Most modern applications require some authentication/authorization scheme. To cover these aspects, GeneXus offers the GeneXus Access Manager (GAM), a centralized mechanism to manage application authentication and authorization.
The GeneXus Access Manager (GAM) provides a GAM API to manage all the security issues concerning an application. Therefore, the security module of any application (web applications and mobile applications) is provided by GAM. Also, security controls are automatically performed by GAM.
The GAM API contains the implementation of all the functionalities related to security issues: user administration (registration, authentication, password administration, security policies), roles, etc.
To activate GAM in your Knowledge Base, set the Enable Integrated Security property to True.
GAM is based on the Role Based Access Control (RBAC) model.
It has its own database, logically independent from the database application, even though they can both be physically the same (with different table schemas).
End users (administrator users) can manage users and security policies through the GAM Web Backoffice.
- GAM initializes the database using the same platform as the model. In a Java model, the GAM processes that run within the IDE to initialize the GAM database structure and the metadata (registration of applications, creation of permissions, etc.) are executed in Java.
For those DBMSs for which GeneXus doesn't distribute the JDBC drivers, you must copy them manually to <genexus>\gxjava\drivers (to the classpath configured in GeneXus).
- If the GAM datastore is different from MySQL or SQL Server, a setup is launched from the GeneXus IDE to install the GAM platform corresponding to the selected DBMS. See GAM platforms for more information. The setup is distributed so as to run it in standalone mode, under <GeneXus>\Library\GAM\Setup folder.
- In web applications, GAM uses the web session to store user session data. As in any other web application, when load balancing environments are used, the servers need to persist the session (or use server affinity) so that the web session is available to the workers that respond to the request.