You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by ig...@apache.org on 2018/11/26 19:55:08 UTC
[geode-native] branch release/1.8 updated (af0d98e -> 32d71d1)
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a change to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git.
from af0d98e GEODE-5251: parameterize assembly info (#384)
new c146ede GEODE-4728 User Guide: Update config and getting started
new 644095f GEODE-4728 Geode NC doc improvements: flatten hierarchy for querying pages
new 0e611ce GEODE-4728: link repair
new 32a8e96 GEODE-4728: User Guide typo fixes, Diffie-Hellman
new 8ec04be GEODE-4728 Geode NC doc: Add a Security topic
new 62aafc9 GEODE-4728 Geode NC doc: Add a Security topic
new 66505ae GEODE-4728 remove deprecated 'grid-client' property
new 9456ac5 Geode-4728: User Guide - improve authentication explanation
new 5f876af GEODE-6043: Improve User Guide Authentication example
new 32d71d1 GEODE-4728 User Guide: Add Authentication submenu to left-hand nav
The 10 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../source/subnavs/geode-nc-nav.erb | 29 ++--
.../configuring/configuration.html.md.erb | 6 -
.../configuring/sysprops.html.md.erb | 20 ---
.../continuous-queries.html.md.erb | 8 +-
.../getting-started-nc-client.html.md.erb | 16 +--
.../remote-queries.html.md.erb | 0
.../security/LDAPserverauth.html.md.erb | 42 ------
docs/geode-native-docs/security/PKCS.html.md.erb | 43 ------
.../geode-native-docs/security/SampleAuth.cpp | 154 ++++++++++++---------
.../geode-native-docs/security/SampleAuth.cs | 128 ++++++++++-------
.../security/authentication-levels.html.md.erb | 38 -----
.../security/authentication.html.md.erb | 100 +++++++++++++
.../security/authforcacheserver.html.md.erb | 40 ------
.../security/caveatregionservice.html.md.erb | 43 ------
.../config-clientauthorization.html.md.erb | 30 ----
.../createsecureconnregionservice.html.md.erb | 60 --------
.../security/encrypted-auth.html.md.erb | 32 -----
.../security/handling-serv-auth-errors.html.md.erb | 24 ----
.../security/overviewauthentication.html.md.erb | 46 ------
.../overviewclientauthorization.html.md.erb | 38 -----
.../security/overviewencryptcred.html.md.erb | 59 --------
.../security/overviewsecurity.html.md.erb | 46 ------
.../security/postopauthorization.html.md.erb | 32 -----
.../security/security-systemprops.html.md.erb | 30 +---
.../security/security.html.md.erb | 38 +++++
.../security/sslclientserver.html.md.erb | 33 +++--
.../security/systempropsforauth.html.md.erb | 85 ------------
.../security/usingoperationcontext.html.md.erb | 38 -----
28 files changed, 362 insertions(+), 896 deletions(-)
rename docs/geode-native-docs/{continuous-querying => }/continuous-queries.html.md.erb (96%)
rename docs/geode-native-docs/{remote-querying => }/remote-queries.html.md.erb (100%)
delete mode 100644 docs/geode-native-docs/security/LDAPserverauth.html.md.erb
delete mode 100644 docs/geode-native-docs/security/PKCS.html.md.erb
copy examples/cpp/put-get-remove/main.cpp => docs/geode-native-docs/security/SampleAuth.cpp (55%)
copy examples/dotnet/AuthInitialize/Program.cs => docs/geode-native-docs/security/SampleAuth.cs (65%)
delete mode 100644 docs/geode-native-docs/security/authentication-levels.html.md.erb
create mode 100644 docs/geode-native-docs/security/authentication.html.md.erb
delete mode 100644 docs/geode-native-docs/security/authforcacheserver.html.md.erb
delete mode 100644 docs/geode-native-docs/security/caveatregionservice.html.md.erb
delete mode 100644 docs/geode-native-docs/security/config-clientauthorization.html.md.erb
delete mode 100644 docs/geode-native-docs/security/createsecureconnregionservice.html.md.erb
delete mode 100644 docs/geode-native-docs/security/encrypted-auth.html.md.erb
delete mode 100644 docs/geode-native-docs/security/handling-serv-auth-errors.html.md.erb
delete mode 100644 docs/geode-native-docs/security/overviewauthentication.html.md.erb
delete mode 100644 docs/geode-native-docs/security/overviewclientauthorization.html.md.erb
delete mode 100644 docs/geode-native-docs/security/overviewencryptcred.html.md.erb
delete mode 100644 docs/geode-native-docs/security/overviewsecurity.html.md.erb
delete mode 100644 docs/geode-native-docs/security/postopauthorization.html.md.erb
create mode 100644 docs/geode-native-docs/security/security.html.md.erb
delete mode 100644 docs/geode-native-docs/security/systempropsforauth.html.md.erb
delete mode 100644 docs/geode-native-docs/security/usingoperationcontext.html.md.erb
[geode-native] 03/10: GEODE-4728: link repair
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 0e611cec9d742943d409e8ddf6f303467c64b457
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Wed Nov 7 16:53:13 2018 -0800
GEODE-4728: link repair
---
docs/geode-native-docs/continuous-queries.html.md.erb | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/docs/geode-native-docs/continuous-queries.html.md.erb b/docs/geode-native-docs/continuous-queries.html.md.erb
index 05e09b0..4ef7510 100644
--- a/docs/geode-native-docs/continuous-queries.html.md.erb
+++ b/docs/geode-native-docs/continuous-queries.html.md.erb
@@ -28,7 +28,7 @@ in the *<%=vars.product_name%> User Guide*.
Continuous querying provides the following features:
-- **Standard <%=vars.product_name%> native client query syntax and semantics**. Continuous queries are expressed in the same language used for other native client queries. See [Remote Queries](../remote-querying/remote-queries.html).
+- **Standard <%=vars.product_name%> native client query syntax and semantics**. Continuous queries are expressed in the same language used for other native client queries. See [Remote Queries](remote-queries.html).
- **Standard <%=vars.product_name%> events-based management of CQ events**. The event handling used
to process CQ events is based on the standard <%=vars.product_name%> event handling framework.
@@ -37,11 +37,11 @@ to process CQ events is based on the standard <%=vars.product_name%> event handl
server-to-client messaging mechanisms to send events. All tuning of your server-to-client
messaging also tunes the messaging of your CQ events. If your system is configured for high
availability then your CQs are highly available, with seamless failover provided in case of
-server failure (see [High Availability for Client-to-Server Communication](../preserving-data/high-availability-client-server.html)).
-If your clients are durable, you can also define any of your CQs as durable (see [Durable Client Messaging](../preserving-data/durable-client-messaging.html)).
+server failure (see [High Availability for Client-to-Server Communication](preserving-data/high-availability-client-server.html)).
+If your clients are durable, you can also define any of your CQs as durable (see [Durable Client Messaging](preserving-data/durable-client-messaging.html)).
- **Interest criteria based on data values**. Continuous queries are run against the region's entry values.
-Compare this to register interest by reviewing [Registering Interest for Entries](../client-cache/registering-interest-for-entries.html).
+Compare this to register interest by reviewing [Registering Interest for Entries](client-cache/registering-interest-for-entries.html).
- **Active query execution**. Once initialized, the queries operate only on new events, rather than on the entire region data set.
Events that change the query result are sent to the client immediately.
[geode-native] 06/10: GEODE-4728 Geode NC doc: Add a Security topic
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 62aafc91d1d6519e0b769d4929413fac2209d304
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Fri Nov 9 16:08:31 2018 -0800
GEODE-4728 Geode NC doc: Add a Security topic
---
.../source/subnavs/geode-nc-nav.erb | 2 +-
.../configuring/sysprops.html.md.erb | 15 ----
.../security/LDAPserverauth.html.md.erb | 42 ----------
docs/geode-native-docs/security/PKCS.html.md.erb | 43 ----------
docs/geode-native-docs/security/SampleAuth.cs | 77 ++++++++++++++++++
.../security/authentication-levels.html.md.erb | 36 ---------
.../security/authentication.html.md.erb | 93 ++++++++++++++++++++++
.../security/authforcacheserver.html.md.erb | 40 ----------
.../security/caveatregionservice.html.md.erb | 43 ----------
.../config-clientauthorization.html.md.erb | 30 -------
.../createsecureconnregionservice.html.md.erb | 60 --------------
.../security/encrypted-auth.html.md.erb | 32 --------
.../security/handling-serv-auth-errors.html.md.erb | 24 ------
.../security/overviewauthentication.html.md.erb | 39 ---------
.../overviewclientauthorization.html.md.erb | 38 ---------
.../security/overviewencryptcred.html.md.erb | 59 --------------
.../security/overviewsecurity.html.md.erb | 46 -----------
.../security/postopauthorization.html.md.erb | 32 --------
.../security/security-systemprops.html.md.erb | 26 +-----
.../security/security.html.md.erb | 24 +++---
.../security/sslclientserver.html.md.erb | 21 +++--
.../security/systempropsforauth.html.md.erb | 85 --------------------
.../security/usingoperationcontext.html.md.erb | 38 ---------
23 files changed, 199 insertions(+), 746 deletions(-)
diff --git a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
index 815b2f8..f654fb4 100644
--- a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
+++ b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
@@ -74,7 +74,7 @@ limitations under the License.
</li>
<li>
- <a href="/docs/geode-native/<%=vars.product_version_nodot%>/security/security.html">Security</a>
+ <a href="/docs/geode-native/<%=vars.product_version_nodot%>/security/security.html">Security: Authentication and Encryption</a>
</li>
<li>
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/transactions/transactions.html">Transactions</a>
diff --git a/docs/geode-native-docs/configuring/sysprops.html.md.erb b/docs/geode-native-docs/configuring/sysprops.html.md.erb
index 1d20f5f..b319b0d 100644
--- a/docs/geode-native-docs/configuring/sysprops.html.md.erb
+++ b/docs/geode-native-docs/configuring/sysprops.html.md.erb
@@ -272,21 +272,6 @@ See [SSL Client/Server Communication](../security/sslclientserver.html).
<td>null</td>
</tr>
<tr class="odd">
-<td><code class="ph codeph">security-client-kspasswd</code></td>
-<td>Password for the public key file store on the client.</td>
-<td></td>
-</tr>
-<tr class="odd">
-<td><code class="ph codeph">security-alias</code></td>
-<td>Alias name for the key in the keystore.</td>
-<td></td>
-</tr>
-<tr class="even">
-<td><code class="ph codeph">security-keystorepass</code></td>
-<td>Sets the password for the password-protected keystore.</td>
-<td></td>
-</tr>
-<tr class="odd">
<td><code class="ph codeph">ssl-enabled</code></td>
<td>True if SSL connection support is enabled.</td>
<td>empty</td>
diff --git a/docs/geode-native-docs/security/LDAPserverauth.html.md.erb b/docs/geode-native-docs/security/LDAPserverauth.html.md.erb
deleted file mode 100644
index 4f31ef3..0000000
--- a/docs/geode-native-docs/security/LDAPserverauth.html.md.erb
+++ /dev/null
@@ -1,42 +0,0 @@
----
-title: Using an LDAP Server for Client Authentication
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-An LDAP server can be used by a <%=vars.product_name%> cache server using the sample LDAP implementation provided in the server distribution.
