The majority of modern applications need some scheme of authentication/authorization. To cover these aspects, GeneXus provides a mechanism (called GeneXus Access Manager) to offer a single, centralized scheme with everything related to application authentication and authorization.
The GeneXus Access Manager (GAM) provides APIs to manage all the security issues concerning an application. Therefore, the security module of any application (web applications and mobile applications) is provided by GAM. Also, security controls are automatically performed by configuring Enable Integrated Security property.
GAM is based on the Role Based Access Control (RBAC) model.
It provides a GAM API with the implementation of all the functionalities related to security issues: user administration (registration, authentication, password administration, security policies), roles, etc.
It has its own database, logically independent from the database application, even though they can both be physically the same (with different table schemes).
End users (administrator users) can manage users and security policies through the GAM Web Backoffice.
- GAM executes the initialization of the database using the same platform as the model. If it's a Java model, the GAM processes which run within the IDE to initialize the GAM database structure and the metadata (applications registration, permissions creation, etc) are executed in Java.
In the case of those DBMSs that GeneXus doesn't distribute the JDBC drivers, you have to copy them manually to <genexus>\gxjava\drivers (to the classpath configured in GeneXus).
- If the GAM datastore is different from MySQL or SQL Server, a setup is launched from the GeneXus IDE to install the GAM platform corresponding to the selected DBMS. See GAM platforms for more information. The setup is distributed so as to run it in standalone mode, under <GeneXus>\Library\GAM\Setup folder.
- In web applications, GAM uses the web session to store user session data. As in any other web application, when load balancing environments are used, the servers need to persist the session (or use server affinity) so that the web session is available to the workers that respond to the request.