Chapter 31. Scripting

JBoss Data Grid includes a method of storing scripts on servers, allowing remote clients to execute scripts locally with the JDK's javax.script.ScriptEngines. By default the JDK comes with Nashorn, capable of running JavaScript; however, this may be extended to run any JVM language that offers their own ScriptEngine.

31.1. Accessing the Script Cache

Scripts are stored in a special, protected cache entitled ___script_cache. As this is a protected cache only loopback requests or connections with authorization enabled will be allowed to access the cache.
The following requirements must be met to connect to the ___script_cache remotely:
  • A user has been defined with the ___script_manager role.
  • The client has a secure connection to the server; this may be attained by following the instructions in Section 20.7, “Securing Interfaces”.
  • Authorization has been enabled on the cache-container.

Example 31.1. Configuring the Server for Access the Script Cache

The following example covers configuring the server to access the script cache, using the DIGEST-MD5 method of securing the Hot Rod connector.
  1. Add a user to the server as follows:
    1. Execute the $JDG_HOME/bin/add-user.sh (Linux) or $JDG_HOME\bin\add-user.bat (Windows) script.
    2. Enter b at the first prompt to create an ApplicationRealm user.
      What type of user do you wish to add? 
       a) Management User (mgmt-users.properties) 
       b) Application User (application-users.properties)
      (a): b
    3. Follow the prompts to define the desired username and password for the user.
    4. When prompted for the groups enter ___script_manager for this user:
      What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]: ___script_manager
  2. Secure the communication between the client and server. As this example is using DIGEST-MD5 the instructions in will be followed. The following snippet demonstrates the necessary xml configuration:
    <cache-container name="local" default-cache="default" statistics="true">
      <security>
        <authorization>
          <identity-role-mapper />
            <role name="admin" permissions="ALL" />
            <role name="reader" permissions="READ" />
            <role name="writer" permissions="WRITE" />
            <role name="supervisor" permissions="READ WRITE EXEC BULK" />
        </authorization>
      </security>
      [...]
    <cache-container>
    [...]
    <hotrod-connector socket-binding="hotrod" cache-container="local">
      <authentication security-realm="ApplicationRealm">
        <sasl server-name="scriptserver" mechanisms="DIGEST-MD5" qop="auth" />
      </authentication>
    </hotrod-connector>
    
  3. Create the cache manager using the secured connection, as seen in the following code snippet:
    Configuration config = new ConfigurationBuilder()
        .addServer()
            .host("localhost")
            .port(11222)
        .security()
            .authentication()
            .enable()
            .saslMechanism("DIGEST-MD5")
            .serverName("scriptserver")
            .callbackHandler(new MyCallbackHandler("user", "ApplicationRealm", "password".toCharArray()))
        .build();
    
    cacheManager = new RemoteCacheManager(config);