-
-See [Security](geodeman/managing/security/chapter_overview.html#security) in the server manual to verify authentication credentials for clients attempting to connect to the cache servers and sending user name and passwords using the sample UserPassword scheme.
-
-**Note:**
-The user name and password with this sample implementation is sent out in plaintext. For better security, either turn on credential encryption using Diffie-Hellman key exchange, or use a scheme like PKCS.
-
-When a client initiates a connection to a cache server, the client submits its credentials to the server and the server submits those credentials to the LDAP server. To be authenticated, the credentials for the client need to match one of the valid entries in the LDAP server. The credentials can consist of the entry name and the corresponding password. If the submitted credentials result in a connection to the LDAP server because the credentials match the appropriate LDAP entries, then t [...]
-
-**Configuration Settings**
-
-In the `geode.properties` file for the client, specify the `UserPasswordAuthInit` callback, the user name, and the password, like this:
-
-``` pre
-security-client-auth-library=securityImpl
-security-client-auth-factory=createUserPasswordAuthInitInstance
-security-username=<username>
-security-password=<password>
-```
-
-For server side settings and LDAP server configuration, see the server's security documentation.
diff --git a/docs/geode-native-docs/security/PKCS.html.md.erb b/docs/geode-native-docs/security/PKCS.html.md.erb
deleted file mode 100644
index ae4be30..0000000
--- a/docs/geode-native-docs/security/PKCS.html.md.erb
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Using PKCS for Encrypted Authentication
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-This section discusses the concepts and configurations for the sample UserPassword and PKCS implementations. Descriptions of their interfaces, classes, and methods are available in the API.
-
-**Note:**
-Native client samples are provided in source form only in the "templates" directory within the product directory.
-
-With PKCS, clients send encrypted authentication credentials in the form of standard PKCS signatures to a <%=vars.product_name%> cache server when they connect to the server. The credentials consist of the alias name and digital signature created using the private key that is retrieved from the provided keystore. The server uses a corresponding public key to decrypt the credentials. If decryption is successful then the client is authenticated and it connects to the cache server. For unsu [...]
-
-When clients require authentication to connect to a cache server, they use the `PKCSAuthInit` class implementing the `AuthInitialize` interface to obtain their credentials. For the PKCS sample provided by <%=vars.product_name%>, the credentials consist of an alias and an encrypted byte array. The private key is obtained from the PKCS\#12 keystore file. To accomplish this,` PKCSAuthInit` gets the alias retrieved from the `security-alias `property, and the keystore path from the `security- [...]
-
-**The securityImpl Library**
-
-To use the PKCS sample implementation, you need to build OpenSSL and then build the securityImpl library. In the `geode.properties `file for the client, specify the `PKCSAuthInit` callback, the keystore path, the security alias, and the keystore password, like this:
-
-``` pre
-security-client-auth-library=securityImpl
-security-client-auth-factory=createPKCSAuthInitInstance
-security-keystorepath=<PKCS#12 keystore path>
-security-alias=<alias>
-security-keystorepass=<keystore password>
-```
-
-For server side settings and PKCS configuration, see the server's security documentation.
diff --git a/docs/geode-native-docs/security/SampleAuth.cs b/docs/geode-native-docs/security/SampleAuth.cs
new file mode 100644
index 0000000..4b7181e
--- /dev/null
+++ b/docs/geode-native-docs/security/SampleAuth.cs
@@ -0,0 +1,77 @@
+/*
+* Licensed to the Apache Software Foundation (ASF) under one or more
+* contributor license agreements. See the NOTICE file distributed with
+* this work for additional information regarding copyright ownership.
+* The ASF licenses this file to You under the Apache License, Version 2.0
+* (the "License"); you may not use this file except in compliance with
+* the License. You may obtain a copy of the License at
+*
+* http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+
+using System;
+using Apache.Geode.Client;
+
+namespace Apache.Geode.Examples.AuthInitialize
+{
+ class Program
+ {
+ static void Main(string[] args)
+ {
+ var cacheFactory = new CacheFactory()
+ .Set("log-level", "none")
+ .SetAuthInitialize(new ExampleAuthInitialize());
+
+ var cache = cacheFactory.Create();
+ var poolFactory = cache.GetPoolFactory()
+ .AddLocator("localhost", 10334);
+ poolFactory.Create("pool");
+ var regionFactory = cache.CreateRegionFactory(RegionShortcut.PROXY)
+ .SetPoolName("pool");
+ var region = regionFactory.Create<string, string>("region");
+
+ region["a"] = "1";
+ region["b"] = "2";
+
+ var a = region["a"];
+ var b = region["b"];
+
+ Console.Out.WriteLine("a = " + a);
+ Console.Out.WriteLine("b = " + b);
+
+ cache.Close();
+ }
+ }
+
+ class ExampleAuthInitialize : IAuthInitialize
+ {
+ public ExampleAuthInitialize()
+ {
+ // TODO initialize your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
+ }
+
+ public void Close()
+ {
+ // TODO close your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::Close called");
+ }
+
+ public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
+ {
+ // TODO get your username and password
+ Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
+
+ var credentials = new Properties<string, object>();
+ credentials.Insert("username", "john");
+ credentials.Insert("password", "secret");
+ return credentials;
+ }
+ }
+}
diff --git a/docs/geode-native-docs/security/authentication-levels.html.md.erb b/docs/geode-native-docs/security/authentication-levels.html.md.erb
deleted file mode 100644
index a7501b5..0000000
--- a/docs/geode-native-docs/security/authentication-levels.html.md.erb
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: Process and Multiuser Authentication
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-Client connections can be authenticated at two levels, process and multiuser.
-
-- **Process**. Each pool creates a configured minimum number of connections across the server group. The pool accesses the least-loaded server for each cache operation.
-
- Process-level connections represent the overall client process and are the standard way a client accesses the server cache.
-
-- **Multi-user**. Each user/pool pair creates a connection to one server and then sticks with it for operations. If the server is unable to respond to a request, the pool selects a new one for the user.
-
- Typically, application servers or web servers that act as clients to <%=vars.product_name%> servers make multi-user connections. Multi-user allows a single application or web server process to service a large number of users with varied access permissions.
-
-By default, server pools use process-level authentication. Enable multi-user authentication by setting a pool's `multi-user-secure-mode-enabled` attribute to `true`.
-
-<img src="../common/images/security-client-connections.gif" id="security__image_85B98E185AD84C59AC22974A63080559" class="image" />
-
-Credentials can be sent in encrypted form using the Diffie-Hellman key exchange algorithm. See [Encrypt Credentials with Diffie-Hellman](overviewencryptcred.html#security) for more information.
diff --git a/docs/geode-native-docs/security/authentication.html.md.erb b/docs/geode-native-docs/security/authentication.html.md.erb
new file mode 100644
index 0000000..098527b
--- /dev/null
+++ b/docs/geode-native-docs/security/authentication.html.md.erb
@@ -0,0 +1,93 @@
+---
+title: Authentication
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+A client is authenticated when it connects, with valid credentials, to a <%=vars.product_name%> cache server that is configured with the client `Authenticator` callback.
+
+Examples of various implementations can be found in the Native Client source distribution's `../templates/security`` directory.
+
+An `AuthenticationRequiredException` is thrown when the server is configured with security and the
+client does not present its credentials while attempting to connect.
+
+The following excerpts are taken from the .NET example provided with your Native Client distribution in the `../examples/dotnet/AuthInitialize` directory.
+
+```cs
+using System;
+using Apache.Geode.Client;
+
+namespace Apache.Geode.Examples.AuthInitialize
+{
+ class Program
+ {
+ static void Main(string[] args)
+ {
+ var cacheFactory = new CacheFactory()
+ .Set("log-level", "none")
+ .SetAuthInitialize(new ExampleAuthInitialize());
+
+ var cache = cacheFactory.Create();
+ var poolFactory = cache.GetPoolFactory()
+ .AddLocator("localhost", 10334);
+ poolFactory.Create("pool");
+ var regionFactory = cache.CreateRegionFactory(RegionShortcut.PROXY)
+ .SetPoolName("pool");
+ var region = regionFactory.Create<string, string>("region");
+
+ region["a"] = "1";
+ region["b"] = "2";
+
+ var a = region["a"];
+ var b = region["b"];
+
+ Console.Out.WriteLine("a = " + a);
+ Console.Out.WriteLine("b = " + b);
+
+ cache.Close();
+ }
+ }
+
+ class ExampleAuthInitialize : IAuthInitialize
+ {
+ public ExampleAuthInitialize()
+ {
+ // TODO initialize your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
+ }
+
+ public void Close()
+ {
+ // TODO close your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::Close called");
+ }
+
+ public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
+ {
+ // TODO get your username and password
+ Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
+
+ var credentials = new Properties<string, object>();
+ credentials.Insert("username", "john");
+ credentials.Insert("password", "secret");
+ return credentials;
+ }
+ }
+}
+
+```
diff --git a/docs/geode-native-docs/security/authforcacheserver.html.md.erb b/docs/geode-native-docs/security/authforcacheserver.html.md.erb
deleted file mode 100644
index 43713de..0000000
--- a/docs/geode-native-docs/security/authforcacheserver.html.md.erb
+++ /dev/null
@@ -1,40 +0,0 @@
----
-title: Configuring Authentication by the Cache Server
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-When the cache server receives client credentials during the handshake operation, the server authenticates the client with the callback configured in the `security-client-authenticator` system property. The handshake succeeds or fails depending on the results of the authentication process.
-
-Here is an example of how you could configure `security-client-authenticator` in the `geode.properties` file:
-
-``` pre
-security-client-authenticator=templates.security.PKCSAuthenticator.create
-```
-
-In the preceding configuration sample, `PKCSAuthenticator` is the callback class implementing the `Authenticator` interface and `create` is its factory method.
-
-The following example shows an implementation of the static `create` method:
-
-``` pre
-public static Authenticator create() {
- return new PKCSAuthenticator();
-}
-```
-
-
diff --git a/docs/geode-native-docs/security/caveatregionservice.html.md.erb b/docs/geode-native-docs/security/caveatregionservice.html.md.erb
deleted file mode 100644
index d8b8463..0000000
--- a/docs/geode-native-docs/security/caveatregionservice.html.md.erb
+++ /dev/null
@@ -1,43 +0,0 @@
----
-title: Requirements and Caveats for RegionService
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-For each region, you can perform operations through the `Cache` instance or the `RegionService` instances, but not both.
