Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 5 Using the Example Code : Example Security Policy File

Example Security Policy File
The security policy file, example_policy.txt, was created using the Admin CLI by issuing the following command:
as-admin> create security_policy policy_name "example/exdomain" encrypt false policy_file "example_policy.txt"
This generates a security policy file named example_policy.txt containing the following:
1.
2.
A metaspace access list with a default metaspace_access entry of:
metaspace_access=metaspace=ms;discovery=tcp://127.0.0.1:50000
3.
4.
When you use security, you must use TCP transport. Notice that the discovery URL in the metaspace_access entry is tcp://127.0.0.1:50000. This URL designates the loopback IP address of 127.0.0.1 and port 50000 as the discovery IP address and port, which will keep metaspace discovery messages on your local machine.
The generated policy file, example_policy.txt, was edited as follows:
1.
2.
The group entry, group1 = user1, was added under Access Control Groups.
3.
ms/* group1=tuple_get,tuple_put,tuple_encrypt,space_browse
The example security policy file uses the default metaspace name of ms in the metaspace_access list. If you wish to use a different metaspace name, you must change the metaspace name in the following line:
metaspace_access=metaspace=ms;discovery=tcp://127.0.0.1:50000
Without any modifications, the example security policy file can be used to ensure secure transports are used for communication throughout a metaspace.
It can also be used to run most of the examples with an encrypted data field added to the space used by example.
See User Authentication and User Access Control for information on how to change the example security policy file to turn on user authentication or user access control.
Example Security Token File
The security token file, example_token.txt, was created from the example security policy file by using the following Admin CLI command:
as-admin> create security_token domain_name "exdomain" policy_file "example_policy.txt" token_file "exdomain_token.txt"
This generates a security token file named exdomain_token.txt, which is based upon the security settings for the security domain named exdomain in the security policy file .xample_policy.txt. The example security token file contains a copy of the following from the security policy file:
1.
2.
3.
This security token file can be used by the examples to connect to a security domain controller for the default metaspace named ms. A connection to the security domain controller for a metaspace is established when an example tries to connect to the metaspace using the example security token file.
The security domain controller for the ms metaspace takes care of ensuring that security is applied to any example that connects to the metaspace using the example security token file. Other than using a security token file when connecting to a metaspace, there is nothing else that an application needs to do to have security applied to it, unless the default mechanism for obtaining user credentials for user authentication is not desired.
See ASUserAuthenticator for an example of how to use the security API callback mechanism to override how user credentials can be retrieved for user authentication.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved