Configuring Credentials for Authentication

The client uses system properties to acquire valid credentials for authentication by the server. You define these properties in the geode.properties file, which the client accesses during startup.

security-client-auth-factory

System property for the factory function of the class implementing the AuthInitialize interface (IAuthInitialize in .NET). The .NET clients can load both C++ and .NET implementations. For .NET implementations, this property is the fully qualified name of the static factory function (including the namespace and class).

security-client-auth-library

System property for the library where the factory methods reside. The library is loaded explicitly and the factory functions are invoked dynamically, returning an object of the class implementing the AuthInitialize interface.

Other implementations of the AuthInitialize interface may be required to build credentials using properties that are also passed as system properties. These properties also start with the security- prefix. For example, the PKCS implementation requires an alias name and the corresponding keystore path, which are specified as security-alias and security-keystorepath, respectively. Similarly, UserPasswordAuthInitrequires a username specified in security-username, and the corresponding password is specified in the security-password system property.

The getCredentials function for the AuthInitialize interface is called to obtain the credentials. All system properties starting with security- are passed to this callback as the first argument to the getCredentials function, using this prototype:

PropertiesPtr getCredentials(PropertiesPtr& securityprops, const char *server);

Implementing the Factory Method for Authentication (C++ and .NET)

The following examples show how to implement the factory method in both C++ and .NET. C++ Implementation

LIBEXP AuthInitialize* createPKCSAuthInitInstance()
{
    return new PKCSAuthInit( );
}

.NET Implementation

public static IAuthInitialize Create()
{
    return new UserPasswordAuthInit();
}

Implementations of the factory method are user-provided. Credentials in the form of properties returned by this function are sent by the client to the server for authentication during the client’s handshake process with the server.

The client installation provides sample security implementations in its templates/security folder.

Acquiring Credentials Programmatically (C++ and .NET)

This example shows a C++ client connecting with credentials.

PropertiesPtr secProp = Properties::create();
secProp->insert("security-client-auth-factory", "createPKCSAuthInitInstance");
secProp->insert("security-client-auth-library", "securityImpl");
secProp->insert("security-keystorepath", "keystore/geode.keystore");
secProp->insert("security-alias", "geode");
secProp->insert("security-keystorepass", "geodepass");
CacheFactoryPtr cacheFactoryPtr = CacheFactory::createCacheFactory(secProp);

This example shows a .NET client.

Properties secProp = Properties.Create();
secProp.Insert("security-client-auth-factory", 
   "Apache.Geode.Templates.Cache.Security.UserPasswordAuthInit.Create");
secProp.Insert("security-client-auth-library", "securityImpl");
secProp.Insert("security-username"," geode");
secProp.Insert("security-password"," geodePass);