| --- |
| title: Configuring Credentials for Authentication |
| --- |
| |
| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| The client uses system properties to acquire valid credentials for authentication by the server. You define these properties in the `geode.properties` file, which the client accesses during startup. |
| |
| ## <a id="security__section_E1835A3B22D44D47A4C9DB54A3590B71" class="no-quick-link"></a>security-client-auth-factory |
| |
| System property for the factory function of the class implementing the `AuthInitialize` interface (`IAuthInitialize` in .NET). The .NET clients can load both C++ and .NET implementations. For .NET implementations, this property is the fully qualified name of the static factory function (including the namespace and class). |
| |
| ## <a id="security__section_15C6689C363B469B947B177E1DE73208" class="no-quick-link"></a>security-client-auth-library |
| |
| System property for the library where the factory methods reside. The library is loaded explicitly and the factory functions are invoked dynamically, returning an object of the class implementing the `AuthInitialize` interface. |
| |
| Other implementations of the `AuthInitialize` interface may be required to build credentials using properties that are also passed as system properties. These properties also start with the security- prefix. For example, the PKCS implementation requires an alias name and the corresponding keystore path, which are specified as `security-alias` and `security-keystorepath`, respectively. Similarly, `UserPasswordAuthInit `requires a username specified in `security-username`, and the corresponding password is specified in the `security-password` system property. |
| |
| The `getCredentials` function for the `AuthInitialize` interface is called to obtain the credentials. All system properties starting with security- are passed to this callback as the first argument to the `getCredentials` function, using this prototype: |
| |
| `PropertiesPtr getCredentials(PropertiesPtr& securityprops, const char *server);` |
| |
| ## <a id="security__section_869DD42F1B23450D9425712EBBD5CB1C" class="no-quick-link"></a>Implementing the Factory Method for Authentication (C++ and .NET) |
| |
| The following examples show how to implement the factory method in both C++ and .NET. **C++ Implementation** |
| |
| ``` pre |
| LIBEXP AuthInitialize* createPKCSAuthInitInstance() |
| { |
| return new PKCSAuthInit( ); |
| } |
| ``` |
| |
| **.NET Implementation** |
| |
| ``` pre |
| public static IAuthInitialize Create() |
| { |
| return new UserPasswordAuthInit(); |
| } |
| ``` |
| |
| Implementations of the factory method are user-provided. Credentials in the form of properties returned by this function are sent by the client to the server for authentication during the client’s handshake process with the server. |
| |
| The client installation provides sample security implementations in its `templates/security` folder. |
| |
| ## <a id="security__section_9DEC6B55C76D446FB0821AF3B3922BD6" class="no-quick-link"></a>Acquiring Credentials Programmatically (C++ and .NET) |
| |
| This example shows a C++ client connecting with credentials. |
| |
| ``` pre |
| PropertiesPtr secProp = Properties::create(); |
| secProp->insert("security-client-auth-factory", "createPKCSAuthInitInstance"); |
| secProp->insert("security-client-auth-library", "securityImpl"); |
| secProp->insert("security-keystorepath", "keystore/geode.keystore"); |
| secProp->insert("security-alias", "geode"); |
| secProp->insert("security-keystorepass", "geodepass"); |
| CacheFactoryPtr cacheFactoryPtr = CacheFactory::createCacheFactory(secProp); |
| ``` |
| |
| This example shows a .NET client. |
| |
| ``` pre |
| Properties secProp = Properties.Create(); |
| secProp.Insert("security-client-auth-factory", |
| "Apache.Geode.Templates.Cache.Security.UserPasswordAuthInit.Create"); |
| secProp.Insert("security-client-auth-library", "securityImpl"); |
| secProp.Insert("security-username"," geode"); |
| secProp.Insert("security-password"," geodePass); |
| ``` |