Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The API for Authenticator and AccessControl has not changed. Your implementation implementations of those are still honored in client/server communication if you choose not to implement the new security interface. However, these two are deprecated now and will be removed in the future.

...

Code Block
languagejava
security-manager = com.abc.security.MySecurityManager

It is a the class implementing name that implements the SecurityManager interface. Make sure your class has a zero argument constructor so that we can call to create instantiate the object. SecurityManger is the new interface you will need to implement for both authentication and authorization. See SecurityManger javadoc for details. You can use SampleSecurityManager as an example to write your own implementation.

mention the gfsh commands to start locator/server with security

3. Introduction of GeodePermission

...

Note GeodePermission is hierarchical. If you have permission for "DATA:READ", you automatically have data read permission on all regions and all keys, i.e. you have permission for "DATA:READ:regionA". If you have permission for "DATA:READ:regionA", you automatically have data read permission on all keys in regionA, i.e, you have permission for "DATA:READ:regionA:key1".

4. Introduction of PostProcessor

We completely redo the way we call post processing. Now the interface is a lot simpler. Before the value is sent to the you, it gets a pass through the post processor if there is any. You specify your post processor with this line in your gemfire.properties file:

Code Block
languagejava
security-post-processor = com.abc.security.MyPostProcessor

It is the class name that implements the PostProcessor interface. Make sure your class has a zero argument constructor so that we can instantiate the object. See PostProcessor javadoc for details. You can use SamplePostProcessor as an example to write your own implementation.

5. Operations and their corresponding GeodePermission

...

 

...

 

Client-Server

Client OperationsRequired GeodePermission
region.containsKeyOnServer(key)DATA:READ:regionName:key
region.destroy(key)DATA:WRITE:regionName:key
region.invalidate(key)DATA:WRITE:regionName:key
region.put(key, value)DATA:WRITE:regionName:key
region.get(key)DATA:READ:regionName:key
region.replace 
region.putIfAbsent 
createRegionDATA:MANAGE
destroyRegionDATA:MANAGE
executeFunctionDATA:WRITE
executeRegionFunctionDATA:WRITE
region.getAllDATA:READ:regionName
region.getEntryDATA:READ:regionName
region.clearDATA:WRITE:regionName
region.registerInterestDATA:READ:regionName:key
region.registerInterestRegex
DATA:READ:regionName
region.registerInterestList

DATA:READ:regionName

region.removeAllDATA:WRITE:regionName
region.unRegisterInterestDATA:READ:regionName:key
region.unRegisterInterestRegex
DATA:READ:regionName
region.unRegisterInterestList
DATA:READ:regionName
queryDATA:READ:regionName
  
  
  
  

...