Annotation Interface EnableSsl
@Target(TYPE)
@Retention(RUNTIME)
@Inherited
@Documented
@Import(SslConfiguration.class)
@UsesGemFireProperties
public @interface EnableSsl
The
EnableSsl
annotation marks a Spring @Configuration
annotated Class
to configure and enable Pivotal GemFire/Apache Geode's TCP/IP Socket SSL.- Since:
- 1.9.0
- Author:
- John Blum, Srikanth Manvi
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic enum
static @interface
-
Optional Element Summary
Modifier and TypeOptional ElementDescriptionString[]
Configures the SSL ciphers used for secure Socket connections as an array of validcipher names
.String[]
Configures a list of the SSL protocols to enable on the client-side of the SSL connection.Configures thenames
of all the individual Keystore certificates to use when configuring SSL for each Pivotal GemFire/Apache GeodeEnableSsl.Component
separately.Configures the Pivotal GemFire/Apache Geode components for which SSL will be enabled.Configures the defaultname
of a single Keystore certificate to use when configuring SSL for all Pivotal GemFire/Apache Geodecomponents
collectively.boolean
If true then causes clients (or Apache Geode servers in cause of P2P) to validate the server's hostname using the server`s certificate.Pathname to the Keystore used for SSL communications.Password to access the keys in the Keystore used for SSL communications.Identifies the type of Keystore used for SSL communications.String[]
Configures the SSL protocols used for secure Socket connections as an array of validprotocol names
.boolean
Boolean value indicating whether to require authentication for SSL communication between clients, servers, gateways, etc.String[]
Configures a list of the SSL protocols to enable on the server-side of the SSL connection.Pathname to the truststore used for SSL communications.Password to access the keys in the truststore used for SSL communications.Identifies the type of truststore used for SSL communications.boolean
If true then this will enable the use of default SSL context and sets ssl-endpoint-identification-enabled to true.boolean
If true then requires two-way authentication for web component.
-
Element Details
-
ciphers
String[] ciphersConfigures the SSL ciphers used for secure Socket connections as an array of validcipher names
. A setting of any uses any ciphers that are enabled by default in the configured JSSE provider. Defaults to any. Use the spring.data.gemfire.security.ssl.ciphers property in application.properties.- Default:
- {"any"}
-
clientProtocols
String[] clientProtocolsConfigures a list of the SSL protocols to enable on the client-side of the SSL connection. The protocols listed must be supported by the available providers. Defaults to empty. Use the spring.data.gemfire.security.ssl.client.protocols property in application.properties.- Default:
- {}
-
components
EnableSsl.Component[] componentsConfigures the Pivotal GemFire/Apache Geode components for which SSL will be enabled. Defaults toEnableSsl.Component.ALL
. Use the spring.data.gemfire.security.ssl.components property in application.properties. E.g. spring.data.gemfire.security.ssl.components=cluster,gateway,locator,server.- Default:
- {ALL}
-
componentCertificateAliases
EnableSsl.ComponentAlias[] componentCertificateAliasesConfigures thenames
of all the individual Keystore certificates to use when configuring SSL for each Pivotal GemFire/Apache GeodeEnableSsl.Component
separately. EachEnableSsl.Component
defaults to the configured value of thedefaultCertificateAlias()
if not individually configured with this attribute. Use spring.data.gemfire.security.ssl.certificate.alias.<component> in application.properties. E.g. spring.data.gemfire.security.ssl.certificate.alias.gateway=WanCert.- Default:
- {}
-
defaultCertificateAlias
String defaultCertificateAliasConfigures the defaultname
of a single Keystore certificate to use when configuring SSL for all Pivotal GemFire/Apache Geodecomponents
collectively. IfdefaultAlias
is not specified, then the first certificate in the Keystore acts as the default SSL certificate. Use the spring.data.gemfire.security.ssl.certificate.alias.default property in application.properties.- Default:
- ""
-
enableEndpointIdentification
boolean enableEndpointIdentificationIf true then causes clients (or Apache Geode servers in cause of P2P) to validate the server's hostname using the server`s certificate. Set to true if useSSLDefaultDefaultContext is true. Defaults to false. Use the spring.data.gemfire.security.ssl.enable-endpoint-identification in application.properties.- Default:
- false
-
keystore
String keystorePathname to the Keystore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.keystore property in application.properties.- Default:
- ""
-
keystorePassword
String keystorePasswordPassword to access the keys in the Keystore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.keystore.password property in application.properties.- Default:
- ""
-
keystoreType
String keystoreTypeIdentifies the type of Keystore used for SSL communications. For example: JKS, PKCS11, etc. Defaults to JKS, or the Java Keystore. Use the spring.data.gemfire.security.ssl.keystore.type property in application.properties.- Default:
- "JKS"
-
protocols
String[] protocolsConfigures the SSL protocols used for secure Socket connections as an array of validprotocol names
. A setting of any uses any protocol that is enabled by default in the configured JSSE provider. Defaults to any. Use the spring.data.gemfire.security.ssl.protocols property in application.properties.- Default:
- {"any"}
-
requireAuthentication
boolean requireAuthenticationBoolean value indicating whether to require authentication for SSL communication between clients, servers, gateways, etc. Defaults to true. Use the spring.data.gemfire.security.ssl.require-authentication property in application.properties.- Default:
- true
-
serverProtocols
String[] serverProtocolsConfigures a list of the SSL protocols to enable on the server-side of the SSL connection. The protocols listed must be supported by the available providers. Defaults to empty. Use the spring.data.gemfire.security.ssl.server.protocols property in application.properties.- Default:
- {}
-
truststore
String truststorePathname to the truststore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.truststore property in application.properties.- Default:
- ""
-
truststorePassword
String truststorePasswordPassword to access the keys in the truststore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.truststore.password property in application.properties.- Default:
- ""
-
truststoreType
String truststoreTypeIdentifies the type of truststore used for SSL communications. For example: JKS, PKCS11, etc. Defaults to JKS, or the Java Keystore. Use the spring.data.gemfire.security.ssl.truststore.type property in application.properties.- Default:
- "JKS"
-
useDefaultContext
boolean useDefaultContextIf true then this will enable the use of default SSL context and sets ssl-endpoint-identification-enabled to true. Defaults to false. Use the spring.data.gemfire.security.ssl.use-default-context in application.properties.- Default:
- false
-
webRequireAuthentication
boolean webRequireAuthenticationIf true then requires two-way authentication for web component. Defaults to false. Use the spring.data.gemfire.security.ssl.web-require-authentication in application.properties.- Default:
- false
-