Managing RegionServices for Multiple Secure Users
In a secure system, you can create clients with multiple, secure connections to the servers from each client. The most common use case is a Geode client embedded in an application server that supports data requests from many users. Each user may be authorized to access a subset of data on the servers. For example, customer users may be allowed to see and update only their own orders and shipments.
In a single client, multiple authenticated users can all access the same
ClientCache through instances of the
RegionService interface. Because there are multiple users with varying authorization levels, access to cached data is done entirely through the servers, where each user’s authorization can be managed.
Follow these steps in addition to the steps in Managing a Cache in a Secure System.
Create your cache and
Configure your client’s server pool for multiple secure user authentication. Example:
<pool name="serverPool" multiuser-authentication="true"> <locator host="host1" port="44444"/> </pool>
This enables access through the pool for the
RegionServiceinstances and disables it for the
After you create your
ClientCache, from your
ClientCacheinstance, for each user call the
createAuthenticatedViewmethod, providing the user’s particular credentials. These are create method calls for two users:
Properties properties = new Properties(); properties.setProperty("security-username", cust1Name); properties.setProperty("security-password", cust1Pwd); RegionService regionService1 = clientCache.createAuthenticatedView(properties); properties = new Properties(); properties.setProperty("security-username", cust2Name); properties.setProperty("security-password", cust2Pwd); RegionService regionService2 = clientCache.createAuthenticatedView(properties);
For each user, do all of your caching and region work through the assigned
RegionServiceinstance. Access to the server cache will be governed by the server’s configured authorization rules for each individual user.
Close your cache by closing the
ClientCacheinstance only. Do not close the
RegionServiceinstances first. This is especially important for durable clients.
Once each region is created, you can perform operations on it through the
ClientCache instance or the
RegionService instances, but not both.
You can use the
ClientCache to create a region that uses a pool configured for multi-user authentication, then access and do work on the region using your
RegionService, regions must be configured as
EMPTY. Depending on your data access requirements, this configuration might affect performance, because the client goes to the server for every get.