-
-**Note:**
-Through the `Cache` you can create a region that uses a pool configured for multi-user authentication, then access and do work on the region using your `RegionService` instances.
-
-To use `RegionService`:
-
-- Configure regions as EMPTY. Depending on your data access requirements, this configuration might affect performance, because the client goes to the server for every `get`.
-- If you are running durable CQs through the region services, stop and start the offline event storage for the client as a whole. The server manages one queue for the entire client process, so you need to request the stop and start of durable client queue (CQ) event messaging for the cache as a whole, through the ClientCache instance. If you closed the `RegionService` instances, event processing would stop, but the events from the server would continue, and would be lost.
-
- Stop with:
-
- ``` pre
- cachePtr->close(true);
- ```
-
- Start up again in this order:
- 1. Create the cache.
- 2. Create all region service instances. Initialize CQ listeners.
- 3. Call the cache `readyForEvents` method.
-
-
diff --git a/docs/geode-native-docs/security/config-clientauthorization.html.md.erb b/docs/geode-native-docs/security/config-clientauthorization.html.md.erb
deleted file mode 100644
index 0a73159..0000000
--- a/docs/geode-native-docs/security/config-clientauthorization.html.md.erb
+++ /dev/null
@@ -1,30 +0,0 @@
----
-title: Configuring Client Authorization
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-You can configure authorization on a per-client basis for various cache operations such as create, get, put, query invalidations, interest registration, and region destroys. On the server side, the `securityclient-accessor` system property in the server’s `gemfire.properties` file specifies the authorization callback.
-
-For example:
-
-`security-client-accessor=templates.security.XmlAuthorization.create`
-
-In this system property setting, `XmlAuthorization` is the callback class that implements the `AccessControl` interface. The `XmlAuthorization` sample implementation provided with Geode expects an XML file that defines authorization privileges for the clients. For details of this sample implementation and the `AccessControl` interface, see the [Authorization Example](../../managing/security/authorization_example.html#authorization_example).
-
-
diff --git a/docs/geode-native-docs/security/createsecureconnregionservice.html.md.erb b/docs/geode-native-docs/security/createsecureconnregionservice.html.md.erb
deleted file mode 100644
index 563dcd4..0000000
--- a/docs/geode-native-docs/security/createsecureconnregionservice.html.md.erb
+++ /dev/null
@@ -1,60 +0,0 @@
----
-title: Creating Multiple Secure User Connections
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-To create multiple, secure connections to your servers from a single client, so the client can service different user types, you create an authenticated `RegionService` for each user.
-
-Typically, a <%=vars.product_name%> client embedded in an application server supports data requests from many users. Each user can be authorized to access a subset of data on the servers. For example, customer users are allowed to see and update only their own orders and shipments.
-
-The authenticated users all access the same Cache through instances of the `RegionService` interface. See [RegionService](../client-cache/caching-apis.html#caching-apis__section_8F81996678B64BBE94EF352527F7F006).
-
-To implement multiple user connections in your client cache, create your Cache as usual, with these additions:
-
-1. Configure your client’s server pool for multiple secure user authentication. Example:
-
- ``` pre
- <pool name="serverPool" multiuser-authentication="true">
- <locator host="host1" port="44444"/>
- </pool>
- ```
-
- This enables access through the pool for the `RegionService` instances and disables it for the Cache instance.
-
-2. After you create your cache, for each user, call your Cache instance `createAuthenticatedView` method, providing the user’s particular credentials. These are create method calls for two users:
-
- ``` pre
- PropertiesPtr credentials1 = Properties::create();
- credentials1->insert("security-username", "root1");
- credentials1->insert("security-password", "root1");
- RegionServicePtr userCache1 = cachePtr->createAuthenticatedView(credentials1);
-
- PropertiesPtr credentials2 = Properties::create();
- credentials2->insert("security-username", "root2");
- credentials2->insert("security-password", "root2");
- RegionServicePtr userCache2 = cachePtr->createAuthenticatedView(credentials2);
- ```
-
- For each user, do all of your caching and region work through the assigned region service pointer. Use the region service to get your regions, and the query service, if you need that, and then do your work with them. Access to the server cache will be governed by the server’s configured authorization rules for each individual user.
-
-3. To close your cache, close the Cache instance.
-
-- **[Requirements and Caveats for RegionService](caveatregionservice.html)**
-
-
diff --git a/docs/geode-native-docs/security/encrypted-auth.html.md.erb b/docs/geode-native-docs/security/encrypted-auth.html.md.erb
deleted file mode 100644
index fe08234..0000000
--- a/docs/geode-native-docs/security/encrypted-auth.html.md.erb
+++ /dev/null
@@ -1,32 +0,0 @@
----
-title: Encrypted Authentication
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-You can set up encrypted authentication using Diffie-Hellman or the sample PKCS implementation.
-
-- **[Encrypt Credentials with Diffie-Hellman](overviewencryptcred.html)**
-
- For secure transmission of sensitive credentials like passwords, encrypt credentials using the Diffie-Hellman key exchange algorithm. With Diffie-Hellman enabled, you can have your client authenticate its servers.
-
-- **[Using PKCS for Encrypted Authentication](PKCS.html)**
-
- This section discusses the concepts and configurations for the sample UserPassword and PKCS implementations. Descriptions of their interfaces, classes, and methods are available in the API.
-
-
diff --git a/docs/geode-native-docs/security/handling-serv-auth-errors.html.md.erb b/docs/geode-native-docs/security/handling-serv-auth-errors.html.md.erb
deleted file mode 100644
index 9294684..0000000
--- a/docs/geode-native-docs/security/handling-serv-auth-errors.html.md.erb
+++ /dev/null
@@ -1,24 +0,0 @@
----
-title: Server Authentication Errors
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-An `AuthenticationRequiredException` is thrown when the server is configured with security and the client does not present its credentials while attempting to connect. This can occur if the `securityclient-auth-factory` and `security-client-auth-library` properties are not configured on the client.
-
-
diff --git a/docs/geode-native-docs/security/overviewauthentication.html.md.erb b/docs/geode-native-docs/security/overviewauthentication.html.md.erb
deleted file mode 100644
index 70ee2af..0000000
--- a/docs/geode-native-docs/security/overviewauthentication.html.md.erb
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: Authentication
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-A client is authenticated when it connects, with valid credentials, to a <%=vars.product_name%> cache server that is configured with the client `Authenticator` callback.
-
-Once the client is authenticated, the server assigns the client a unique ID and principal, used to authorize operations. The client must trust all cache servers in the server system as it may connect to any one of them.
-
-- **[Configuring Credentials for Authentication](systempropsforauth.html)**
-
- The native client uses system properties to acquire valid credentials for authentication by the server. You define these properties in the `geode.properties` file, which the native client accesses during startup.
-
-- **[Configuring Authentication by the Cache Server](authforcacheserver.html)**
-
- When the cache server receives client credentials during the handshake operation, the server authenticates the client with the callback configured in the `security-client-authenticator` system property. The handshake succeeds or fails depending on the results of the authentication process.
-
-- **[Server Authentication Errors](handling-serv-auth-errors.html)**
-
-- **[Creating Multiple Secure User Connections](createsecureconnregionservice.html)**
-
- To create multiple, secure connections to your servers from a single client, so the client can service different user types, you create an authenticated `RegionService` for each user.
-
diff --git a/docs/geode-native-docs/security/overviewclientauthorization.html.md.erb b/docs/geode-native-docs/security/overviewclientauthorization.html.md.erb
deleted file mode 100644
index f2127a9..0000000
--- a/docs/geode-native-docs/security/overviewclientauthorization.html.md.erb
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Client Authorization
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-Using a provided callback that implements the `AccessControl` interface, you can configure each server to authorize some or all cache operations.
-
-The callback can also modify or even disallow the data being provided by the client in the operation, such as a put or a `putAll` operation. The callback can also register itself as a post-processing filter that is passed operation results like `get`, `getAll`, and `query`.
-
-- **[Configuring Client Authorization](config-clientauthorization.html)**
-
- You can configure authorization on a per-client basis for various cache operations such as create, get, put, query invalidations, interest registration, and region destroys. On the server side, the `securityclient-accessor` system property in the server’s `geode.properties` file specifies the authorization callback.
-
-- **[Post-Operative Authorization](postopauthorization.html)**
-
- Authorization in the post-operation phase occurs on the server after the operation is complete and before the results are sent to the client.
-
-- **[Determining Pre- or Post-Operation Authorization](usingoperationcontext.html)**
-
- The `OperationContext` object that is passed to the `authorizeOperation` method of the callback as the second argument provides an `isPostOperation` method that returns true when the callback is invoked in the post-operation phase.
-
-
diff --git a/docs/geode-native-docs/security/overviewencryptcred.html.md.erb b/docs/geode-native-docs/security/overviewencryptcred.html.md.erb
deleted file mode 100644
index 2ca30a1..0000000
--- a/docs/geode-native-docs/security/overviewencryptcred.html.md.erb
+++ /dev/null
@@ -1,59 +0,0 @@
----
-title: Encrypt Credentials with Diffie-Hellman
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-For secure transmission of sensitive credentials such as passwords, encrypt credentials using the Diffie-Hellman key exchange algorithm. With Diffie-Hellman enabled, you can have your client authenticate its servers.
-
-## <a id="security__section_1BB8F13C7ACB44668FF337F59A3BA5AE" class="no-quick-link"></a>Enabling Diffie-Hellman
-
-Set the `security-client-dhalgo` system property in the `geode.properties` file to the password for the public key file store on the client (the name of a valid symmetric key cipher supported by the JDK).
-
-Valid `security-client-dhalgo` property values are `DESede`, `AES`, and `Blowfish`, which enable the Diffie-Hellman algorithm with the specified cipher to encrypt the credentials.
-
-For the `AES` and `Blowfish` algorithms, optionally specify the key size for the `security-client-dhalgo` property. Valid key size settings for the `AES` algorithm are `AES:128`, `AES:192`, and `AES:256`. The colon separates the algorithm name and the key size. For the `Blowfish` algorithm, key sizes from 128 to 448 bits are supported. For example:
-
-``` pre
-security-client-dhalgo=Blowfish:128
-```
-
-For `AES` algorithms, you may need Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files from Sun or equivalent for your JDK.
-
-Adding settings for Diffie-Hellman on clients also enables challenge response from server to client in addition to encryption of credentials using the exchanged key to avoid replay attacks from clients to servers. Clients can also enable authentication of servers, with challenge-response from client to server to avoid server-side replay attacks.
