Pivotal GemFire includes a range of built-in authentication and authorization
features. It also accommodates security infrastructure plug-ins.
GemFire provides member authentication and cache access authorization with these
- Flexible plug-in framework.
Plug-in mechanism for authentication of clients and servers and authorization of
cache operations from clients. Any security infrastructure can be plugged into
the system as long as the plug-ins implement the required GemFire interfaces.
- Cache server authentication.
Allows peer cache servers into the distributed system if their credentials are
authenticated by the locator to which they connect.
- Client authentication.
Implemented through authentication of client’s credentials by a cache server
when the client attempts to connect to the server. Multiple users can connect,
with separate authorization levels, from within one client application.
- SSL-based authentication. Allows
configuration of all connections to be SSL- based, rather than plain socket
- Authorization of cache
operations. Selectively authorized cache operations by clients based on
the predefined, associated roles, where the credentials are provided by the
client when connecting to the server.
- Data modification based on
authorization. Allows authorization callbacks to modify or filter data
sent from the client to the server. Similarly, after the cache operations
complete on the server, a post authorization callback occurs, that can filter or
modify results sent to the client. However, the results cannot be modified while
using function execution.
- Sample implementations.
Authentication and authorization sample implementations.