| --- |
| title: Client Authorization |
| --- |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| Using a provided callback that implements the `AccessControl` interface, you can configure each server to authorize some or all cache operations. |
| |
| The callback can also modify or even disallow the data being provided by the client in the operation, such as a put or a `putAll` operation. The callback can also register itself as a post-processing filter that is passed operation results like `get`, `getAll`, and `query`. |
| |
| - **[Configuring Client Authorization](config-clientauthorization.html)** |
| |
| You can configure authorization on a per-client basis for various cache operations such as create, get, put, query invalidations, interest registration, and region destroys. On the server side, the `securityclient-accessor` system property in the server’s `geode.properties` file specifies the authorization callback. |
| |
| - **[Post-Operative Authorization](postopauthorization.html)** |
| |
| Authorization in the post-operation phase occurs on the server after the operation is complete and before the results are sent to the client. |
| |
| - **[Determining Pre- or Post-Operation Authorization](usingoperationcontext.html)** |
| |
| The `OperationContext` object that is passed to the `authorizeOperation` method of the callback as the second argument provides an `isPostOperation` method that returns true when the callback is invoked in the post-operation phase. |
| |
| |