Security Implementation Overview

Security Implementation Overview

Pivotal GemFire can authenticate peer system members and clients. It can also authorize cache operations on a server from clients.

You can use GemFire security for secure communication, to authorize system membership, and to authorize specific activities in the cache:
  1. Use locators for peer discovery within the distributed systems and for client discovery of servers. See Configuring Peer-to-Peer Discovery and Configuring a Client/Server System.
  2. Use consistent security settings between similar processes in a single distributed system. For example, configure all servers in a system with the same client authentication settings.
  3. Implement membership authentication. Depending on your installation and security requirements, you may use a combination of peer-to-peer and client/server settings.
  4. If you have a client/server system, implement any authorized access control your servers will use for clients attempting to access or modify the cache.
  5. If you want to use secure socket layer (SSL) protocol for your peer-to-peer and client/server connections, implement that. You can configure SSL separately for peer-to-peer, client/server, JMX, and HTTP connections.

Where to Place Security Configuration Settings

Any security-related (properties that begin with security-*) configuration properties that are normally configured in can be moved to a separate file. Placing these configuration settings in a separate file allows you to restrict access to security configuration data. This way, you can still allow read or write access for your file.

Upon startup, GemFire processes will look for the file in the following locations in order:
  • current working directory
  • user's home directory
  • classpath

If any password-related security properties are listed in the file but have a blank value, the process will prompt the user to enter a password upon startup.

Related Topics