If num is set to 1 or 2, Glacier2 adds a number of key–value pairs to the context that it sends with each request. If
num is set to 1, these entries are adde to the context for all forwarded requests. If
num is set to 2, the contexts are added only to calls to
checkPermissions and
authorize on permission verifiers, and to calls to
create on session managers.
For sessions created with createSessionFromSecureConnection, this property, when set to a value greater than zero, instructs Glacier2 to provide additional information in the context of each request:
If Glacier2.AddSSLContext is not defined, its default value is zero.
Specifies a white space-separated list of identity categories. If this property is defined, then the Glacier2 router only allows requests to Ice objects with an identity that matches one of the categories from this list. If
Glacier2.AddUserToAllowCategories is defined with a non-zero value, the router automatically adds the user id of each session to this list.
If num is set to a value larger than zero, the Glacier2 router always batches queued oneway requests from clients to servers regardless of the value of their
_fwd contexts. This property is only relevant when
Glacier2.Client.Buffered=1. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router operates in buffered mode, in which incoming requests from clients are queued and processed in a separate thread. If
num is set to zero, the router operates in unbuffered mode in which a request is forwarded in the same thread that received it. The default value is
1. See
Section 42.9 for more information.
Glacier2 uses the adapter name Glacier2.Client for the object adapter that it provides to clients. Therefore, all the adapter properties detailed in
Section D.4 can be used to configure this adapter.
Note that Glacier2.Registry.Client.Endpoints controls the client endpoint for Glacier2. The port numbers 4063 (for TCP) and 4064 (for SSL) are reserved for Glacier2 by the
Internet Assigned Numbers Authority (IANA).
If num is set to a value larger than zero, the Glacier2 router includes the context in forwarded requests from clients to servers. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router sleeps for the specified number of milliseconds after forwarding all queued requests from a client. This delay is useful for batched delivery because it makes it more likely for events to accumulate in a single batch. Similarly, if overrides are used, the delay makes it more likely for overrides to actually take effect. This property is only relevant when
Glacier2.Client.Buffered=1. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router logs a trace message whenever a request was overridden. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router logs a trace message whenever the router's configured filters reject a client's request. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router logs a trace message for each request that is forwarded from a client. The default value is
0.
Specifies the file name of a Glacier2 access control list (see Section 42.6.1). Each line of the file must contain a user name and a password, separated by white space. The password must be a 13‑character crypt-encoded string. This property is ignored if
Glacier2.PermissionsVerifier is defined.
Specifies a space-separated list of adapter identifiers. If defined, the Glacier2 router only allows requests to Ice objects with an adapter identifier that matches one of the entries in this list.
Identifiers that contain spaces must be enclosed in single or double quotes. Single or double quotes that appear within an identifier must be escaped with a leading backslash.
Specifies a space-separated list of address–port pairs. When defined, the Glacier2 router only allows requests to Ice objects through proxies that contain network endpoint information that matches an address–port pair listed in this property. If not defined, the default value is
*, which indicates that any network address is permitted. Requests accepted by this property may be rejected by the
Glacier2.Filter.Address.Reject property.
Each pair is of the form address:port. The
address or
port number portion can include wildcards ('
*') or value ranges or groups. Ranges and groups are in the form
[value1, value2, value3, ...] and/or
[value1‑value2]. Wildcards, ranges, and groups may appear anywhere in the address–port pair string.
Specifies a space-separated list of address–port pairs. When defined, the Glacier2 router rejects requests to Ice objects through proxies that contain network endpoint information that matches an address–port pair listed in this property. If not set, the Glacier2 router allows requests to any network address unless the
Glacier2.Filter.Address.Accept property is set, in which case requests will be accepted or rejected based on the
Glacier2.Filter.Address.Accept property. If both the
Glacier2.Filter.Address.Accept and
Glacier2.Filter.Address.Reject properties are defined, the
Glacier2.Filter.Address.Reject property takes precedence.
Each pair is of the form address:port. The
address or
port number portion can include wildcards ('
*') or value ranges or groups. Ranges and groups are in the form of
[value1, value2, value3, ...] and/or
[value1‑value2]. Wildcards, ranges, and groups may appear anywhere in the address–port pair string.
Specifies a space-separated list of identity categories. If defined, the Glacier2 router only allows requests to Ice objects with an identity that matches one of the categories in this list. If
Glacier2.Filter.CategoryAcceptUser is defined with a non-zero value, the router automatically adds the user name of each session to this list.
Categories that contain spaces must be enclosed in single or double quotes. Single or double quotes that appear within a category must be escaped with a leading backslash.
