docs/geode-native-docs/security/systempropsforauth.html.md.erb - geode-native - Git at Google

 ---
 title:  Configuring Credentials for Authentication
 ---

 <!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 -->

 The client uses system properties to acquire valid credentials for authentication by the server. You define these properties in the `geode.properties` file, which the client accesses during startup.

 ## <a id="security__section_E1835A3B22D44D47A4C9DB54A3590B71" class="no-quick-link"></a>security-client-auth-factory

 System property for the factory function of the class implementing the `AuthInitialize` interface (`IAuthInitialize` in .NET). The .NET clients can load both C++ and .NET implementations. For .NET implementations, this property is the fully qualified name of the static factory function (including the namespace and class).

 ## <a id="security__section_15C6689C363B469B947B177E1DE73208" class="no-quick-link"></a>security-client-auth-library

 System property for the library where the factory methods reside. The library is loaded explicitly and the factory functions are invoked dynamically, returning an object of the class implementing the `AuthInitialize` interface.

 Other implementations of the `AuthInitialize` interface may be required to build credentials using properties that are also passed as system properties. These properties also start with the security- prefix. For example, the PKCS implementation requires an alias name and the corresponding keystore path, which are specified as `security-alias` and `security-keystorepath`, respectively. Similarly, `UserPasswordAuthInit `requires a username specified in `security-username`, and the corresponding password is specified in the `security-password` system property.

 The `getCredentials` function for the `AuthInitialize` interface is called to obtain the credentials. All system properties starting with security- are passed to this callback as the first argument to the `getCredentials` function, using this prototype:

 `PropertiesPtr getCredentials(PropertiesPtr& securityprops, const char                     *server);`

 ## <a id="security__section_869DD42F1B23450D9425712EBBD5CB1C" class="no-quick-link"></a>Implementing the Factory Method for Authentication (C++ and .NET)

 The following examples show how to implement the factory method in both C++ and .NET. **C++ Implementation**

 ``` pre
 LIBEXP AuthInitialize* createPKCSAuthInitInstance()
 {
     return new PKCSAuthInit( );
 }
 ```

 **.NET Implementation**

 ``` pre
 public static IAuthInitialize Create()
 {
     return new UserPasswordAuthInit();
 }
 ```

 Implementations of the factory method are user-provided. Credentials in the form of properties returned by this function are sent by the client to the server for authentication during the client’s handshake process with the server.

 The client installation provides sample security implementations in its `templates/security` folder.

 ## <a id="security__section_9DEC6B55C76D446FB0821AF3B3922BD6" class="no-quick-link"></a>Acquiring Credentials Programmatically (C++ and .NET)

 This example shows a C++ client connecting with credentials.

 ``` pre
 PropertiesPtr secProp = Properties::create();
 secProp->insert("security-client-auth-factory", "createPKCSAuthInitInstance");
 secProp->insert("security-client-auth-library", "securityImpl");
 secProp->insert("security-keystorepath", "keystore/geode.keystore");
 secProp->insert("security-alias", "geode");
 secProp->insert("security-keystorepass", "geodepass");
 CacheFactoryPtr cacheFactoryPtr = CacheFactory::createCacheFactory(secProp);
 ```

 This example shows a .NET client.

 ``` pre
 Properties secProp = Properties.Create();
 secProp.Insert("security-client-auth-factory",
    "Apache.Geode.Templates.Cache.Security.UserPasswordAuthInit.Create");
 secProp.Insert("security-client-auth-library", "securityImpl");
 secProp.Insert("security-username"," geode");
 secProp.Insert("security-password"," geodePass);
 ```
	---
	title: Configuring Credentials for Authentication
	---

	<!--
	Licensed to the Apache Software Foundation (ASF) under one or more
	contributor license agreements. See the NOTICE file distributed with
	this work for additional information regarding copyright ownership.
	The ASF licenses this file to You under the Apache License, Version 2.0
	(the "License"); you may not use this file except in compliance with
	the License. You may obtain a copy of the License at

	http://www.apache.org/licenses/LICENSE-2.0

	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	-->

	The client uses system properties to acquire valid credentials for authentication by the server. You define these properties in the `geode.properties` file, which the client accesses during startup.

	## <a id="security__section_E1835A3B22D44D47A4C9DB54A3590B71" class="no-quick-link"></a>security-client-auth-factory

	System property for the factory function of the class implementing the `AuthInitialize` interface (`IAuthInitialize` in .NET). The .NET clients can load both C++ and .NET implementations. For .NET implementations, this property is the fully qualified name of the static factory function (including the namespace and class).

	## <a id="security__section_15C6689C363B469B947B177E1DE73208" class="no-quick-link"></a>security-client-auth-library

	System property for the library where the factory methods reside. The library is loaded explicitly and the factory functions are invoked dynamically, returning an object of the class implementing the `AuthInitialize` interface.

	Other implementations of the `AuthInitialize` interface may be required to build credentials using properties that are also passed as system properties. These properties also start with the security- prefix. For example, the PKCS implementation requires an alias name and the corresponding keystore path, which are specified as `security-alias` and `security-keystorepath`, respectively. Similarly, `UserPasswordAuthInit `requires a username specified in `security-username`, and the corresponding password is specified in the `security-password` system property.

	The `getCredentials` function for the `AuthInitialize` interface is called to obtain the credentials. All system properties starting with security- are passed to this callback as the first argument to the `getCredentials` function, using this prototype:

	`PropertiesPtr getCredentials(PropertiesPtr& securityprops, const char *server);`

	## <a id="security__section_869DD42F1B23450D9425712EBBD5CB1C" class="no-quick-link"></a>Implementing the Factory Method for Authentication (C++ and .NET)

	The following examples show how to implement the factory method in both C++ and .NET. C++ Implementation

	``` pre
	LIBEXP AuthInitialize* createPKCSAuthInitInstance()
	{
	return new PKCSAuthInit( );
	}
	```

	.NET Implementation

	``` pre
	public static IAuthInitialize Create()
	{
	return new UserPasswordAuthInit();
	}
	```

	Implementations of the factory method are user-provided. Credentials in the form of properties returned by this function are sent by the client to the server for authentication during the client’s handshake process with the server.

	The client installation provides sample security implementations in its `templates/security` folder.

	## <a id="security__section_9DEC6B55C76D446FB0821AF3B3922BD6" class="no-quick-link"></a>Acquiring Credentials Programmatically (C++ and .NET)

	This example shows a C++ client connecting with credentials.

	``` pre
	PropertiesPtr secProp = Properties::create();
	secProp->insert("security-client-auth-factory", "createPKCSAuthInitInstance");
	secProp->insert("security-client-auth-library", "securityImpl");
	secProp->insert("security-keystorepath", "keystore/geode.keystore");
	secProp->insert("security-alias", "geode");
	secProp->insert("security-keystorepass", "geodepass");
	CacheFactoryPtr cacheFactoryPtr = CacheFactory::createCacheFactory(secProp);
	```

	This example shows a .NET client.

	``` pre
	Properties secProp = Properties.Create();
	secProp.Insert("security-client-auth-factory",
	"Apache.Geode.Templates.Cache.Security.UserPasswordAuthInit.Create");
	secProp.Insert("security-client-auth-library", "securityImpl");
	secProp.Insert("security-username"," geode");
	secProp.Insert("security-password"," geodePass);
	```