Skip to content

Document update - Security section #7920

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JinwooHwang merged 2 commits into from
Sep 4, 2025
Merged

Document update - Security section #7920

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
082f54b
Document update - Security section – Added the Security Model stateme…
kaajaln2 Aug 28, 2025
be02d70
Fixed based on review - Links called directly. Fixed indentation issu…
kaajaln2 Aug 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
174 changes: 89 additions & 85 deletions geode-book/master_middleman/source/subnavs/geode-subnav.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ limitations under the License.
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/about_geode.html">Apache Geode Documentation</a>
</li>
<li class="has_submenu">
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/getting_started/book_intro.html">Getting Started with Apache Geode</a>
<ul>
<li>
Expand Down Expand Up @@ -74,6 +74,94 @@ limitations under the License.
</li>
</ul>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/chapter_overview.html">Security</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security_model.html">Security Model</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_security.html">Security Implementation Introduction and Overview</a>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security_audit_overview.html">Security Detail Considerations</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security-audit.html">External Interfaces, Ports, and Services</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security-audit.html#topic_263072624B8D4CDBAD18B82E07AA44B6">Resources That Must Be Protected</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security-audit.html#topic_5B6DF783A14241399DC25C6EE8D0048A">Log File Locations</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/properties_file.html">Where to Place Security Configuration Settings</a>
</li>
</ul>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/enable_security.html">Enable Security with Property Definitions</a>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authentication_overview.html">Authentication</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_authentication.html">Implementing Authentication</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authentication_examples.html">Authentication Example</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_authentication_expiry.html">Implementing Authentication Expiry</a>
</li>
</ul>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authorization_overview.html">Authorization</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_authorization.html">Implementing Authorization</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/method_invocation_authorizers.html">Method Invocation Authorizers</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authorization_example.html">Authorization Examples</a>
</li>
</ul>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/post_processing.html">Post Processing of Region Data</a>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/ssl_overview.html">SSL</a>
<ul>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html">Configuring SSL</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#ssl_configurable_components">SSL-Configurable Components</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#ssl_configuration_properties">SSL Configuration Properties</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#ssl_property_reference_tables">SSL Property Reference Tables</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#implementing_ssl__sec_ssl_impl_proc">Procedure</a>
</li>
</ul>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/ssl_example.html">SSL Sample Implementation</a>
</li>
</ul>
</li>
</ul>
</li>

<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/configuring/chapter_overview.html">Configuring and Running a Cluster</a>
<ul>
Expand Down Expand Up @@ -584,90 +672,6 @@ limitations under the License.
</li>
</ul>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/chapter_overview.html">Security</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_security.html">Security Implementation Introduction and Overview</a>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security_audit_overview.html">Security Detail Considerations</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security-audit.html">External Interfaces, Ports, and Services</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security-audit.html#topic_263072624B8D4CDBAD18B82E07AA44B6">Resources That Must Be Protected</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security-audit.html#topic_5B6DF783A14241399DC25C6EE8D0048A">Log File Locations</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/properties_file.html">Where to Place Security Configuration Settings</a>
</li>
</ul>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/enable_security.html">Enable Security with Property Definitions</a>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authentication_overview.html">Authentication</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_authentication.html">Implementing Authentication</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authentication_examples.html">Authentication Example</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_authentication_expiry.html">Implementing Authentication Expiry</a>
</li>
</ul>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authorization_overview.html">Authorization</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_authorization.html">Implementing Authorization</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/method_invocation_authorizers.html">Method Invocation Authorizers</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authorization_example.html">Authorization Examples</a>
</li>
</ul>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/post_processing.html">Post Processing of Region Data</a>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/ssl_overview.html">SSL</a>
<ul>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html">Configuring SSL</a>
<ul>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#ssl_configurable_components">SSL-Configurable Components</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#ssl_configuration_properties">SSL Configuration Properties</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#ssl_property_reference_tables">SSL Property Reference Tables</a>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#implementing_ssl__sec_ssl_impl_proc">Procedure</a>
</li>
</ul>
</li>
<li>
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/ssl_example.html">SSL Sample Implementation</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="has_submenu">
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/monitor_tune/chapter_overview.html">Performance Tuning and Configuration</a>
<ul>
Expand Down
4 changes: 2 additions & 2 deletions geode-docs/basic_config/the_cache/managing_a_secure_cache.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ and authorization prior to cache operations.
Client apps and cluster members (servers and locators) require
configuration and setup when the `SecurityManager` is enabled.

