Most data grid deployers restrict administrative access to only a subset of the users who can access grid data.
The policy file is specified by passing the -Djava.security.policy=<policy_file> JVM argument.
The Java security manager is started by specifying the JVM argument, -Djava.security.manager, when the eXtreme Scale server is started. Specify this argument for both container and catalog servers.
grant codeBase "file:${objectgrid.home}/lib/*" {
permission java.security.AllPermission;
};
grant principal javax.security.auth.x500.X500Principal "CN=manager,O=acme,OU=OGSample"
{
permission javax.management.MBeanPermission "*", "getAttribute,setAttribute,
invoke,queryNames,addNotificationListener,removeNotificationListener";
};
In this example, only the manager principal is authorized for administrative operations with the xscmd command. You can add other lines as necessary to give additional principals MBean permissions.
startOgServer.sh <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config
-Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=$OBJECTGRID_HOME
startXsServer.sh <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config
-Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=$OBJECTGRID_HOME
startOgServer.bat <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config
-Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=%OBJECTGRID_HOME%
startXsServer.bat <arguments> -jvmargs -Djava.security.auth.login.config=jaas.config
-Djava.security.manager -Djava.security.policy="auth.policy" -Dobjectgrid.home=%OBJECTGRID_HOME%