Geode Integrated Security - Geode - Apache Software Foundation

Geode Integrated Security - Geode - Apache Software Foundation
DUE TO SPAM, SIGN-UP IS DISABLED. Goto
Selfserve wiki signup
and request an account.
Geode
Pages
Space shortcuts
How-to articles
File lists
Page tree
Browse pages
tachments (0)
Page History
Resolved comments
Page Information
View in Hierarchy
View Source
Export to PDF
Export to Word
Copy Page Tree
Jira links
Geode Integrated Security
Created by
Jens Deppe
, last modified by
Karen Miller
on
Jul 13, 2018
Integrated Security allows you to control the authentication/authorization of all Geode entities within one implementation. When Integrated Security is turned on, all client/server communications, peer to peer, gateway authentication, jmx operations, gfsh commands and Pulse are protected with this single security mechanism.
1. No changes for legacy implementations of
Authentication/Authorization
for client-server security
The API for Authenticator and AccessControl has not changed. Your implementations of those are still honored in client/server communication if you choose not to implement the new security interface. However, these two are deprecated now and will be removed in the future.
2. Introduction of security-manager configuration and SecurityManager interface for Integrated Security
To turn on integrated security, start your servers/locators with the
security-manager
property set in your
gemfire.properties
file:
security-manager = com.example.security.MySecurityManager
The
security-manager
property identifies the class name of the
SecurityManager
interface implementation.
SecurityManager
is the interface you implement for both authentication and authorization. Make sure your class has a zero argument constructor so that Geode can instantiate the object. See the
SecurityManager
javadoc for details. There is an Ex
ampleSecurityManager
in the
geode-core/src/main/java/org/apache/geode/examples/security
directory that you can use as an example to write your own implementation.
3. Introduction of
ResourcePermission
In
SecurityManager
, you will see that a
ResourcePermission
is passed in the authorization call.
ResourcePermission
is an object that defines the nature of the operation the Principal is trying to perform.
ResourcePermission
is in one of those forms:
Resource:Operation
Resource:Operation:RegionName
Resource:Operation:RegionName:Key
All Resources are enumerated via the enum
ResourcePermission.Resource
, currently
CLUSTER
and
DATA.
All Operations are enumerated via the enum
ResourcePermission.Operation
, which are
MANAGE
READ
, and
WRITE
. Note that
MANAGE
does not imply
WRITE
, and
WRITE
does not imply
READ
RegionName
and
Key
are provided for those operations that are to be authorized based upon a region key access as well. For example, you can see a
ResourcePermission
defined as
CLUSTER:READ
CLUSTER:MANAGE
DATA:READ
DATA:READ:regionA
, or
DATA:READ:regionA:key1
Note that a
ResourcePermission
is hierarchical. If a principal has permission for
DATA:READ
, it automatically has data read permission on all regions and all keys. That is, it has permission for
DATA:READ:regionA
. Given permission for
DATA:READ:regionA
, the principal automatically has data read permission on all keys in regionA. That is, it has permission for
DATA:READ:regionA:key1
4. Introduction of PostProcessor
Before a value is returned, it gets a pass through the post processor, if there is one. Specify your post processor with this line in your
gemfire.properties
file:
security-post-processor = com.example.security.MyPostProcessor
where the value is the name of the class that implements the
PostProcessor
interface.
Make sure your class has a zero argument constructor so that Geode can instantiate the object. See the
PostProcessor
javadoc for details. You can use
SamplePostProcessor
as an example to write your own implementation.
Note regarding legacy implementations: We completely redo the way we call post processing; the interface is a lot simpler.