-
-## <a id="security__section_F881653044EC4AB5BE88F673890F2A40" class="no-quick-link"></a>Client Authentication of Server
-
-With Diffie-Hellman enabled, you can have your client authenticate its servers.
-
-1. Generate a `.pem` file for each pkcs12 keystore:
-
- 1. Enter this command from a pkcs12 file or a pkcs keystore: <a id="security__fig_3CAFDE3CB29348A19AF3BE3591AFA2F7"></a>
-
- ``` pre
- user@host: ~> openssl pkcs12 -nokeys -in <keystore/pkcs12 file> -out <outputfilename.pem >
- ```
-
- 2. Concatenate the generated .pem files into a single .pem file. You will use this file name in the next step.
-
-2. In the `geode.properties` file:
-
- 1. Set `security-client-kspath` to the file name of the `.pem` file password for the public key file store on the client.
- 2. Set `security-client-kspasswd` to the password for the public key file store on the client.
-
-
diff --git a/docs/geode-native-docs/security/overviewsecurity.html.md.erb b/docs/geode-native-docs/security/overviewsecurity.html.md.erb
deleted file mode 100644
index a965c5e..0000000
--- a/docs/geode-native-docs/security/overviewsecurity.html.md.erb
+++ /dev/null
@@ -1,46 +0,0 @@
----
-title: Security
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-*Security* describes how to implement the security framework for the <%=vars.product_name%> native client, including authentication, authorization, encryption, and SSL client/server communication.
-
-The security framework authenticates clients that attempt to connect to a <%=vars.product_name%> cache server and authorizes client cache operations. You can also configure it for client authentication of servers, and you can plug in your own implementations for authentication and authorization.
-
-- **[Authentication](overviewauthentication.html)**
-
- A client is authenticated when it connects, with valid credentials, to a <%=vars.product_name%> cache server that is configured with the client `Authenticator` callback.
-
-- **[Encrypted Authentication](encrypted-auth.html)**
-
- You can set up encrypted authentication using Diffie-Hellman or the sample PKCS implementation.
-
-- **[Client Authorization](overviewclientauthorization.html)**
-
- Using a provided callback that implements the `AccessControl` interface, you can configure each server to authorize some or all cache operations.
-
-- **[Security-Related System Properties (geode.properties)](security-systemprops.html)**
-
- The table describes the security-related system properties in the `geode.properties` file for native client authentication and authorization.
-
-- **[SSL Client/Server Communication](sslclientserver.html)**
-
- This section describes how to configure OpenSSL; implement SSL-based communication between your clients and servers; and run clients and servers with SSL enabled.
-
-
diff --git a/docs/geode-native-docs/security/postopauthorization.html.md.erb b/docs/geode-native-docs/security/postopauthorization.html.md.erb
deleted file mode 100644
index 663eece..0000000
--- a/docs/geode-native-docs/security/postopauthorization.html.md.erb
+++ /dev/null
@@ -1,32 +0,0 @@
----
-title: Post-Operative Authorization
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-Authorization in the post-operation phase occurs on the server after the operation is complete and before the results are sent to the client.
-
-The callback can modify the results of certain operations, such as `query`, `get` and `keySet`, or even completely disallow the operation. For example, a post-operation callback for a query operation can filter out sensitive data or data that the client should not receive, or even completely fail the operation.
-
-The `security-client-accessor-pp` system property in the server’s `gemfire.properties` file specifies the callback to invoke in the post-operation phase. For example:
-
-``` pre
-security-client-accessor-pp=templates.security.XmlAuthorization.create
-```
-
-
diff --git a/docs/geode-native-docs/security/security-systemprops.html.md.erb b/docs/geode-native-docs/security/security-systemprops.html.md.erb
index 3197a76..81eba0e 100644
--- a/docs/geode-native-docs/security/security-systemprops.html.md.erb
+++ b/docs/geode-native-docs/security/security-systemprops.html.md.erb
@@ -24,21 +24,13 @@ The table describes the security-related system properties in the `geode.propert
<a id="security__section_6DC4C72A2EEB432AA40DE97D438FD1E7"></a><a id="security__table_92A6A66523764199A19BCD66BA189921"></a>
<table>
-<caption><span class="tablecap">Table 1. System Properties for Client Authentication and Authorization</span></caption>
+<caption><span class="tablecap">System Properties for Client Authentication and Authorization</span></caption>
<colgroup>
<col width="50%" />
<col width="50%" />
</colgroup>
<tbody>
<tr class="odd">
-<td><code class="ph codeph">security-client-auth-factory</code></td>
-<td>Sets the key for the <code class="ph codeph">AuthInitialize</code> factory function.</td>
-</tr>
-<tr class="even">
-<td><code class="ph codeph">security-client-auth-library</code></td>
-<td>Registers the path to the <code class="ph codeph">securityImpl.dll</code> library.</td>
-</tr>
-<tr class="odd">
<td><code class="ph codeph">security-client-dhalgo</code></td>
<td>Returns the Diffie-Hellman secret key cipher algorithm.</td>
</tr>
@@ -47,24 +39,12 @@ The table describes the security-related system properties in the `geode.propert
<td>Path to a .pem file, which contains the public certificates for all <%=vars.product_name%> cache servers to which the client can connect through specified endpoints.</td>
</tr>
<tr class="odd">
-<td><code class="ph codeph">security-client-kspasswd</code></td>
-<td>Password for the public key file store on the client.</td>
-</tr>
-<tr class="odd">
-<td><code class="ph codeph">security-alias</code></td>
-<td>Alias name for the key in the keystore.</td>
-</tr>
-<tr class="even">
-<td><code class="ph codeph">security-keystorepass</code></td>
-<td>Sets the password for the password-protected keystore.</td>
-</tr>
-<tr class="odd">
<td><code class="ph codeph">ssl-enabled</code></td>
<td>True if SSL connection support is enabled.</td>
</tr>
<tr class="even">
<td><code class="ph codeph">ssl-keystore</code></td>
-<td>Name of the .PEM keystore file, containing the client’s private key. Not set by default. Required if <code class="ph codeph">ssl-enabled</code> is true.</td>
+<td>Name of the .pem keystore file, containing the client’s private key. Not set by default. Required if <code class="ph codeph">ssl-enabled</code> is true.</td>
</tr>
<tr class="odd">
<td><code class="ph codeph">ssl-keystore-password</code></td>
@@ -72,7 +52,7 @@ The table describes the security-related system properties in the `geode.propert
</tr>
<tr class="even">
<td><code class="ph codeph">ssl-truststore</code></td>
-<td><p>Name of the .PEM truststore file, containing the servers’ public certificate. Not set by default. Required if <code class="ph codeph">ssl-enabled</code> is true</p></td>
+<td><p>Name of the .pem truststore file, containing the servers’ public certificate. Not set by default. Required if <code class="ph codeph">ssl-enabled</code> is true</p></td>
</tr>
</tbody>
</table>
diff --git a/docs/geode-native-docs/security/security.html.md.erb b/docs/geode-native-docs/security/security.html.md.erb
index e63e280..3bbcc61 100644
--- a/docs/geode-native-docs/security/security.html.md.erb
+++ b/docs/geode-native-docs/security/security.html.md.erb
@@ -1,5 +1,5 @@
---
-title: Security
+title: Security: Authentication and Encryption
---
<!--
@@ -19,22 +19,20 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
-The security framework authenticates clients as they connect to a <%=vars.product_name%> cache server and authorizes client cache operations. You can also configure it for client authentication of servers, and you can plug in your own implementations for authentication and authorization.
+Most security configuration takes place on the <%=vars.product_name%> server. The server's security
+framework authenticates clients as they connect to a cache server and authorizes client cache
+operations using developer-provided implementations for authentication and authorization.
-For an explanation of the server-side implementation of security, see [Security](geodeman/managing/security/chapter_overview.html) in the *<%=vars.product_name%> User Guide*.
+For an explanation of the server-side implementation of security features,
+see [Security](geodeman/managing/security/chapter_overview.html) in the *<%=vars.product_name%> User Guide*.
-The following sections describe some client-specific security considerations:
+A Native Client application must address two security concerns when connecting to a <%=vars.product_name%> server:
-- **Authentication**
+- **[Authentication](authentication.html)**
- Geode Native requires providing an authentication implementation. Examples of these implementations can be found in /templates/security. Build and link the implementation and set the implementation’s properties on the cache.
+ The Client must submit its authentication credentials to the server using the developer-provided authentication implementation expected by the server.
-- **[Security-Related System Properties](security-systemprops.html)**
-
- The table describes the security-related system properties in the `geode.properties` file for native client authentication and authorization.
-
-- **[SSL Client/Server Communication](sslclientserver.html)**
-
- This section describes how to configure OpenSSL, implement SSL-based communication between your clients and servers, and run clients and servers with SSL enabled.
+- **[TLS/SSL Client/Server Communication Encryption](sslclientserver.html)**
+ Communication between client and server must be encrypted so authentication credentials and other transmissions cannot be viewed by third-parties.
diff --git a/docs/geode-native-docs/security/sslclientserver.html.md.erb b/docs/geode-native-docs/security/sslclientserver.html.md.erb
index d97cc76..a84d28c 100644
--- a/docs/geode-native-docs/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs/security/sslclientserver.html.md.erb
@@ -1,5 +1,5 @@
---
-title: SSL Client/Server Communication
+title: TLS/SSL Client-Server Communication Encryption
---
<!--
@@ -19,18 +19,25 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
-This section describes how to configure OpenSSL, implement SSL-based communication between your clients and servers, and run clients and servers with SSL enabled.
+This section describes how to implement TLS-based communication between your clients and servers using the OpenSSL encryption utility.
# Set Up OpenSSL
-The open-source OpenSSL toolkit provides a full-strength general purpose cryptography library to operate along with the PKCS sample implementation for encrypted authentication of native client credentials.
+The open-source OpenSSL toolkit provides a full-strength general purpose cryptography library for encrypting client-server communications.
Download and install OpenSSL 1.1.1 for your specific operating system.
-For Windows platforms, you can use either the regular or the "Light" version.
-**Note for Windows users:** If you use Cygwin, do not use the OpenSSL library that comes with
-Cygwin, which is built with `cygwin.dll` as a dependency. Instead, download a fresh copy from
-OpenSSL as described in the following section.
+**Notes for Windows users:**
+
+- For Windows platforms, you can use either the regular or the "Light" version of SSL.
+
+- Use a 64-bit implementation of OpenSSL.
+
+- If you use Cygwin, do not use the OpenSSL library that comes with Cygwin, which is built with
+`cygwin.dll` as a dependency. Instead, download a fresh copy from OpenSSL.
+
+- For many Windows applications, the most convenient way to install OpenSSL is to use `choco` (see [chocolatey.org] (https://chocolatey.org/packages/OpenSSL.Light)) to install the “Light” version of OpenSSL.