See the section on [Security](../../managing/security/chapter_overview.html)
See the section on [Security](../../security/chapter_overview.html)
for details.
For authentication, see
[Implementing Authentication](../../managing/security/implementing_authentication.html).
[Implementing Authentication](../../security/implementing_authentication.html).
2 changes: 1 addition & 1 deletion geode-docs/configuring/cluster_config/gfsh_remote.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ To connect `gfsh` using the HTTP protocol to a remote cluster:
To configure SSL for the remote connection (HTTPS), enable SSL for the `http` component
in <span class="ph filepath">gemfire.properties</span> or <span class="ph
filepath">gfsecurity-properties</span> or upon server startup. See
[SSL](../../managing/security/ssl_overview.html) for details on configuring SSL parameters. These
[SSL](../../security/ssl_overview.html) for details on configuring SSL parameters. These
SSL parameters also apply to all HTTP services hosted on the configured JMX Manager, which can
include the following:

Expand Down
2 changes: 1 addition & 1 deletion geode-docs/developing/function_exec/function_execution.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ Code the methods you need for the function. These steps do not have to be done i
- If the function should be run with an authorization level other than
the default of `DATA:WRITE`,
implement an override of the `Function.getRequiredPermissions()` method.
See [Authorization of Function Execution](../../managing/security/implementing_authorization.html#AuthorizeFcnExecution) for details on this method.
See [Authorization of Function Execution](../../security/implementing_authorization.html#AuthorizeFcnExecution) for details on this method.
- Code the `execute` method to perform the work of the function.
1. Make `execute` thread safe to accommodate simultaneous invocations.
2. For high availability, code `execute` to accommodate multiple identical calls to the function. Use the `RegionFunctionContext` `isPossibleDuplicate` to determine whether the call may be a high-availability re-execution. This boolean is set to true on execution failure and is false otherwise.
Expand Down
2 changes: 1 addition & 1 deletion geode-docs/developing/function_exec/how_function_execution_works.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ a check is made to see that that caller is authorized to execute
the function.
The required permissions for authorization are provided by
the function's `Function.getRequiredPermissions()` method.
See [Authorization of Function Execution](../../managing/security/implementing_authorization.html#AuthorizeFcnExecution) for a discussion of this method.
See [Authorization of Function Execution](../../security/implementing_authorization.html#AuthorizeFcnExecution) for a discussion of this method.
2. Given successful authorization,
<%=vars.product_name%> invokes the function on all members where it
needs to run. The locations are determined by the `FunctionService` `on*`
Expand Down
6 changes: 3 additions & 3 deletions geode-docs/developing/query_select/the_where_clause.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -241,12 +241,12 @@ When a `null` argument is used, if the query processor cannot determine the prop

**Methods calls with the `SecurityManager` enabled**

When the `SecurityManager` is enabled, by default <%=vars.product_name%> throws a `NotAuthorizedException` when any method that does not belong to the to the list of default allowed methods, given in [RestrictedMethodAuthorizer](../../managing/security/method_invocation_authorizers.html#restrictedMethodAuthorizer), is invoked.
When the `SecurityManager` is enabled, by default <%=vars.product_name%> throws a `NotAuthorizedException` when any method that does not belong to the to the list of default allowed methods, given in [RestrictedMethodAuthorizer](../../security/method_invocation_authorizers.html#restrictedMethodAuthorizer), is invoked.

In order to further customize this authorization check, see [Changing the Method Authorizer](../../managing/security/method_invocation_authorizers.html#changing_method_authorizer).
In order to further customize this authorization check, see [Changing the Method Authorizer](../../security/method_invocation_authorizers.html#changing_method_authorizer).

In the past you could use the system property `gemfire.QueryService.allowUntrustedMethodInvocation` to disable the check altogether, but this approach is deprecated and will be removed in future releases;
you need to configure the [UnrestrictedMethodAuthorizer](../../managing/security/method_invocation_authorizers.html#unrestrictedMethodAuthorizer) instead.
you need to configure the [UnrestrictedMethodAuthorizer](../../security/method_invocation_authorizers.html#unrestrictedMethodAuthorizer) instead.

## <a id="the_where_clause__section_59E7D64746AE495D942F2F09EF7DB9B5" class="no-quick-link"></a>Enum Objects

Expand Down
8 changes: 5 additions & 3 deletions geode-docs/getting_started/15_minute_quickstart_gfsh.html.md.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -514,6 +514,8 @@ To shut down your cluster, do the following:

Here are some suggestions on what to explore next with <%=vars.product_name_long%>:

- Continue reading the next section to learn more about the components and concepts that were just introduced.
- To get more practice using `gfsh`, see [Tutorial—Performing Common Tasks with gfsh](../tools_modules/gfsh/tour_of_gfsh.html#concept_0B7DE9DEC1524ED0897C144EE1B83A34).
- To learn about the cluster configuration service, see [Tutorial—Creating and Using a Cluster Configuration](../configuring/cluster_config/persisting_configurations.html#task_bt3_z1v_dl).
- To ensure that your Geode instances are secure, see: [Security](../security/chapter_overview.html).
Copy link
Member

@raboof raboof Aug 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good idea to add this reference here

- To get more practice using `gfsh`, see [Tutorial—Performing Common Tasks with gfsh](../tools_modules/gfsh/tour_of_gfsh.html#concept_0B7DE9DEC1524ED0897C144EE1B83A34).
- To learn about the cluster configuration service, see [Tutorial—Creating and Using a Cluster Configuration](../configuring/cluster_config/persisting_configurations.html#task_bt3_z1v_dl).
- Continue reading the next section to learn more about the components and concepts that were just introduced.

Loading
Loading