Using a provided callback that implements the
AccessControl interface, you can configure each server to authorize some or all cache operations.
The callback can also modify or even disallow the data being provided by the client in the operation, such as a put or a
putAll operation. The callback can also register itself as a post-processing filter that is passed operation results like
Configuring Client Authorization
You can configure authorization on a per-client basis for various cache operations such as create, get, put, query invalidations, interest registration, and region destroys. On the server side, the
securityclient-accessorsystem property in the server’s
gemfire.propertiesfile specifies the authorization callback.
Authorization in the post-operation phase occurs on the server after the operation is complete and before the results are sent to the client.
Determining Pre- or Post-Operation Authorization
OperationContextobject that is passed to the
authorizeOperationmethod of the callback as the second argument provides an
isPostOperationmethod that returns true when the callback is invoked in the post-operation phase.