+
## Step 1. Create keystores
diff --git a/docs/geode-native-docs/security/systempropsforauth.html.md.erb b/docs/geode-native-docs/security/systempropsforauth.html.md.erb
deleted file mode 100644
index 5cbc80a..0000000
--- a/docs/geode-native-docs/security/systempropsforauth.html.md.erb
+++ /dev/null
@@ -1,85 +0,0 @@
----
-title: Configuring Credentials for Authentication
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-The client uses system properties to acquire valid credentials for authentication by the server. You define these properties in the `geode.properties` file, which the client accesses during startup.
-
-## <a id="security__section_E1835A3B22D44D47A4C9DB54A3590B71" class="no-quick-link"></a>security-client-auth-factory
-
-System property for the factory function of the class implementing the `AuthInitialize` interface (`IAuthInitialize` in .NET). The .NET clients can load both C++ and .NET implementations. For .NET implementations, this property is the fully qualified name of the static factory function (including the namespace and class).
-
-## <a id="security__section_15C6689C363B469B947B177E1DE73208" class="no-quick-link"></a>security-client-auth-library
-
-System property for the library where the factory methods reside. The library is loaded explicitly and the factory functions are invoked dynamically, returning an object of the class implementing the `AuthInitialize` interface.
-
-Other implementations of the `AuthInitialize` interface may be required to build credentials using properties that are also passed as system properties. These properties also start with the security- prefix. For example, the PKCS implementation requires an alias name and the corresponding keystore path, which are specified as `security-alias` and `security-keystorepath`, respectively. Similarly, `UserPasswordAuthInit `requires a username specified in `security-username`, and the correspo [...]
-
-The `getCredentials` function for the `AuthInitialize` interface is called to obtain the credentials. All system properties starting with security- are passed to this callback as the first argument to the `getCredentials` function, using this prototype:
-
-`PropertiesPtr getCredentials(PropertiesPtr& securityprops, const char *server);`
-
-## <a id="security__section_869DD42F1B23450D9425712EBBD5CB1C" class="no-quick-link"></a>Implementing the Factory Method for Authentication (C++ and .NET)
-
-The following examples show how to implement the factory method in both C++ and .NET. **C++ Implementation**
-
-``` pre
-LIBEXP AuthInitialize* createPKCSAuthInitInstance()
-{
- return new PKCSAuthInit( );
-}
-```
-
-**.NET Implementation**
-
-``` pre
-public static IAuthInitialize Create()
-{
- return new UserPasswordAuthInit();
-}
-```
-
-Implementations of the factory method are user-provided. Credentials in the form of properties returned by this function are sent by the client to the server for authentication during the client’s handshake process with the server.
-
-The client installation provides sample security implementations in its `templates/security` folder.
-
-## <a id="security__section_9DEC6B55C76D446FB0821AF3B3922BD6" class="no-quick-link"></a>Acquiring Credentials Programmatically (C++ and .NET)
-
-This example shows a C++ client connecting with credentials.
-
-``` pre
-PropertiesPtr secProp = Properties::create();
-secProp->insert("security-client-auth-factory", "createPKCSAuthInitInstance");
-secProp->insert("security-client-auth-library", "securityImpl");
-secProp->insert("security-keystorepath", "keystore/geode.keystore");
-secProp->insert("security-alias", "geode");
-secProp->insert("security-keystorepass", "geodepass");
-CacheFactoryPtr cacheFactoryPtr = CacheFactory::createCacheFactory(secProp);
-```
-
-This example shows a .NET client.
-
-``` pre
-Properties secProp = Properties.Create();
-secProp.Insert("security-client-auth-factory",
- "Apache.Geode.Templates.Cache.Security.UserPasswordAuthInit.Create");
-secProp.Insert("security-client-auth-library", "securityImpl");
-secProp.Insert("security-username"," geode");
-secProp.Insert("security-password"," geodePass);
-```
diff --git a/docs/geode-native-docs/security/usingoperationcontext.html.md.erb b/docs/geode-native-docs/security/usingoperationcontext.html.md.erb
deleted file mode 100644
index af5fea9..0000000
--- a/docs/geode-native-docs/security/usingoperationcontext.html.md.erb
+++ /dev/null
@@ -1,38 +0,0 @@
----
-title: Determining Pre- or Post-Operation Authorization
----
-
-<!--
-Licensed to the Apache Software Foundation (ASF) under one or more
-contributor license agreements. See the NOTICE file distributed with
-this work for additional information regarding copyright ownership.
-The ASF licenses this file to You under the Apache License, Version 2.0
-(the "License"); you may not use this file except in compliance with
-the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
--->
-
-The `OperationContext` object that is passed to the `authorizeOperation` method of the callback as the second argument provides an `isPostOperation` method that returns true when the callback is invoked in the post-operation phase.
-
-For example:
-
-``` pre
-bool authorizeOperation(Region region, OperationContext context) {
- if (context.isPostOperation()) {
- //it's a post-operation
- } else {
- //it's a pre-operation
- }
-}
-```
-
-If an authorization failure occurs in a pre-operation or post-operation callback on the server, the operation throws a `NotAuthorizedException` on the client.
-
-For more information, see [Authorization](geodeman/managing/security/authorization_overview.html).
[geode-native] 10/10: GEODE-4728 User Guide: Add Authentication
submenu to left-hand nav
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 32d71d13087b5c1a36417693cf8da9a8819edbdf
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Mon Nov 26 11:21:38 2018 -0800
GEODE-4728 User Guide: Add Authentication submenu to left-hand nav
---
.../master_middleman/source/subnavs/geode-nc-nav.erb | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
index f654fb4..fc17f06 100644
--- a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
+++ b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
@@ -73,9 +73,18 @@ limitations under the License.
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/continuous-queries.html">Continuous Queries</a>
</li>
- <li>
+ <li class="has_submenu">
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/security/security.html">Security: Authentication and Encryption</a>
+ <ul>
+ <li>
+ <a href="/docs/geode-native/<%=vars.product_version_nodot%>/security/authentication.html">Authentication</a>
+ </li>
+ <li>
+ <a href="/docs/geode-native/<%=vars.product_version_nodot%>/security/sslclientserver.html">TLS/SSL Client-Server Communication Encryption</a>
+ </li>
+ </ul>
</li>
+
<li>
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/transactions/transactions.html">Transactions</a>
</li>
[geode-native] 09/10: GEODE-6043: Improve User Guide Authentication
example
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 5f876af4fec8ea9eec4bf8449167de2a30d8ac0b
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Mon Nov 19 17:30:02 2018 -0800
GEODE-6043: Improve User Guide Authentication example
---
.../security/authentication.html.md.erb | 122 ++++-----------------
1 file changed, 20 insertions(+), 102 deletions(-)
diff --git a/docs/geode-native-docs/security/authentication.html.md.erb b/docs/geode-native-docs/security/authentication.html.md.erb
index faca71b..d12c4bc 100644
--- a/docs/geode-native-docs/security/authentication.html.md.erb
+++ b/docs/geode-native-docs/security/authentication.html.md.erb
@@ -19,13 +19,11 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
-A client is authenticated when it connects, with valid credentials, to a <%=vars.product_name%> cache server that is configured with the client `Authenticator` callback.
+A client is authenticated when it connects with valid credentials to a <%=vars.product_name%> cache server that is configured with the client `Authenticator` callback.
+For details on the server's role in authentication and what it expects from the client, see [Implementing Authentication](geodeman/managing/security/implementing_authentication.html) in the *<%=vars.product_name%> User Guide*.
Examples of various implementations can be found in the Native Client source distribution's `../templates/security` directory.
-An `AuthenticationRequiredException` is thrown when the server is configured with security and the
-client does not present its credentials while attempting to connect.
-
In your application, authentication credentials must be set when creating the cache. In practice,
this means setting the authentication credentials when you create the CacheFactory.
@@ -36,66 +34,31 @@ In this C# authentication example, credentials are implemented in the GetCredent
```cs
-using System;
-using Apache.Geode.Client;
-
-namespace Apache.Geode.Examples.AuthInitialize
-{
- class Program
+ class ExampleAuthInitialize : IAuthInitialize
{
- class ExampleAuthInitialize : IAuthInitialize
+ public ExampleAuthInitialize()
{
- public ExampleAuthInitialize()
- {
- // TODO initialize your resources here
- Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
- }
-
- public void Close()
- {
- // TODO close your resources here
- Console.Out.WriteLine("ExampleAuthInitialize::Close called");
- }
-
- public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
- {
- // TODO get your username and password
- Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
-
- var credentials = new Properties<string, object>();
- credentials.Insert("username", "john");
- credentials.Insert("password", "secret");
- return credentials;
- }
- }
-
- static void Main(string[] args)
- {
- var cacheFactory = new CacheFactory()
- .Set("log-level", "none")
- .SetAuthInitialize(new ExampleAuthInitialize());
-
- var cache = cacheFactory.Create();
- var poolFactory = cache.GetPoolFactory()
- .AddLocator("localhost", 10334);
- poolFactory.Create("pool");
- var regionFactory = cache.CreateRegionFactory(RegionShortcut.PROXY)
- .SetPoolName("pool");
- var region = regionFactory.Create<string, string>("region");
-
- region["a"] = "1";
- region["b"] = "2";
+ // TODO initialize your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
+ }
- var a = region["a"];
- var b = region["b"];
+ public void Close()
+ {
+ // TODO close your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::Close called");
+ }
- Console.Out.WriteLine("a = " + a);
- Console.Out.WriteLine("b = " + b);
+ public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
+ {
+ // TODO get your username and password
+ Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
- cache.Close();
+ var credentials = new Properties<string, object>();
+ credentials.Insert("security-username", "root");
+ credentials.Insert("security-password", "root");
+ return credentials;
}
}
-}
```
@@ -104,19 +67,6 @@ namespace Apache.Geode.Examples.AuthInitialize
In this C++ authentication example, credentials are implemented in the getCredentials member function of the AuthInitialize abstract class.
