Pivotal GemFire can authenticate peer system members, clients, and remote sites. It
can also authorize cache operations on a server from clients.
You can use GemFire security for secure communication, to authorize system membership, and to
authorize specific activities in the cache:
- Use locators for peer discovery
within the distributed systems and for client discovery of servers. See Configuring Peer-to-Peer Discovery
and Configuring a Client/Server System.
- Use consistent security settings
between similar processes in a single distributed system. For example,
configure all servers in a system with the same client authentication
- Implement membership
authentication. Depending on your installation and security requirements,
you may use a combination of peer-to-peer, client/server, and multi-site
- If you have a client/server system,
implement any authorized access control your servers will use for clients
attempting to access or modify the cache.
- If you want to use secure socket
layer (SSL) protocol for your peer-to-peer and client/server connections,
Where to Place Security Configuration Settings
Any security-related (properties that begin with security-*)
configuration properties that are normally configured in
gemfire.properties can be moved to a separate
gfsecurity.properties file. Placing these configuration
settings in a separate file allows you to restrict access to security configuration
data. This way, you can still allow read or write access for your
Upon startup, GemFire processes will look for the
file in the following locations in order:
- current working directory
- user's home directory
If any password-related security properties are listed in the file but have a blank
value, the process will prompt the user to enter a password upon startup.