org.springframework.data.gemfire.config.annotation

Annotation Type EnableSsl

@Target(value=TYPE)
 @Retention(value=RUNTIME)
 @Inherited
 @Documented
 @Import(value=SslConfiguration.class)
 @UsesGemFireProperties
public @interface EnableSsl

The EnableSsl annotation marks a Spring @Configuration annotated Class to configure and enable Pivotal GemFire/Apache Geode's TCP/IP Socket SSL.

Since:

1.9.0

Author:

John Blum, Srikanth Manvi

See Also:

Annotation, SecurableCommunicationChannels, Import, SslConfiguration

Optional Element Summary

Optional Elements

Modifier and Type	Optional Element and Description
String[]	ciphers Configures the SSL ciphers used for secure Socket connections as an array of valid cipher names.
EnableSsl.ComponentAlias[]	componentCertificateAliases Configures the names of all the individual Keystore certificates to use when configuring SSL for each Pivotal GemFire/Apache Geode EnableSsl.Component separately.
EnableSsl.Component[]	components Configures the Pivotal GemFire/Apache Geode components for which SSL will be enabled.
String	defaultCertificateAlias Configures the default name of a single Keystore certificate to use when configuring SSL for all Pivotal GemFire/Apache Geode components collectively.
boolean	enableEndpointIdentification If true then causes clients (or Apache Geode servers in cause of P2P) to validate the server's hostname using the server`s certificate.
String	keystore Pathname to the Keystore used for SSL communications.
String	keystorePassword Password to access the keys in the Keystore used for SSL communications.
String	keystoreType Identifies the type of Keystore used for SSL communications.
String[]	protocols Configures the SSL protocols used for secure Socket connections as an array of valid protocol names.
boolean	requireAuthentication Boolean value indicating whether to require authentication for SSL communication between clients, servers, gateways, etc.
String	truststore Pathname to the truststore used for SSL communications.
String	truststorePassword Password to access the keys in the truststore used for SSL communications.
String	truststoreType Identifies the type of truststore used for SSL communications.
boolean	useDefaultContext If true then this will enable the use of default SSL context and sets ssl-endpoint-identification-enabled to true.
boolean	webRequireAuthentication If true then requires two-way authentication for web component.

Element Detail

ciphers

public abstract String[] ciphers

Configures the SSL ciphers used for secure Socket connections as an array of valid cipher names. A setting of any uses any ciphers that are enabled by default in the configured JSSE provider. Defaults to any. Use the spring.data.gemfire.security.ssl.ciphers property in application.properties.

Default:

"any"

components

public abstract EnableSsl.Component[] components

Configures the Pivotal GemFire/Apache Geode components for which SSL will be enabled. Defaults to EnableSsl.Component.ALL. Use the spring.data.gemfire.security.ssl.components property in application.properties. E.g. spring.data.gemfire.security.ssl.components=cluster,gateway,locator,server.

Default:

org.springframework.data.gemfire.config.annotation.EnableSsl.Component.ALL

componentCertificateAliases

public abstract EnableSsl.ComponentAlias[] componentCertificateAliases

Configures the names of all the individual Keystore certificates to use when configuring SSL for each Pivotal GemFire/Apache Geode EnableSsl.Component separately. Each EnableSsl.Component defaults to the configured value of the defaultCertificateAlias() if not individually configured with this attribute. Use spring.data.gemfire.security.ssl.certificate.alias.<component> in application.properties. E.g. spring.data.gemfire.security.ssl.certificate.alias.gateway=WanCert.

Default:

{}

defaultCertificateAlias

public abstract String defaultCertificateAlias

Configures the default name of a single Keystore certificate to use when configuring SSL for all Pivotal GemFire/Apache Geode components collectively. If defaultAlias is not specified, then the first certificate in the Keystore acts as the default SSL certificate. Use the spring.data.gemfire.security.ssl.certificate.alias.default property in application.properties.

Default:

""

enableEndpointIdentification

public abstract boolean enableEndpointIdentification

If true then causes clients (or Apache Geode servers in cause of P2P) to validate the server's hostname using the server`s certificate. Set to true if useSSLDefaultDefaultContext is true. Defaults to false. Use the spring.data.gemfire.security.ssl.enable-endpoint-identification in application.properties.

Default:

false

keystore

public abstract String keystore

Pathname to the Keystore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.keystore property in application.properties.

Default:

""

keystorePassword

public abstract String keystorePassword

Password to access the keys in the Keystore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.keystore.password property in application.properties.

Default:

""

keystoreType

public abstract String keystoreType

Identifies the type of Keystore used for SSL communications. For example: JKS, PKCS11, etc. Defaults to JKS, or the Java Keystore. Use the spring.data.gemfire.security.ssl.keystore.type property in application.properties.

Default:

"JKS"

protocols

public abstract String[] protocols

Configures the SSL protocols used for secure Socket connections as an array of valid protocol names. A setting of any uses any protocol that is enabled by default in the configured JSSE provider. Defaults to any. Use the spring.data.gemfire.security.ssl.protocols property in application.properties.

Default:

"any"

requireAuthentication

public abstract boolean requireAuthentication

Boolean value indicating whether to require authentication for SSL communication between clients, servers, gateways, etc. Defaults to true. Use the spring.data.gemfire.security.ssl.require-authentication property in application.properties.

Default:

true

truststore

public abstract String truststore

Pathname to the truststore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.truststore property in application.properties.

Default:

""

truststorePassword

public abstract String truststorePassword

Password to access the keys in the truststore used for SSL communications. Defaults to unset. Use the spring.data.gemfire.security.ssl.truststore.password property in application.properties.

Default:

""

truststoreType

public abstract String truststoreType

Identifies the type of truststore used for SSL communications. For example: JKS, PKCS11, etc. Defaults to JKS, or the Java Keystore. Use the spring.data.gemfire.security.ssl.truststore.type property in application.properties.

Default:

"JKS"

useDefaultContext

public abstract boolean useDefaultContext

If true then this will enable the use of default SSL context and sets ssl-endpoint-identification-enabled to true. Defaults to false. Use the spring.data.gemfire.security.ssl.use-default-context in application.properties.

Default:

false

webRequireAuthentication

public abstract boolean webRequireAuthentication

If true then requires two-way authentication for web component. Defaults to false. Use the spring.data.gemfire.security.ssl.web-require-authentication in application.properties.

Default:

false