5. Operations and their corresponding ResourcePermission
Below is the list of operations with their corresponding
ResourcePermission
Client-Server Operations
Client Operations
Required ResourcePermission
get function attribute
CLUSTER:READ
create region
DATA:MANAGE
destroy region
DATA:MANAGE
get keyset
DATA:READ:regionName
query
DATA:READ:regionName
region.getAll
DATA:READ:regionName
region.getEntry
DATA:READ:regionName
getAll (list of keys)
DATA:READ:regionName:key
region.containsKeyOnServer(key)
DATA:READ:regionName:key
region.get(key)
DATA:READ:regionName:key
registerInterest
DATA:READ:regionName:key if key is specified, otherwise DATA:READ:regionName
unregister interest
DATA:READ:regionName:key if key is specified, otherwise DATA:READ:regionName
execute function
DATA:WRITE
clear region
DATA:WRITE:regionName
putAll
DATA:WRITE:regionName
region.clear
DATA:WRITE:regionName
region.removeAll
DATA:WRITE:regionName
destroy key
DATA:WRITE:regionName:key
invalidate key
DATA:WRITE:regionName:key
region.destroy(key)
DATA:WRITE:regionName:key
region.invalidate(key)
DATA:WRITE:regionName:key
region.put(key, value)
DATA:WRITE:regionName:key
region.replace
DATA:WRITE:regionName:key
GFSH Commands
Commands
Required ResourcePermission
alter runtime
CLUSTER:MANAGE
gc
CLUSTER:MANAGE
shutdown
CLUSTER:MANAGE
startManager
CLUSTER:MANAGE
stop locator --name=locator1
CLUSTER:MANAGE
stop server --name=server1
CLUSTER:MANAGE
describe client --clientID=172.16.196.144
CLUSTER:READ
describe config --member=Member1
CLUSTER:READ
describe disk-store --name=foo --member=baz
CLUSTER:READ
describe member --name=server1
CLUSTER:READ
describe offline-disk-store --name=foo --disk-dirs=bar
CLUSTER:READ
describe region --name=value
CLUSTER:READ
export cluster-configuration --zip-file-name=mySharedConfig.zip
CLUSTER:READ
export config --member=member1
CLUSTER:READ
export logs --dir=data/logs
CLUSTER:READ
export stack-traces --file=stack.txt
CLUSTER:READ
exportLogs
CLUSTER:READ
exportStackTrace
CLUSTER:READ
list async-event-queues
CLUSTER:READ
list clients
CLUSTER:READ
list deployed
CLUSTER:READ
list disk-stores
CLUSTER:READ
list durable-cqs --durable-client-id=client1
CLUSTER:READ
list functions
CLUSTER:READ
list gateways
CLUSTER:READ
list indexes
CLUSTER:READ
list members
CLUSTER:READ
list regions
DATA:READ
netstat --member=server1
CLUSTER:READ
show dead-locks --file=deadlocks.txt
CLUSTER:READ
show log --member=locator1 --lines=5
CLUSTER:READ
show metrics
CLUSTER:READ
show missing-disk-stores
CLUSTER:READ
show subscription-queue-size --durable-client-id=client1
CLUSTER:READ
show log
CLUSTER:READ
status cluster-config-service
CLUSTER:READ
status gateway-receiver
CLUSTER:READ
status gateway-sender
CLUSTER:READ
change loglevel --loglevel=severe --member=server1
CLUSTER:WRITE
alter disk-store --name=foo --region=xyz --disk-dirs=bar
DATA:MANAGE
alter region --name=region1 --eviction-max=5000
DATA:MANAGE:REGIONNAME
clear defined indexes
DATA:MANAGE
close durable-client --durable-client-id=client1
DATA:MANAGE
close durable-cq --durable-client-id=client1 --durable-cq-name=cq1
DATA:MANAGE
compact disk-store --name=foo
DATA:MANAGE
compact offline-disk-store --name=foo --disk-dirs=bar
DATA:MANAGE
configure pdx --read-serialized=true
DATA:MANAGE
create async-event-queue --id=myAEQ --listener=myApp.myListener
DATA:MANAGE
create defined indexes
DATA:MANAGE
create disk-store --name=foo --dir=bar
DATA:MANAGE
create gateway-receiver
DATA:MANAGE
create gateway-sender --id=sender1 --remote-distributed-system-id=2
DATA:MANAGE
create index --name=myKeyIndex --expression=region1.Id --region=region1 --type=key
DATA:MANAGE:
regionName
create region --name=region12
DATA:MANAGE
define index --name=myIndex1 --expression=exp1 --region=/exampleRegion
DATA:MANAGE:
regionName
deploy --jar=group1_functions.jar --group=Group1
DATA:MANAGE
destroy disk-store --name=foo
DATA:MANAGE
destroy function --id=InterestCalculations
DATA:MANAGE
destroy index --member=server2
DATA:MANAGE:
