|
Summary: GigaSpaces uses the space filtering mechanism to perform authentication and authorization.
OverviewGigaSpaces uses the space filtering mechanism to maintain authentication and authorization. The default security filter supports authentication and authorization. Authorization ProcessThe space authorization defines which operations a user may perform on the space. GigaSpaces uses a set of predefined roles and user-defined custom roles that specify whether a user has read-only, read/write, or administrative permission to the space. Write permission provides access to all destructive space operations - write, update and take. Client Side AuthorizationTo eliminate the security performance overhead, the space proxy itself performs client side authorization. Any user who sends an initial context via the space security filter is assigned a token. This token represents the user's basic roles and defines whether that user may perform read/write or administration operations. The proxy uses this token to detect if a user is attempting to perform an unauthorized operation. If so, it will throw a SecurityException and will not communicate with the space. Custom roles and class-based filtering are done on the space side. Runtime updates – Whenever you add users and update their roles via the space browser, there is no need to restart the space.
|
Previous release
Wiki Content Tree
Your Feedback Needed!
We need your help to improve this wiki site. If you have any suggestions or corrections, write to us at techw@gigaspaces.com. Please provide a link to the wiki page you are referring to.
Add Comment