.objectgrid.security.plugins.builtins.
UserPasswordCredentialGenerator
credentialGeneratorProps=operator XXXXXX
The credential generator and credential in the client properties
file are used for the eXtreme Scale connect operation and the default J2C credentials. Therefore,
the credentials that are specified with the API are used at J2C connect
time for the J2C connection. However, if no credentials are specified
at J2C connect time, then the credential generator in the client properties
file is used.
- Set up secure access where the J2C connection represents
the eXtreme Scale client. Use the ClientPropertiesResource connection factory property
or the ClientPropertiesURL connection factory property to configure
client authentication.
If you are using WebSphere eXtreme Scale with WebSphere Application Server, then specify the client
properties on the catalog service domain configuration. When the connection
factory references the domain, it automatically uses this configuration.
- Configure the client security properties to use the connection
factory that references the appropriate credential generator object
for eXtreme Scale. These properties are also compatible with eXtreme Scale server security. For example, use the WSTokenCredentialGenerator credential generator
for WebSphere credentials
when eXtreme Scale is installed
with WebSphere Application
Server. Alternatively, use the UserPasswordCredentialGenerator credential
generator when you run the eXtreme Scale in a stand-alone environment. In the following example, credentials
are passed programmatically using the API call instead of using the
configuration in the client properties:
XSConnectionSpec spec = new XSConnectionSpec();
spec.setCredentialGenerator(new UserPasswordCredentialGenerator("operator", "xxxxxx"));
Connection conn = connectionFactory.getConnection(spec);
- (Optional) Disable the near cache, if required.
All J2C connections from a single connection factory share a single
near cache. Grid entry permissions and map permissions are validated
on the server, but not on the near cache. When an application uses
multiple credentials to create J2C connections, and the configuration
uses specific permissions for grid entries and maps for those credentials,
then disable the near cache. Disable the near cache using the connection
factory property, ObjectGridResource or ObjectGridURL. For more information
about disabling the near cache, see Configuring the near cache.
- (Optional) Set security policy settings, if required.
If the J2EE application contains the embedded
eXtreme Scale resource adapter
archive (RAR) file configuration, you might be required to set additional
security policy settings in the security policy file for the application.
For example, these policies are required:
permission com.ibm.websphere.security.WebSphereRuntimePermission "accessRuntimeClasses";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission javax.management.MBeanTrustPermission "register";
permission java.lang.RuntimePermission "getClassLoader";
Additionally, any property or resource files used by connection
factories require file or other permissions, such as permission
java.io.FilePermission "filePath";. For WebSphere Application Server, the policy file is META-INF/was.policy, and it is located in the J2EE EAR
file.
What to do next
Use
eXtreme Scale data
access APIs to develop client components that you want to use transactions.