THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
Copy the above "security.json" file into locator's and server's directory (locator1 and server1 in the example below).
Using gfsh, start a locator with security activated. In the example below, we disable peer-to-peer security for simplicity of configuration
Code Block language bash gfsh> start locator --name=locator1 \ --J=-Dgemfire.security-manager=org.apache.geode.examples.security.ExampleSecurityManager --classpath=.Similarly, start a server (you will need to provide user/password in order to join the cluster. The user needs to have cluster:manage privilege). Notice server is started with a security-manager, but since locator's cluster configuration is enabled, the security-manager setting will be distributed to the server automatically. This ensures that the entire cluster is using the same security-manager.
Code Block gfsh> start server --name=server1 --locators=localhost[10334] \ --J=-Dgemfire.security-manager=org.apache.geode.examples.security.ExampleSecurityManager --classpath=. \ --user=super-user --password=1234567Start a new instance of gfsh and connect with one of the users defined in your JSON file. The super-user should be allowed to do everything in gfsh.
Code Block gfsh> connect --locator=localhost[10334] --user=super-user --password=1234567
Disconnect and reconnect with a user with lesser privileges:
Code Block gfsh> disconnect gfsh> connect --locator=localhost[10334] --user=joebloggs --password=1234567 gfsh> stop server --name=server1 An error occurred while attempting to stop a Cache Server: Subject does not have permission [CLUSTER:READ]
- Currently, changes to the security.json file require the locator to be restarted.
...