Chapter 8. Authentication and Role-Based Access Control
In this chapter, we look at using role-based access control (RBAC) in GemFire and securing the communication between various components by using Secure Sockets Layer (SSL).
Authentication and Authorization
Before we dig into how authentication and authorization works, let’s try to look at the operations that you can perform in GemFire that would need to be authenticated and authorized.
Background
In GemFire you can start/stop locators and servers and you can alter their runtime to change log-level as well as other administrative actions. You are creating regions to store your data, defining indexes, and defining disk stores to persist your data; you then actually insert data, and access and query it.
We can broadly classify these actions into two categories based on the type of resource being worked on. Starting servers, altering runtime, and defining disk stores are operations that involve working on your CLUSTER, whereas put(), get() and queries work on DATA as the resource. The security framework classifies all operations in these two major categories.
Within each resource classification, we can further classify all commands as either accessing the resource (READ), writing to the resource (WRITE), or making changes to the resource (MANAGE). For example, list members just accesses the CLUSTER resource, whereas stop server manages it.
Table 8-1 shows classifications of some of the commands. You can find ...
Get Scaling Data Services with Pivotal GemFire now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
