THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Geode is introducing a security implementation which Integrated Security allows you to control the authentication/authorization of all Geode entities within one implementation. When Integrated Security is turned on, all client/server communications, peer to peer, gateway authentication, jmx operations, gfsh commands and Pulse are all protected with this single security mechanism.
1. No changes for
...
legacy implementations of Authentication/Authorization for client-server security
The API for Authenticator and AccessControl has not changed. Your implementations of those are still honored in client/server communication if you choose not to implement the new security interface. However, these two are deprecated now and will be removed in the future.
...
To turn on integrated security, you will need to start your servers/locators with this the security-manager property set in your gemfire.properties file:
| Code Block | ||
|---|---|---|
| ||
security-manager = com.example.security.MySecurityManager |
This The security-manager property identifies the class name of the SecurityManager interface implementation. SecurityManager is the new interface you will need to implement for both authentication and authorization. Make sure your class has a zero argument constructor so that we Geode can instantiate the object. See the SecurityManager javadoc for details. There is a SampleSecurityManager in the geode-core/src/main/java/org/apache/geode/security/templates directory that you can use as an example to write your own implementation.
...
4. Introduction of PostProcessor
We completely redo the way we call post processing. Now the interface is a lot simpler. Before the value is sent to the youBefore a value is returned, it gets a pass through the post processor, if there is anyone. You specify Specify your post processor with this line in your gemfire.properties file:
| Code Block | ||
|---|---|---|
| ||
security-post-processor = com.example.security.MyPostProcessor |
It is where the value is the name of the class name that implements the PostProcessor interface. Make sure your class has a zero argument constructor so that we Geode can instantiate the object. See the PostProcessor javadoc for details. You can use SamplePostProcessor as an example to write your own implementation.
Note regarding legacy implementations: We completely redo the way we call post processing; the interface is a lot simpler.
5. Operations and their corresponding ResourcePermission
...
Pulse access is divided into two main categories, namely : access to the Data Browser page and everything else.
...