...
The API for Authenticator and AccessControl has not changed. Your implementation implementations of those are still honored in client/server communication if you choose not to implement the new security interface. However, these two are deprecated now and will be removed in the future.
...
Code Block | ||
---|---|---|
| ||
security-manager = com.abc.security.MySecurityManager |
It is a the class implementing name that implements the SecurityManager interface. Make sure your class has a zero argument constructor so that we can call to create instantiate the object. SecurityManger is the new interface you will need to implement for both authentication and authorization. See SecurityManger javadoc for details. You can use SampleSecurityManager as an example to write your own implementation.
mention the gfsh commands to start locator/server with security
3. Introduction of GeodePermission
...
Note GeodePermission is hierarchical. If you have permission for "DATA:READ", you automatically have data read permission on all regions and all keys, i.e. you have permission for "DATA:READ:regionA". If you have permission for "DATA:READ:regionA", you automatically have data read permission on all keys in regionA, i.e, you have permission for "DATA:READ:regionA:key1".
4. Introduction of PostProcessor
We completely redo the way we call post processing. Now the interface is a lot simpler. Before the value is sent to the you, it gets a pass through the post processor if there is any. You specify your post processor with this line in your gemfire.properties file:
Code Block | ||
---|---|---|
| ||
security-post-processor = com.abc.security.MyPostProcessor |
It is the class name that implements the PostProcessor interface. Make sure your class has a zero argument constructor so that we can instantiate the object. See PostProcessor javadoc for details. You can use SamplePostProcessor as an example to write your own implementation.
5. Operations and their corresponding GeodePermission
...
...
Client-Server
Client Operations | Required GeodePermission |
---|---|
region.containsKeyOnServer(key) | DATA:READ:regionName:key |
region.destroy(key) | DATA:WRITE:regionName:key |
region.invalidate(key) | DATA:WRITE:regionName:key |
region.put(key, value) | DATA:WRITE:regionName:key |
region.get(key) | DATA:READ:regionName:key |
region.replace | |
region.putIfAbsent | |
createRegion | DATA:MANAGE |
destroyRegion | DATA:MANAGE |
executeFunction | DATA:WRITE |
executeRegionFunction | DATA:WRITE |
region.getAll | DATA:READ:regionName |
region.getEntry | DATA:READ:regionName |
region.clear | DATA:WRITE:regionName |
region.registerInterest | DATA:READ:regionName:key |
region.registerInterestRegex | DATA:READ:regionName |
region.registerInterestList | DATA:READ:regionName |
region.removeAll | DATA:WRITE:regionName |
region.unRegisterInterest | DATA:READ:regionName:key |
region.unRegisterInterestRegex | DATA:READ:regionName |
region.unRegisterInterestList | DATA:READ:regionName |
query | DATA:READ:regionName |
...