```cpp
-#include <iostream>
-
-#include <geode/CacheFactory.hpp>
-#include <geode/PoolManager.hpp>
-#include <geode/RegionFactory.hpp>
-#include <geode/RegionShortcut.hpp>
-#include <geode/AuthInitialize.hpp>
-
-using namespace apache::geode::client;
-
-constexpr auto SECURITY_USERNAME = "security-username";
-constexpr auto SECURITY_PASSWORD = "security-password";
-
class UserPasswordAuthInit : public AuthInitialize {
public:
UserPasswordAuthInit() = default;
@@ -147,36 +97,4 @@ public:
void close() override { return; }
};
-int main(int argc, char** argv) {
- auto config = Properties::create();
- config->insert(SECURITY_USERNAME, "root");
- config->insert(SECURITY_PASSWORD, "root");
-
- auto cacheFactory = CacheFactory(config);
- auto authInitialize = std::make_shared<UserPasswordAuthInit>();
- cacheFactory.set("log-level", "none");
- cacheFactory.setAuthInitialize(authInitialize);
-
- auto cache = cacheFactory.create();
- auto poolFactory = cache.getPoolManager().createFactory();
-
- poolFactory.addLocator("localhost", 10334);
- auto pool = poolFactory.create("pool");
- auto regionFactory = cache.createRegionFactory(RegionShortcut::PROXY);
- auto region = regionFactory.setPoolName("pool").create("example_userinfo");
-
- region->put("rtimmons", "Robert Timmons");
- region->put("scharles", "Sylvia Charles");
-
- auto user1 = region->get("rtimmons");
- auto user2 = region->get("scharles");
- std::cout << " rtimmons = "
- << std::dynamic_pointer_cast<CacheableString>(user1)->value()
- << std::endl;
- std::cout << " scharles = "
- << std::dynamic_pointer_cast<CacheableString>(user2)->value()
- << std::endl;
-
- cache.close();
-}
```
[geode-native] 02/10: GEODE-4728 Geode NC doc improvements: flatten
hierarchy for querying pages
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 644095f600c6eb1077bdf8a15cad3f754c165340
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Wed Nov 7 15:36:39 2018 -0800
GEODE-4728 Geode NC doc improvements: flatten hierarchy for querying pages
---
.../master_middleman/source/subnavs/geode-nc-nav.erb | 4 ++--
.../{continuous-querying => }/continuous-queries.html.md.erb | 0
.../{remote-querying => }/remote-queries.html.md.erb | 0
3 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
index 792c274..9089fc9 100644
--- a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
+++ b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
@@ -66,11 +66,11 @@ limitations under the License.
</li>
<li>
- <a href="/docs/geode-native/<%=vars.product_version_nodot%>/remote-querying/remote-queries.html">Remote Queries</a>
+ <a href="/docs/geode-native/<%=vars.product_version_nodot%>/remote-queries.html">Remote Queries</a>
</li>
<li>
- <a href="/docs/geode-native/<%=vars.product_version_nodot%>/continuous-querying/continuous-queries.html">Continuous Queries</a>
+ <a href="/docs/geode-native/<%=vars.product_version_nodot%>/continuous-queries.html">Continuous Queries</a>
</li>
<li>
diff --git a/docs/geode-native-docs/continuous-querying/continuous-queries.html.md.erb b/docs/geode-native-docs/continuous-queries.html.md.erb
similarity index 100%
rename from docs/geode-native-docs/continuous-querying/continuous-queries.html.md.erb
rename to docs/geode-native-docs/continuous-queries.html.md.erb
diff --git a/docs/geode-native-docs/remote-querying/remote-queries.html.md.erb b/docs/geode-native-docs/remote-queries.html.md.erb
similarity index 100%
rename from docs/geode-native-docs/remote-querying/remote-queries.html.md.erb
rename to docs/geode-native-docs/remote-queries.html.md.erb
[geode-native] 04/10: GEODE-4728: User Guide typo fixes,
Diffie-Hellman
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 32a8e96137e681e6ee4d9e44091bb0f2a6e06d9a
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Thu Nov 8 10:42:24 2018 -0800
GEODE-4728: User Guide typo fixes, Diffie-Hellman
---
docs/geode-native-docs/security/authentication-levels.html.md.erb | 4 +---
docs/geode-native-docs/security/encrypted-auth.html.md.erb | 4 ++--
docs/geode-native-docs/security/overviewencryptcred.html.md.erb | 4 ++--
docs/geode-native-docs/security/overviewsecurity.html.md.erb | 2 +-
4 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/docs/geode-native-docs/security/authentication-levels.html.md.erb b/docs/geode-native-docs/security/authentication-levels.html.md.erb
index 2bd39fd..a7501b5 100644
--- a/docs/geode-native-docs/security/authentication-levels.html.md.erb
+++ b/docs/geode-native-docs/security/authentication-levels.html.md.erb
@@ -33,6 +33,4 @@ By default, server pools use process-level authentication. Enable multi-user aut
<img src="../common/images/security-client-connections.gif" id="security__image_85B98E185AD84C59AC22974A63080559" class="image" />
-Credentials can be sent in encrypted form using the Diffie-Hellman key exchange algorithm. See [Encrypt Credentials with Diffe-Hellman](overviewencryptcred.html#security) for more information.
-
-
+Credentials can be sent in encrypted form using the Diffie-Hellman key exchange algorithm. See [Encrypt Credentials with Diffie-Hellman](overviewencryptcred.html#security) for more information.
diff --git a/docs/geode-native-docs/security/encrypted-auth.html.md.erb b/docs/geode-native-docs/security/encrypted-auth.html.md.erb
index a398e4d..fe08234 100644
--- a/docs/geode-native-docs/security/encrypted-auth.html.md.erb
+++ b/docs/geode-native-docs/security/encrypted-auth.html.md.erb
@@ -19,9 +19,9 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
-You can set up encrypted authentication using Diffe-Hellman or the sample PKCS implementation.
+You can set up encrypted authentication using Diffie-Hellman or the sample PKCS implementation.
-- **[Encrypt Credentials with Diffe-Hellman](overviewencryptcred.html)**
+- **[Encrypt Credentials with Diffie-Hellman](overviewencryptcred.html)**
For secure transmission of sensitive credentials like passwords, encrypt credentials using the Diffie-Hellman key exchange algorithm. With Diffie-Hellman enabled, you can have your client authenticate its servers.
diff --git a/docs/geode-native-docs/security/overviewencryptcred.html.md.erb b/docs/geode-native-docs/security/overviewencryptcred.html.md.erb
index f18ea39..2ca30a1 100644
--- a/docs/geode-native-docs/security/overviewencryptcred.html.md.erb
+++ b/docs/geode-native-docs/security/overviewencryptcred.html.md.erb
@@ -1,5 +1,5 @@
---
-title: Encrypt Credentials with Diffe-Hellman
+title: Encrypt Credentials with Diffie-Hellman
---
<!--
@@ -21,7 +21,7 @@ limitations under the License.
For secure transmission of sensitive credentials such as passwords, encrypt credentials using the Diffie-Hellman key exchange algorithm. With Diffie-Hellman enabled, you can have your client authenticate its servers.
-## <a id="security__section_1BB8F13C7ACB44668FF337F59A3BA5AE" class="no-quick-link"></a>Enabling Diffe-Hellman
+## <a id="security__section_1BB8F13C7ACB44668FF337F59A3BA5AE" class="no-quick-link"></a>Enabling Diffie-Hellman
Set the `security-client-dhalgo` system property in the `geode.properties` file to the password for the public key file store on the client (the name of a valid symmetric key cipher supported by the JDK).
diff --git a/docs/geode-native-docs/security/overviewsecurity.html.md.erb b/docs/geode-native-docs/security/overviewsecurity.html.md.erb
index f0e1729..a965c5e 100644
--- a/docs/geode-native-docs/security/overviewsecurity.html.md.erb
+++ b/docs/geode-native-docs/security/overviewsecurity.html.md.erb
@@ -29,7 +29,7 @@ The security framework authenticates clients that attempt to connect to a <%=var
- **[Encrypted Authentication](encrypted-auth.html)**
- You can set up encrypted authentication using Diffe-Hellman or the sample PKCS implementation.
+ You can set up encrypted authentication using Diffie-Hellman or the sample PKCS implementation.
- **[Client Authorization](overviewclientauthorization.html)**
[geode-native] 08/10: Geode-4728: User Guide - improve
authentication explanation
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 9456ac5477348acd262baf9d06b2b81ad0bcd86c
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Fri Nov 16 14:07:32 2018 -0800
Geode-4728: User Guide - improve authentication explanation
---
docs/geode-native-docs/security/SampleAuth.cpp | 92 ++++++++++++++
docs/geode-native-docs/security/SampleAuth.cs | 52 ++++----
.../security/authentication.html.md.erb | 137 +++++++++++++++++----
3 files changed, 231 insertions(+), 50 deletions(-)
diff --git a/docs/geode-native-docs/security/SampleAuth.cpp b/docs/geode-native-docs/security/SampleAuth.cpp
new file mode 100644
index 0000000..026f86f
--- /dev/null
+++ b/docs/geode-native-docs/security/SampleAuth.cpp
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <iostream>
+
+#include <geode/CacheFactory.hpp>
+#include <geode/PoolManager.hpp>
+#include <geode/RegionFactory.hpp>
+#include <geode/RegionShortcut.hpp>
+#include <geode/AuthInitialize.hpp>
+
+using namespace apache::geode::client;
+
+constexpr auto SECURITY_USERNAME = "security-username";
+constexpr auto SECURITY_PASSWORD = "security-password";
+
+class UserPasswordAuthInit : public AuthInitialize {
+public:
+ UserPasswordAuthInit() = default;
+
+ ~UserPasswordAuthInit() noexcept override = default;
+
+ std::shared_ptr<Properties> getCredentials(
+ const std::shared_ptr<Properties> &securityprops,
+ const std::string &) override {
+ std::shared_ptr<Cacheable> userName;
+ if (securityprops == nullptr ||
+ (userName = securityprops->find(SECURITY_USERNAME)) == nullptr) {
+ throw AuthenticationFailedException(
+ "UserPasswordAuthInit: user name "
+ "property [SECURITY_USERNAME] not set.");
+ }
+
+ auto credentials = Properties::create();
+ credentials->insert(SECURITY_USERNAME, userName->toString().c_str());
+ auto passwd = securityprops->find(SECURITY_PASSWORD);
+ if (passwd == nullptr) {
+ passwd = CacheableString::create("");
+ }
+ credentials->insert(SECURITY_PASSWORD, passwd->value().c_str());
+ return credentials;
+ }
+
+ void close() override { return; }
+};
+
+int main(int argc, char** argv) {
+ auto config = Properties::create();
+ config->insert(SECURITY_USERNAME, "root");
+ config->insert(SECURITY_PASSWORD, "root");
+
+ auto cacheFactory = CacheFactory(config);
+ auto authInitialize = std::make_shared<UserPasswordAuthInit>();
+ cacheFactory.set("log-level", "none");
+ cacheFactory.setAuthInitialize(authInitialize);
+
+ auto cache = cacheFactory.create();
+ auto poolFactory = cache.getPoolManager().createFactory();
+
+ poolFactory.addLocator("localhost", 10334);
+ auto pool = poolFactory.create("pool");
+ auto regionFactory = cache.createRegionFactory(RegionShortcut::PROXY);
+ auto region = regionFactory.setPoolName("pool").create("example_userinfo");
+
+ region->put("rtimmons", "Robert Timmons");
+ region->put("scharles", "Sylvia Charles");
+
+ auto user1 = region->get("rtimmons");
+ auto user2 = region->get("scharles");
+ std::cout << " rtimmons = "
+ << std::dynamic_pointer_cast<CacheableString>(user1)->value()
+ << std::endl;
+ std::cout << " scharles = "
+ << std::dynamic_pointer_cast<CacheableString>(user2)->value()
+ << std::endl;
+
+ cache.close();
+}
diff --git a/docs/geode-native-docs/security/SampleAuth.cs b/docs/geode-native-docs/security/SampleAuth.cs
index 4b7181e..272b048 100644
--- a/docs/geode-native-docs/security/SampleAuth.cs
+++ b/docs/geode-native-docs/security/SampleAuth.cs
@@ -22,6 +22,32 @@ namespace Apache.Geode.Examples.AuthInitialize
{
class Program
{
+ class ExampleAuthInitialize : IAuthInitialize
+ {
+ public ExampleAuthInitialize()
+ {
+ // TODO initialize your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
+ }
+
+ public void Close()
+ {
+ // TODO close your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::Close called");
+ }
+
+ public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
+ {
+ // TODO get your username and password
+ Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
+
+ var credentials = new Properties<string, object>();
+ credentials.Insert("username", "john");
+ credentials.Insert("password", "secret");
+ return credentials;
+ }
+ }
+
static void Main(string[] args)
{
var cacheFactory = new CacheFactory()
@@ -48,30 +74,4 @@ namespace Apache.Geode.Examples.AuthInitialize
cache.Close();
}
}
-
- class ExampleAuthInitialize : IAuthInitialize
- {
- public ExampleAuthInitialize()
- {
- // TODO initialize your resources here
- Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
- }
-
- public void Close()
- {
- // TODO close your resources here
- Console.Out.WriteLine("ExampleAuthInitialize::Close called");
- }
-
- public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
- {
- // TODO get your username and password
- Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
-
- var credentials = new Properties<string, object>();
- credentials.Insert("username", "john");
- credentials.Insert("password", "secret");
- return credentials;
- }
- }
}
diff --git a/docs/geode-native-docs/security/authentication.html.md.erb b/docs/geode-native-docs/security/authentication.html.md.erb
index 098527b..faca71b 100644
--- a/docs/geode-native-docs/security/authentication.html.md.erb
+++ b/docs/geode-native-docs/security/authentication.html.md.erb
@@ -21,12 +21,19 @@ limitations under the License.
