Introduction to vFabric GemFire Security

The security framework establishes trust between members, and also authorizes cache operations from clients based on that trust. You establish trust by verifying credentials when one process connects to another, for example:
  • New members connect to the locator in a peer-to-peer topology.
  • Clients connect to cache servers.
  • One system connects to another in a multi-site system, using mutual authentication.
  • Diffie-Hellman key exchange to encrypt sensitive credentials.

vFabric GemFire Security Features

GemFire provides member authentication and cache access authorization with these features:
  • Flexible plug-in framework. Plug-in mechanism for authentication of clients and servers and authorization of cache operations from clients. Any security infrastructure can be plugged into the system as long as the plug-ins implement the required GemFire interfaces.
  • Cache server authentication. Allows peer cache servers into the distributed system if their credentials are authenticated by the locator to which they connect.
  • Client authentication. Implemented through authentication of client’s credentials by a cache server when the client attempts to connect to the server. Multiple users can connect, with separate authorization levels, from within one client application.
  • SSL-based authentication. Allows configuration of all connections to be SSL- based, rather than plain socket connections.
  • Authorization of cache operations. Selectively authorized cache operations by clients based on the predefined, associated roles, where the credentials are provided by the client when connecting to the server.
  • Data modification based on authorization. Allows authorization callbacks to modify or filter data sent from the client to the server. Similarly, after the cache operations complete on the server, a post authorization callback occurs, that can filter or modify results sent to the client. However, the results cannot be modified while using function execution.
  • Sample implementations. Authentication and authorization sample implementations.