GEODE-2060 Update docs for security-related poperties Add security-manager and security-post-processor. Deprecate others.
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/dd5af959 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/dd5af959 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/dd5af959 Branch: refs/heads/feature/GEODE-2017 Commit: dd5af9599af947cacb64e29b1f6bba8f0a4d9b32 Parents: 47d295c Author: Karen Miller <[email protected]> Authored: Thu Nov 3 09:04:10 2016 -0700 Committer: Udo Kohlmeyer <[email protected]> Committed: Tue Nov 8 05:39:37 2016 +1100 ---------------------------------------------------------------------- .../topics/gemfire_properties.html.md.erb | 28 +++++++++++++------- 1 file changed, 18 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/dd5af959/geode-docs/reference/topics/gemfire_properties.html.md.erb ---------------------------------------------------------------------- diff --git a/geode-docs/reference/topics/gemfire_properties.html.md.erb b/geode-docs/reference/topics/gemfire_properties.html.md.erb index ae0f198..f9455dd 100644 --- a/geode-docs/reference/topics/gemfire_properties.html.md.erb +++ b/geode-docs/reference/topics/gemfire_properties.html.md.erb @@ -423,21 +423,19 @@ See <a href="../../developing/partitioned_regions/configuring_ha_for_pr.html">Co </tr> <tr class="odd"> <td>security-*</td> -<td>Used for authentication. Any custom properties needed by your <code class="ph codeph">AuthInitialize</code> or <code class="ph codeph">Authenticator</code> callbacks. -<div class="note note"> -**Note:** -<p>Any security-related (properties that begin with <code class="ph codeph">security-*</code>) configuration properties that are normally configured in <code class="ph codeph">gemfire.properties</code> can be moved to a separate <code class="ph codeph">gfsecurity.properties</code> file. Placing these configuration settings in a separate file allows you to restrict access to security configuration data. This way, you can still allow read or write access for your <code class="ph codeph">gemfire.properties</code> file.</p> -</div></td> +<td> +Any security-related (properties that begin with <code class="ph codeph">security-</code>) configuration properties that are normally configured in <code class="ph codeph">gemfire.properties</code> can be moved to a separate <code class="ph codeph">gfsecurity.properties</code> file. Placing these configuration settings in a separate file allows you to restrict access to security configuration data. This way, you can still allow read or write access for your <code class="ph codeph">gemfire.properties</code> file. +</td> <td><em>not set</em></td> </tr> <tr class="even"> <td>security-client-accessor</td> -<td>Used for authorization. Static creation method returning an <code class="ph codeph">AccessControl</code> object, which determines authorization of client-server cache operations. This specifies the callback that should be invoked in the pre-operation phase, which is when the request for the operation is received from the client.</td> +<td><b>Deprecated.</b> Used for authorization. Static creation method returning an <code class="ph codeph">AccessControl</code> object, which determines authorization of client-server cache operations. This specifies the callback that should be invoked in the pre-operation phase, which is when the request for the operation is received from the client.</td> <td><em>not set</em></td> </tr> <tr class="odd"> <td>security-client-accessor-pp</td> -<td>Used for authorization. The callback that should be invoked in the post-operation phase, which is when the operation has completed on the server but before the result is sent to the client. The post-operation callback is also invoked for the updates that are sent from server to client through the notification channel.</td> +<td><b>Deprecated.</b> Used for authorization. The callback that should be invoked in the post-operation phase, which is when the operation has completed on the server but before the result is sent to the client. The post-operation callback is also invoked for the updates that are sent from server to client through the notification channel.</td> <td><em>not set</em></td> </tr> <tr class="even"> @@ -447,7 +445,7 @@ See <a href="../../developing/partitioned_regions/configuring_ha_for_pr.html">Co </tr> <tr class="odd"> <td>security-client-authenticator</td> -<td>Used for authentication. Static creation method returning an <code class="ph codeph">Authenticator</code> object, which is used by a peer to verify the credentials of the connecting peer.</td> +<td><b>Deprecated.</b> Used for authentication. Static creation method returning an <code class="ph codeph">Authenticator</code> object, which is used by a peer to verify the credentials of the connecting peer.</td> <td><em>not set</em></td> </tr> <tr class="even"> @@ -466,14 +464,19 @@ See <a href="../../developing/partitioned_regions/configuring_ha_for_pr.html">Co <p>Valid values from lowest to highest are fine, config, info, warning, error, severe, and none.</p></td> <td>config</td> </tr> +<tr class="even"> +<td>security-manager</td> +<td>Specifies the implementation of the <code>SecurityManager</code> interface that implements the callbacks that do authentication and authorization.</td> +<td><em>not set</em></td> +</tr> <tr class="odd"> <td>security-peer-auth-init</td> -<td>Used with authentication. Static creation method returning an <code class="ph codeph">AuthInitialize</code> object, which obtains credentials for peers in a distributed system. The obtained credentials should be acceptable to the <code class="ph codeph">Authenticator</code> specified through the security-peer-authenticator property on the peers.</td> +<td><b>Deprecated.</b> Used with authentication. Static creation method returning an <code class="ph codeph">AuthInitialize</code> object, which obtains credentials for peers in a distributed system. The obtained credentials should be acceptable to the <code class="ph codeph">Authenticator</code> specified through the security-peer-authenticator property on the peers.</td> <td><em>not set</em></td> </tr> <tr class="even"> <td>security-peer-authenticator</td> -<td>Used with authentication. Static creation method returning an <code class="ph codeph">Authenticator</code> object, which is used by a peer to verify the credentials of the connecting peer.</td> +<td><b>Deprecated.</b> Used with authentication. Static creation method returning an <code class="ph codeph">Authenticator</code> object, which is used by a peer to verify the credentials of the connecting peer.</td> <td><em>not set</em></td> </tr> <tr class="odd"> @@ -482,6 +485,11 @@ See <a href="../../developing/partitioned_regions/configuring_ha_for_pr.html">Co <td>1000</td> </tr> <tr class="even"> +<td>security-post-processor</td> +<td>Specifies the implementation of the <code>PostProcessor</code> interface that implements user-defined callbacks that can change the returned results of region get operations.</td> +<td><em>not set</em></td> +</tr> +<tr class="even"> <td>server-bind-address</td> <td>Relevant only for multi-homed hosts - machines with multiple network interface cards. Network adapter card a Geode server binds to for client/server communication. You can use this to separate the serverâs client/server communication from its peer-to-peer communication, spreading the traffic load. <p>This is a machine-wide attribute used for communication with clients in client/server and multi-site installations. This setting has no effect on locator configuration.</p>