A client is authenticated when it connects, with valid credentials, to a <%=vars.product_name%> cache server that is configured with the client `Authenticator` callback.
-Examples of various implementations can be found in the Native Client source distribution's `../templates/security`` directory.
+Examples of various implementations can be found in the Native Client source distribution's `../templates/security` directory.
An `AuthenticationRequiredException` is thrown when the server is configured with security and the
client does not present its credentials while attempting to connect.
-The following excerpts are taken from the .NET example provided with your Native Client distribution in the `../examples/dotnet/AuthInitialize` directory.
+In your application, authentication credentials must be set when creating the cache. In practice,
+this means setting the authentication credentials when you create the CacheFactory.
+
+### .NET Authentication Example
+
+The following excerpt is taken from the .NET example provided with your Native Client distribution in the `../examples/dotnet/AuthInitialize` directory.
+In this C# authentication example, credentials are implemented in the GetCredentials member function of the ExampleAuthInitialize class, which implements the IAuthInitialize interface.
+
```cs
using System;
@@ -36,6 +43,32 @@ namespace Apache.Geode.Examples.AuthInitialize
{
class Program
{
+ class ExampleAuthInitialize : IAuthInitialize
+ {
+ public ExampleAuthInitialize()
+ {
+ // TODO initialize your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
+ }
+
+ public void Close()
+ {
+ // TODO close your resources here
+ Console.Out.WriteLine("ExampleAuthInitialize::Close called");
+ }
+
+ public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
+ {
+ // TODO get your username and password
+ Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
+
+ var credentials = new Properties<string, object>();
+ credentials.Insert("username", "john");
+ credentials.Insert("password", "secret");
+ return credentials;
+ }
+ }
+
static void Main(string[] args)
{
var cacheFactory = new CacheFactory()
@@ -62,32 +95,88 @@ namespace Apache.Geode.Examples.AuthInitialize
cache.Close();
}
}
+}
- class ExampleAuthInitialize : IAuthInitialize
- {
- public ExampleAuthInitialize()
- {
- // TODO initialize your resources here
- Console.Out.WriteLine("ExampleAuthInitialize::ExampleAuthInitialize called");
- }
+```
- public void Close()
- {
- // TODO close your resources here
- Console.Out.WriteLine("ExampleAuthInitialize::Close called");
+### C++ Authentication Example
+
+In this C++ authentication example, credentials are implemented in the getCredentials member function of the AuthInitialize abstract class.
+
+```cpp
+#include <iostream>
+
+#include <geode/CacheFactory.hpp>
+#include <geode/PoolManager.hpp>
+#include <geode/RegionFactory.hpp>
+#include <geode/RegionShortcut.hpp>
+#include <geode/AuthInitialize.hpp>
+
+using namespace apache::geode::client;
+
+constexpr auto SECURITY_USERNAME = "security-username";
+constexpr auto SECURITY_PASSWORD = "security-password";
+
+class UserPasswordAuthInit : public AuthInitialize {
+public:
+ UserPasswordAuthInit() = default;
+
+ ~UserPasswordAuthInit() noexcept override = default;
+
+ std::shared_ptr<Properties> getCredentials(
+ const std::shared_ptr<Properties> &securityprops,
+ const std::string &) override {
+ std::shared_ptr<Cacheable> userName;
+ if (securityprops == nullptr ||
+ (userName = securityprops->find(SECURITY_USERNAME)) == nullptr) {
+ throw AuthenticationFailedException(
+ "UserPasswordAuthInit: user name "
+ "property [SECURITY_USERNAME] not set.");
}
-
- public Properties<string, object> GetCredentials(Properties<string, string> props, string server)
- {
- // TODO get your username and password
- Console.Out.WriteLine("ExampleAuthInitialize::GetCredentials called");
-
- var credentials = new Properties<string, object>();
- credentials.Insert("username", "john");
- credentials.Insert("password", "secret");
- return credentials;
+
+ auto credentials = Properties::create();
+ credentials->insert(SECURITY_USERNAME, userName->toString().c_str());
+ auto passwd = securityprops->find(SECURITY_PASSWORD);
+ if (passwd == nullptr) {
+ passwd = CacheableString::create("");
}
+ credentials->insert(SECURITY_PASSWORD, passwd->value().c_str());
+ return credentials;
}
-}
+ void close() override { return; }
+};
+
+int main(int argc, char** argv) {
+ auto config = Properties::create();
+ config->insert(SECURITY_USERNAME, "root");
+ config->insert(SECURITY_PASSWORD, "root");
+
+ auto cacheFactory = CacheFactory(config);
+ auto authInitialize = std::make_shared<UserPasswordAuthInit>();
+ cacheFactory.set("log-level", "none");
+ cacheFactory.setAuthInitialize(authInitialize);
+
+ auto cache = cacheFactory.create();
+ auto poolFactory = cache.getPoolManager().createFactory();
+
+ poolFactory.addLocator("localhost", 10334);
+ auto pool = poolFactory.create("pool");
+ auto regionFactory = cache.createRegionFactory(RegionShortcut::PROXY);
+ auto region = regionFactory.setPoolName("pool").create("example_userinfo");
+
+ region->put("rtimmons", "Robert Timmons");
+ region->put("scharles", "Sylvia Charles");
+
+ auto user1 = region->get("rtimmons");
+ auto user2 = region->get("scharles");
+ std::cout << " rtimmons = "
+ << std::dynamic_pointer_cast<CacheableString>(user1)->value()
+ << std::endl;
+ std::cout << " scharles = "
+ << std::dynamic_pointer_cast<CacheableString>(user2)->value()
+ << std::endl;
+
+ cache.close();
+}
```
[geode-native] 01/10: GEODE-4728 User Guide: Update config and
getting started
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit c146edee71962624ea9584b4826994ac2600b370
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Wed Oct 31 15:25:20 2018 -0700
GEODE-4728 User Guide: Update config and getting started
---
.../master_middleman/source/subnavs/geode-nc-nav.erb | 13 ++++---------
.../configuring/configuration.html.md.erb | 6 ------
.../getting-started-nc-client.html.md.erb | 16 ++++++++--------
3 files changed, 12 insertions(+), 23 deletions(-)
diff --git a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
index 7f17cc0..792c274 100644
--- a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
+++ b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
@@ -24,16 +24,11 @@ limitations under the License.
<li class="has_submenu">
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/getting-started/getting-started-nc-client.html">Getting Started with the Native Library</a>
<ul>
- <li class="has_submenu">
+ <li>
+ <a href="/docs/geode-native/<%=vars.product_version_nodot%>/getting-started/getting-started-nc-client.html#establish_cluster_access">Establish Access to a <%=vars.product_name%> Cluster</a>
+ </li>
+ <li>
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/getting-started/getting-started-nc-client.html#app_dev_walkthroughs">Application Development Walkthroughs</a>
- <ul>
- <li>
- <a href="/docs/geode-native/<%=vars.product_version_nodot%>/getting-started/app-dev-walkthrough-cpp.html">C++ App Development Walkthrough</a>
- </li>
- <li>
- <a href="/docs/geode-native/<%=vars.product_version_nodot%>/getting-started/app-dev-walkthrough-dotnet.html">.NET App Development Walkthrough</a>
- </li>
- </ul>
</li>
<li>
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/getting-started/getting-started-nc-client.html#programming_examples">Programming Examples</a>
diff --git a/docs/geode-native-docs/configuring/configuration.html.md.erb b/docs/geode-native-docs/configuring/configuration.html.md.erb
index c452c42..98136a3 100644
--- a/docs/geode-native-docs/configuring/configuration.html.md.erb
+++ b/docs/geode-native-docs/configuring/configuration.html.md.erb
@@ -19,12 +19,6 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
-You configure your native client to establish connectivity to a server, which requires specifying
-
- - Locator address and port
- - Connection credentials
- - Identity of a shared region on the server
-
You can configure your native client application:
- Programmatically in your app code
diff --git a/docs/geode-native-docs/getting-started/getting-started-nc-client.html.md.erb b/docs/geode-native-docs/getting-started/getting-started-nc-client.html.md.erb
index 639ef57..2644d1b 100644
--- a/docs/geode-native-docs/getting-started/getting-started-nc-client.html.md.erb
+++ b/docs/geode-native-docs/getting-started/getting-started-nc-client.html.md.erb
@@ -137,14 +137,14 @@ The directory structure resembles this hierarchy (some entries are omitted for c
put-get-remove/
remotequery/
dotnet/
- AuthInitialize/
- BUILD-DOTNET-EXAMPLES.md
- CMakeLists.txt
- DataSerializableCs/
- PdxAutoSerializer/
- PdxSerializableCs/
- PutGetRemove/
- RemoteQueryCs/
+ AuthInitialize/
+ BUILD-DOTNET-EXAMPLES.md
+ CMakeLists.txt
+ DataSerializableCs/
+ PdxAutoSerializer/
+ PdxSerializableCs/
+ PutGetRemove/
+ RemoteQueryCs/
See the `BUILD-platform-EXAMPLES.md` or `README.md` file in each directory for detailed instructions on building
and executing the examples, and read the source code to understand how the examples are constructed.
