LATEST VERSION: 8.2.6 - CHANGELOG
Pivotal GemFire® v8.2

Configuring Credentials for Authentication

Configuring Credentials for Authentication

The native client uses system properties to acquire valid credentials for authentication by the server. You define these properties in the gfcpp.properties file, which the native client accesses during startup.

security-client-auth-factory

System property for the factory function of the class implementing the AuthInitialize interface (IAuthInitialize in .NET). The .NET clients can load both C++ and .NET implementations. For .NET implementations, this property is the fully qualified name of the static factory function (including the namespace and class).

security-client-auth-library

System property for the library where the factory methods reside. The library is loaded explicitly and the factory functions are invoked dynamically, returning an object of the class implementing the AuthInitialize interface.

Other implementations of the AuthInitialize interface may be required to build credentials using properties that are also passed as system properties. These properties also start with the security- prefix. For example, the PKCS implementation requires an alias name and the corresponding keystore path, which are specified as security-alias and security-keystorepath, respectively. Similarly, UserPasswordAuthInit requires a username specified in security-username, and the corresponding password is specified in the security-password system property.

The getCredentials function for the AuthInitialize interface is called to obtain the credentials. All system properties starting with security- are passed to this callback as the first argument to the getCredentials function, as shown in the following code snippet:

PropertiesPtr getCredentials(PropertiesPtr& securityprops, const char *server);

Implementing the Factory Method for Authentication (C++ and .NET)

The following examples show how to implement the factory method in both C++ and .NET. C++ Implementation
LIBEXP AuthInitialize* createPKCSAuthInitInstance()
{
return new PKCSAuthInit( );
}
.NET Implementation
public static IAuthInitialize Create()
{
return new UserPasswordAuthInit();
}

Implementations of the factory method are user-provided. Credentials in the form of properties returned by this function are sent by the client to the server for authentication during the client’s handshake process with the server.

The GemFire native client installation provides sample security implementations in its templates/security folder.

Acquiring Credentials Programmatically (C++ and .NET)

This example shows a C++ client connecting with credentials.
PropertiesPtr secProp = Properties::create();
secProp->insert("security-client-auth-factory",
"createPKCSAuthInitInstance");
secProp->insert("security-client-auth-library", "securityImpl");
secProp->insert("security-keystorepath", "keystore/gemfire6.keystore");
secProp->insert("security-alias", "gemfire6");
secProp->insert("security-zkeystorepass", "gemfire");
CacheFactoryPtr cacheFactoryPtr = CacheFactory::createCacheFactory(secProp);
This example shows a .NET client.
Properties secProp = Properties.Create();
secProp.Insert("security-client-auth-factory",
"GemStone.GemFire.Templates.Cache.Security.
UserPasswordAuthInit.Create");
secProp.Insert("security-client-auth-library", "securityImpl");
secProp.Insert("security-username"," gemfire6");
secProp.Insert("security-password"," gemfire6Pass);