Specifies a space-separated list of identities. If defined, the Glacier2 router only allows requests to Ice objects with an identity that matches one of the entries in this list.
Identities that contain spaces must be enclosed in single or double quotes. Single or double quotes that appear within an identity must be escaped with a leading backslash.
If set, the Glacier2 router rejects requests whose stringified proxies are longer than num. This helps secure the system against attack. If not set, Glacier2 will accept requests using proxies of any length.
Specifies a default identity category for the Glacier2 objects. If defined, the identity of the Glacier2 admin interface becomes
name/admin and the identity of the Glacier2 router interface becomes
name/router.
Specifies the proxy of an object that implements the Glacier2::PermissionsVerifier interface (see
Section 42.6.1). The router invokes this proxy to validate the user name and password of each new session. Sessions created from a secure connection are verified by the object specified in
Glacier2.SSLPermissionsVerifier. For simple configurations, you can specify the name of a password file using
Glacier2.CryptPasswords.
Glacier2 supplies a “null” permissions verifier object that accepts any username and password combination for situations in which no authentication is necessary. To enable this verifier, set the property value to
instance/NullPermissionsVerifier, where
instance is the value of
Glacier2.InstanceName.
If num is a value greater than zero, Glacier2 maintains backward compatibility with clients using Ice versions prior to 3.2.0. In this case you should also define
Glacier2.Client.PublishedEndpoints to specify the endpoints that clients should use to contact the router. For example, if the Glacier2 router resides behind a network firewall, the
Glacier2.Client.PublishedEndpoints property should specify the firewall’s external endpoints.
This property sets the size of the router's routing table to num entries. If more proxies are added to the table than this value, proxies are evicted from the table on a least-recently used basis.
Clients based on Ice version 3.1 and later automatically retry operation calls on evicted proxies and transparently re‑add such proxies to the table. Clients based on Ice versions earlier than 3.1 receive an
ObjectNotExistException for invocations on evicted proxies. For such older clients,
num must be set to a sufficiently large value to prevent these clients from failing.
Glacier2 uses the adapter name Glacier2.Server for the object adapter that it provides to servers. Therefore, all the adapter properties detailed in
Section D.4 can be used to configure this adapter.
This adapter provides access to the SessionControl interface and must be accessible to servers that call back to router clients.
If num is set to a value larger than zero, the Glacier2 router always batches queued oneway requests from servers to clients regardless of the value of their
_fwd contexts. This property is only relevant when
Glacier2.Server.Buffered=1. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router operates in buffered mode, in which incoming requests from servers are queued and processed in a separate thread. If
num is set to zero, the router operates in unbuffered mode in which a request is forwarded in the same thread that received it. The default value is
1. See
Section 42.9 for more information.
If num is set to a value larger than zero, the Glacier2 router includes the context in forwarded requests from servers to clients. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router sleeps for the specified number of milliseconds after forwarding all queued requests from a server. This delay is useful for batched delivery because it makes it more likely for events to accumulate in a single batch. Similarly, if overrides are used, the delay makes it more likely for overrides to actually take effect. This property is only relevant when
Glacier2.Server.Buffered=1. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router logs a trace message whenever a request is overridden. The default value is
0.
If num is set to a value larger than zero, the Glacier2 router logs a trace message for each request that is forwarded from a server. The default value is
0.
Specifies the proxy of an object that implements the Glacier2::SessionManager interface. The router invokes this proxy to create a new session for a client, but only after the router validates the client's user name and password.
If num is set to a value larger than zero, a client's session with the Glacier2 router expires after the specified
num seconds of inactivity. The default value is
0, meaning sessions do not expire due to inactivity.
It is important to choose num such that client sessions do not expire prematurely.
Setting the session timeout enables active connection management of client connections (by setting Glacier2.Client.ACM). By default, the ACM timeout is set to twice the session timeout. If no session timeout is defined, ACM is disabled.
Specifies the proxy of an object that implements the Glacier2::SSLPermissionsVerifier interface (see
Section 42.6.1). The router invokes this proxy to verify the credentials of clients that attempt to create a session from a secure connection. Sessions created with a user name and password are verified by the object specified in
Glacier2.PermissionsVerifier.
Glacier2 supplies a “null” permissions verifier object that accepts the credentials of any client for situations in which no authentication is necessary. To enable this verifier, set the property value to
instance/NullSSLPermissionsVerifier, where
instance is the value of
Glacier2.InstanceName.
Specifies the proxy of an object that implements the Glacier2::SSLSessionManager interface. The router invokes this proxy to create a new session for a client that has called
createSessionFromSecureConnection.
If num is set to a value larger than zero, the Glacier2 router logs trace messages about session-related activities. The default value is
0.