[geode-native] 05/10: GEODE-4728 Geode NC doc: Add a Security topic
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 8ec04be41947f3fb467e4cf50e2dd69a60bd2311
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Thu Nov 8 14:10:57 2018 -0800
GEODE-4728 Geode NC doc: Add a Security topic
---
.../source/subnavs/geode-nc-nav.erb | 3 ++
.../security/overviewauthentication.html.md.erb | 9 +----
.../security/security-systemprops.html.md.erb | 4 +--
.../security/security.html.md.erb | 40 ++++++++++++++++++++++
.../security/sslclientserver.html.md.erb | 12 +++----
5 files changed, 52 insertions(+), 16 deletions(-)
diff --git a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
index 9089fc9..815b2f8 100644
--- a/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
+++ b/docs/geode-native-book/master_middleman/source/subnavs/geode-nc-nav.erb
@@ -74,6 +74,9 @@ limitations under the License.
</li>
<li>
+ <a href="/docs/geode-native/<%=vars.product_version_nodot%>/security/security.html">Security</a>
+ </li>
+ <li>
<a href="/docs/geode-native/<%=vars.product_version_nodot%>/transactions/transactions.html">Transactions</a>
</li>
</ul>
diff --git a/docs/geode-native-docs/security/overviewauthentication.html.md.erb b/docs/geode-native-docs/security/overviewauthentication.html.md.erb
index 082d579..70ee2af 100644
--- a/docs/geode-native-docs/security/overviewauthentication.html.md.erb
+++ b/docs/geode-native-docs/security/overviewauthentication.html.md.erb
@@ -21,11 +21,7 @@ limitations under the License.
A client is authenticated when it connects, with valid credentials, to a <%=vars.product_name%> cache server that is configured with the client `Authenticator` callback.
-Once the client is authenticated, the server assigns the client a unique ID and principal, used to authorize operations. The client must trust all cache servers in the server system as it may connect to any one of them. For information on configuring client/server , see [Client/Server Configuration](geodeman/topologies_and_comm/cs_configuration/chapter_overview.html).
-
-- **[Process and Multiuser Authentication](authentication-levels.html)**
-
- Client connections can be authenticated at two levels, process and multiuser.
+Once the client is authenticated, the server assigns the client a unique ID and principal, used to authorize operations. The client must trust all cache servers in the server system as it may connect to any one of them.
- **[Configuring Credentials for Authentication](systempropsforauth.html)**
@@ -41,6 +37,3 @@ Once the client is authenticated, the server assigns the client a unique ID and
To create multiple, secure connections to your servers from a single client, so the client can service different user types, you create an authenticated `RegionService` for each user.
-- **[Using an LDAP Server for Client Authentication](LDAPserverauth.html)**
-
- An LDAP server can be used by a <%=vars.product_name%> cache server using the sample LDAP implementation provided with the <%=vars.product_name%> server.
diff --git a/docs/geode-native-docs/security/security-systemprops.html.md.erb b/docs/geode-native-docs/security/security-systemprops.html.md.erb
index 562dccc..3197a76 100644
--- a/docs/geode-native-docs/security/security-systemprops.html.md.erb
+++ b/docs/geode-native-docs/security/security-systemprops.html.md.erb
@@ -1,5 +1,5 @@
---
-title: Security-Related System Properties (gemfire.properties)
+title: Security-Related System Properties
---
<!--
@@ -19,7 +19,7 @@ See the License for the specific language governing permissions and
limitations under the License.
-->
-The table describes the security-related system properties in the `gemfire.properties` file for native client authentication and authorization.
+The table describes the security-related system properties in the `geode.properties` file for native client authentication and authorization.
<a id="security__section_6DC4C72A2EEB432AA40DE97D438FD1E7"></a><a id="security__table_92A6A66523764199A19BCD66BA189921"></a>
diff --git a/docs/geode-native-docs/security/security.html.md.erb b/docs/geode-native-docs/security/security.html.md.erb
new file mode 100644
index 0000000..e63e280
--- /dev/null
+++ b/docs/geode-native-docs/security/security.html.md.erb
@@ -0,0 +1,40 @@
+---
+title: Security
+---
+
+<!--
+Licensed to the Apache Software Foundation (ASF) under one or more
+contributor license agreements. See the NOTICE file distributed with
+this work for additional information regarding copyright ownership.
+The ASF licenses this file to You under the Apache License, Version 2.0
+(the "License"); you may not use this file except in compliance with
+the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+
+The security framework authenticates clients as they connect to a <%=vars.product_name%> cache server and authorizes client cache operations. You can also configure it for client authentication of servers, and you can plug in your own implementations for authentication and authorization.
+
+For an explanation of the server-side implementation of security, see [Security](geodeman/managing/security/chapter_overview.html) in the *<%=vars.product_name%> User Guide*.
+
+The following sections describe some client-specific security considerations:
+
+- **Authentication**
+
+ Geode Native requires providing an authentication implementation. Examples of these implementations can be found in /templates/security. Build and link the implementation and set the implementation’s properties on the cache.
+
+- **[Security-Related System Properties](security-systemprops.html)**
+
+ The table describes the security-related system properties in the `geode.properties` file for native client authentication and authorization.
+
+- **[SSL Client/Server Communication](sslclientserver.html)**
+
+ This section describes how to configure OpenSSL, implement SSL-based communication between your clients and servers, and run clients and servers with SSL enabled.
+
+
diff --git a/docs/geode-native-docs/security/sslclientserver.html.md.erb b/docs/geode-native-docs/security/sslclientserver.html.md.erb
index bce46bc..d97cc76 100644
--- a/docs/geode-native-docs/security/sslclientserver.html.md.erb
+++ b/docs/geode-native-docs/security/sslclientserver.html.md.erb
@@ -25,7 +25,7 @@ This section describes how to configure OpenSSL, implement SSL-based communicati
The open-source OpenSSL toolkit provides a full-strength general purpose cryptography library to operate along with the PKCS sample implementation for encrypted authentication of native client credentials.
-Download and install OpenSSL 1.0.2 for your specific operating system.
+Download and install OpenSSL 1.1.1 for your specific operating system.
For Windows platforms, you can use either the regular or the "Light" version.
**Note for Windows users:** If you use Cygwin, do not use the OpenSSL library that comes with
@@ -46,7 +46,7 @@ For example, for Bourne and Korn shells (sh, ksh, bash), environment setup would
<code>
% LD\_LIBRARY\_PATH=$LD\_LIBRARY\_PATH:_client-install-dir_/lib:_client-install-dir_/ssl\_libs:_openssl-install-dir_/lib<br />
% export LD\_LIBRARY\_PATH<br />
-% CLASSPATH=_server-install-dir_/lib/securityImpl.jar:$CLASSPATH
+% CLASSPATH=_server-install-dir_/lib/libcryptoImpl.jar:$CLASSPATH
</code>
where:
@@ -60,7 +60,7 @@ where:
For Windows, environment setup might resemble this:
<code>
\> set PATH=_jdk-or-jre-path_\bin;_client-install-dir_\bin;_client-install-dir_\ssl\_libs;_openssl-install-dir_\bin;%PATH%<br />
-\> set CLASSPATH=_server-installdir_\lib\securityImpl.jar;%CLASSPATH%
+\> set CLASSPATH=_server-installdir_\lib\libcryptoImpl.jar;%CLASSPATH%
</code>
where _jdk-or-jre-path_ is the directory in which Java is installed.
@@ -68,9 +68,7 @@ where _jdk-or-jre-path_ is the directory in which Java is installed.
## Step 3. Enable SSL on the server and on the client
1. On the server, enable SSL for the `locator` and `server` components, as the SSL-enabled client
-must be able to communicate with both locator and server components. For details on the SSL
-properties available on the server, see "Managing > Security > SSL > Configuring SSL" in the
-[_<%=vars.product_name%> User's Guide_](/serverman/about_<%=vars.product_name.downcase%>.html).
+must be able to communicate with both locator and server components.
1. On the client, set `ssl-enabled` to `true`.
@@ -90,6 +88,8 @@ Specifically, ensure that:
For details on stopping and starting locators and cache servers with SSL, see [Starting Up and Shutting Down Your System](geodeman/configuring/running/starting_up_shutting_down.html).
+The <%=vars.product_name%> Native’s libcryptoImpl found in /lib must be linked at compile time. This binary is used to interact with OpenSSL. Link libcryptoImpl, native client, and your application code. We highly recommend using cmake.
+
**Example locator start command**
Ensure that all required SSL properties are configured in your server's `geode.properties` file. Then start your locator as follows:
[geode-native] 07/10: GEODE-4728 remove deprecated 'grid-client'
property
Posted by ig...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
igodwin pushed a commit to branch release/1.8
in repository https://gitbox.apache.org/repos/asf/geode-native.git
commit 66505ae87593753b5ba48d661851fe9e73502ec0
Author: Dave Barnes <db...@pivotal.io>
AuthorDate: Mon Nov 12 16:19:48 2018 -0800
GEODE-4728 remove deprecated 'grid-client' property
---
docs/geode-native-docs/configuring/sysprops.html.md.erb | 5 -----
1 file changed, 5 deletions(-)
diff --git a/docs/geode-native-docs/configuring/sysprops.html.md.erb b/docs/geode-native-docs/configuring/sysprops.html.md.erb
index b319b0d..d563dea 100644
--- a/docs/geode-native-docs/configuring/sysprops.html.md.erb
+++ b/docs/geode-native-docs/configuring/sysprops.html.md.erb
@@ -91,11 +91,6 @@ When the chunk handler is not operative (enable-chunk-handler=false), each appli
<td>If true, prevents server endpoints that are configured in pools from being shuffled before use.</td>
<td>false</td>
</tr>
-<tr class="odd">
-<td>grid-client</td>
-<td>If true, the client does not start various internal threads, so that startup and shutdown time is reduced.</td>
-<td>false</td>
-</tr>
<tr class="even">
<td>max-fe-threads</td>
<td>Thread pool size for parallel function execution. An example of this is the GetAll operations.</td>