5.3. 属性域
属性域使用属性文件来定义用户和组。
-
users.properties包含 Data Grid 用户凭据。密码可以使用DIGEST-MD5和DIGEST验证机制进行预先说明。 -
groups.properties将用户与角色和权限相关联。
注意
您可以使用 Data Grid CLI 为文件输入正确的安全域名称来避免与属性文件相关的身份验证问题。您可以通过打开 infinispan.xml 文件并导航到 <security -realm name> 属性来查找 Data Grid Server 的正确安全域名称。当您将属性文件从一个 Data Grid Server 复制到另一个 Data Grid Server 时,请确保安全域名称符合目标端点的正确身份验证机制。
users.properties
myuser=a_password user2=another_password
groups.properties
myuser=supervisor,reader,writer user2=supervisor
属性域配置
XML
<server xmlns="urn:infinispan:server:14.0">
<security>
<security-realms>
<security-realm name="default">
<!-- groups-attribute configures the "groups.properties" file to contain security authorization roles. -->
<properties-realm groups-attribute="Roles">
<user-properties path="users.properties"
relative-to="infinispan.server.config.path"
plain-text="true"/>
<group-properties path="groups.properties"
relative-to="infinispan.server.config.path"/>
</properties-realm>
</security-realm>
</security-realms>
</security>
</server>
JSON
{
"server": {
"security": {
"security-realms": [{
"name": "default",
"properties-realm": {
"groups-attribute": "Roles",
"user-properties": {
"digest-realm-name": "default",
"path": "users.properties",
"relative-to": "infinispan.server.config.path",
"plain-text": true
},
"group-properties": {
"path": "groups.properties",
"relative-to": "infinispan.server.config.path"
}
}
}]
}
}
}
YAML
server:
security:
securityRealms:
- name: "default"
propertiesRealm:
# groupsAttribute configures the "groups.properties" file
# to contain security authorization roles.
groupsAttribute: "Roles"
userProperties:
digestRealmName: "default"
path: "users.properties"
relative-to: 'infinispan.server.config.path'
plainText: "true"
groupProperties:
path: "groups.properties"
relative-to: 'infinispan.server.config.path'
