Metaspace Access List

Each domain defined in a security policy file contains a Metaspace Access List. The Metaspace Access List restricts the security behavior defined by the settings for its security domain to only those metaspaces specified in the list. A metaspace can only belong to one security domain.

Each item in the Metaspace Access List must follow the format:

metaspace_access=metaspace=<metaspace name>;discovery=<discovery URL>

where:

• metaspace name is the name of the metaspace (no quotes)
• discovery URL is the TCP discovery URL of the metaspace (no quotes)

For example, to add the metaspace 'examplems' with a discovery URL of 'tcp://192.168.0.10:50000' to the Metaspace Access List for the domain 'mydomain' in the security policy file mypolicy.txt:

Open mypolicy.txt in a text editor.

Find the Metaspace Access List for the security domain mydomain.

Modify the following line in the Metaspace Access List:

metaspace_access=metaspace=mydomain-ms1;
discovery=tcp://127.0.0.1:50000

to read:

metaspace_access=metaspace=examplems;
discovery=tcp://192.168.0.10:50000

Save mypolicy.txt.

To add additional metaspaces to the metaspace access list add, another metaspace_access item after the first metaspace_access item. For example:

metaspace_access=metaspace=examplems;
discovery=tcp://192.168.0.10:50000
metaspace_access=metaspace=examplems2;
discovery=tcp://192.168.0.11:50001

When you generate a security token file from a security policy file, the Metaspace Access List for the specified security domain is copied from the security policy file into the security token file. A security domain requestor using the security token file is allowed to connect to any of the metaspaces in the Metaspace Access List. To further restrict which metaspaces can be connected to, you should edit the security token file and remove any undesired metaspaces from the Metaspace Access List.

Copyright © Cloud Software Group, Inc. All rights reserved.