The security policy file, example_policy.txt, was created using the Admin CLI by issuing the following command:
This generates a security policy file named example_policy.txt containing the following:
When you use security, you must use TCP transport. Notice that the discovery URL in the metaspace_access entry is
tcp://127.0.0.1:50000. This URL designates the loopback IP address of 127.0.0.1 and port 50000 as the discovery IP address and port, which will keep metaspace discovery messages on your local machine.
The example security policy file uses the default metaspace name of ms in the
metaspace_access list. If you wish to use a different metaspace name, you must change the metaspace name in the following line:
See User Authentication and
User Access Control for information on how to change the example security policy file to turn on user authentication or user access control.
The security token file, example_token.txt, was created from the example security policy file by using the following Admin CLI command:
This generates a security token file named exdomain_token.txt, which is based upon the security settings for the security domain named
exdomain in the security policy file
.xample_policy.txt. The example security token file contains a copy of the following from the security policy file:
This security token file can be used by the examples to connect to a security domain controller for the default metaspace named ms. A connection to the security domain controller for a metaspace is established when an example tries to connect to the metaspace using the example security token file.
The security domain controller for the ms metaspace takes care of ensuring that security is applied to any example that connects to the metaspace using the example security token file. Other than using a security token file when connecting to a metaspace, there is nothing else that an application needs to do to have security applied to it, unless the default mechanism for obtaining user credentials for user authentication is not desired.
See ASUserAuthenticator for an example of how to use the security API callback mechanism to override how user credentials can be retrieved for user authentication.