Annotation Interface EnableSsl


The EnableSsl annotation marks a Spring @Configuration annotated Class to configure and enable Pivotal GemFire/Apache Geode's TCP/IP Socket SSL.
Since:
1.9.0
Author:
John Blum, Srikanth Manvi
See Also:
  • Element Details

    • ciphers

      String[] ciphers
      Configures the SSL ciphers used for secure Socket connections as an array of valid cipher names. A setting of any uses any ciphers that are enabled by default in the configured JSSE provider. Defaults to any. Use the spring.data.gemfire.security.ssl.ciphers property in application.properties.
      Default:
      {"any"}
    • clientProtocols

      String[] clientProtocols
      Configures a list of the SSL protocols to enable on the client-side of the SSL connection. The protocols listed must be supported by the available providers. Defaults to empty. Use the spring.data.gemfire.security.ssl.client.protocols property in application.properties.
      Default:
      {}
    • components

      EnableSsl.Component[] components
      Configures the Pivotal GemFire/Apache Geode components for which SSL will be enabled. Defaults to EnableSsl.Component.ALL. Use the spring.data.gemfire.security.ssl.components property in application.properties. E.g. spring.data.gemfire.security.ssl.components=cluster,gateway,locator,server.
      Default:
      {ALL}
    • componentCertificateAliases

      EnableSsl.ComponentAlias[] componentCertificateAliases
      Configures the names of all the individual Keystore certificates to use when configuring SSL for each Pivotal GemFire/Apache Geode EnableSsl.Component separately. Each EnableSsl.Component defaults to the configured value of the defaultCertificateAlias() if not individually configured with this attribute. Use spring.data.gemfire.security.ssl.certificate.alias.<component> in application.properties. E.g. spring.data.gemfire.security.ssl.certificate.alias.gateway=WanCert.
      Default:
      {}
    • defaultCertificateAlias

      String defaultCertificateAlias
      Configures the default name of a single Keystore certificate to use when configuring SSL for all Pivotal GemFire/Apache Geode components collectively. If defaultAlias is not specified, then the first certificate in the Keystore acts as the default SSL certificate. Use the spring.data.gemfire.security.ssl.certificate.alias.default property in application.properties.
      Default:
      ""
    • enableEndpointIdentification

      boolean enableEndpointIdentification
      If true then causes clients (or Apache Geode servers in cause of P2P) to validate the server's hostname using the server`s certificate. Set to true if useSSLDefaultDefaultContext is true. Defaults to false. Use the spring.data.gemfire.security.ssl.enable-endpoint-identification in application.properties.
      Default:
      false
    • keystore

      String keystore
      Pathname to the Keystore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.keystore property in application.properties.
      Default:
      ""
    • keystorePassword

      String keystorePassword
      Password to access the keys in the Keystore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.keystore.password property in application.properties.
      Default:
      ""
    • keystoreType

      String keystoreType
      Identifies the type of Keystore used for SSL communications. For example: JKS, PKCS11, etc. Defaults to JKS, or the Java Keystore. Use the spring.data.gemfire.security.ssl.keystore.type property in application.properties.
      Default:
      "JKS"
    • protocols

      String[] protocols
      Configures the SSL protocols used for secure Socket connections as an array of valid protocol names. A setting of any uses any protocol that is enabled by default in the configured JSSE provider. Defaults to any. Use the spring.data.gemfire.security.ssl.protocols property in application.properties.
      Default:
      {"any"}
    • requireAuthentication

      boolean requireAuthentication
      Boolean value indicating whether to require authentication for SSL communication between clients, servers, gateways, etc. Defaults to true. Use the spring.data.gemfire.security.ssl.require-authentication property in application.properties.
      Default:
      true
    • serverProtocols

      String[] serverProtocols
      Configures a list of the SSL protocols to enable on the server-side of the SSL connection. The protocols listed must be supported by the available providers. Defaults to empty. Use the spring.data.gemfire.security.ssl.server.protocols property in application.properties.
      Default:
      {}
    • truststore

      String truststore
      Pathname to the truststore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.truststore property in application.properties.
      Default:
      ""
    • truststorePassword

      String truststorePassword
      Password to access the keys in the truststore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.truststore.password property in application.properties.
      Default:
      ""
    • truststoreType

      String truststoreType
      Identifies the type of truststore used for SSL communications. For example: JKS, PKCS11, etc. Defaults to JKS, or the Java Keystore. Use the spring.data.gemfire.security.ssl.truststore.type property in application.properties.
      Default:
      "JKS"
    • useDefaultContext

      boolean useDefaultContext
      If true then this will enable the use of default SSL context and sets ssl-endpoint-identification-enabled to true. Defaults to false. Use the spring.data.gemfire.security.ssl.use-default-context in application.properties.
      Default:
      false
    • webRequireAuthentication

      boolean webRequireAuthentication
      If true then requires two-way authentication for web component. Defaults to false. Use the spring.data.gemfire.security.ssl.web-require-authentication in application.properties.
      Default:
      false