regionName if regionName is specified, otherwise DATA:MANAGE
destroy region --name=value
DATA:MANAGE
import cluster-configuration --zip-file-name=value
DATA:MANAGE
load-balance gateway-sender --id=sender1
DATA:MANAGE
pause gateway-sender --id=sender1
DATA:MANAGE
pdx rename --old=com.gemstone --new=com.pivotal --disk-store=ds1 --disk-dirs=/diskDir1
DATA:MANAGE
rebalance --include-region=region1
DATA:MANAGE
resume gateway-sender --id=sender1
DATA:MANAGE
revoke missing-disk-store --id=foo
DATA:MANAGE
start gateway-receiver
DATA:MANAGE
start gateway-sender --id=sender1
DATA:MANAGE
stop gateway-receiver
DATA:MANAGE
stop gateway-sender --id=sender1
DATA:MANAGE
undeploy --group=Group1
DATA:MANAGE
backup disk-store --dir=foo
DATA:READ
export data --region=region1 --file=foo.txt --member=value
DATA:READ:regionName
get --key=key1 --region=region1
DATA:READ:regionName:key
locateEntry
DATA:READ:regionName:key
query --query='SELECT * FROM /region1'
DATA:READ:REGIONNAME
execute function --id=InterestCalculations --group=Group1
DATA:WRITE
import data --region=region1 --file=foo.txt --member=value
DATA:WRITE:
regionName
put --key=key1 --value=value1 --region=region1
DATA:WRITE:
regionName
:key
remove --region=region1
DATA:WRITE:regionName, if key is specified, then DATA:WRITE:regionName:key
alter jdbc-connection
CLUSTER:MANAGE
alter jdbc-mapping
CLUSTER:MANAGE
create jdbc-connection
CLUSTER:MANAGE
create jdbc-mapping
CLUSTER:MANAGE
describe jdbc-connection
CLUSTER:MANAGE
describe jdbc-mapping
CLUSTER:MANAGE
destroy jdbc-connection
CLUSTER:MANAGE
destroy jdbc-mapping
CLUSTER:MANAGE
list jdbc-connections
CLUSTER:MANAGE
list jdbc-mappings
CLUSTER:MANAGE
create jndi-binding
CLUSTER:MANAGE
describe jndi-binding
CLUSTER:READ
destroy jndi-binding
CLUSTER:MANAGE
list jndi-binding
CLUSTER:READ
Pulse
Pulse access is divided into two main categories: access to the Data Browser page and everything else.
The Data Browser page requires the permissions
CLUSTER:READ
and
DATA:READ
. Access to all other pages requires only
CLUSTER:READ
permission.
JMX Operations
Bean Operations
Permission
DistributedSystemMXBean.shutdownAllMembers
CLUSTER:MANAGE
ManagerMXBean.start
CLUSTER:MANAGE
ManagerMXBean.stop
CLUSTER:MANAGE
MemberMXBean.createManager())
CLUSTER:MANAGE
MemberMXBean.shutDownMember
CLUSTER:MANAGE
Mbeans get attributes
CLUSTER:READ
MemberMXBean.showLog
CLUSTER:READ
DistributedSystemMXBean.changeAlertLevel
CLUSTER:WRITE
ManagerMXBean.setPulseURL
CLUSTER:WRITE
ManagerMXBean.setStatusMessage
CLUSTER:WRITE
CacheServerMXBean.closeAllContinuousQuery
DATA:MANAGE
CacheServerMXBean.closeContinuousQuery
DATA:MANAGE
CacheServerMXBean.removeIndex("foo"))
DATA:MANAGE
CacheServerMXBean.stopContinuousQuery("bar"))
DATA:MANAGE
DiskStoreMXBean.flush())
DATA:MANAGE
DiskStoreMXBean.forceCompaction())
DATA:MANAGE
DiskStoreMXBean.forceRoll())
DATA:MANAGE
DiskStoreMXBean.setDiskUsageCriticalPercentage(0
DATA:MANAGE
DiskStoreMXBean.setDiskUsageWarningPercentage(0
DATA:MANAGE
DistributedSystemMXBean.revokeMissingDiskStores
DATA:MANAGE
DistributedSystemMXBean.setQueryCollectionsDepth
DATA:MANAGE
DistributedSystemMXBean.setQueryResultSetLimit
DATA:MANAGE
GatewayReceiverMXBean.pause())
DATA:MANAGE
GatewayReceiverMXBean.rebalance())
DATA:MANAGE
GatewayReceiverMXBean.resume())
DATA:MANAGE
GatewayReceiverMXBean.start
DATA:MANAGE
GatewayReceiverMXBean.stop
DATA:MANAGE
GatewaySenderMXBean.pause
DATA:MANAGE
GatewaySenderMXBean.rebalance
DATA:MANAGE
GatewaySenderMXBean.resume
DATA:MANAGE
GatewaySenderMXBean.start
DATA:MANAGE
GatewaySenderMXBean.stop
DATA:MANAGE
LockServiceMBean.becomeLockGrantor())
DATA:MANAGE
MemberMXBean.compactAllDiskStores
DATA:MANAGE
CacheServerMXBean.executeContinuousQuery("bar"))
DATA:READ
DistributedSystemMXBean.backupAllMembers
DATA:READ
DistributedSystemMXBean.queryData
DATA:READ
DistributedSystemMXBean.queryDataForCompressedResult
DATA:READ
Page:
Releasing Apache Geode
Page:
Running a Geode cluster in docker
Page:
Adding REST Cluster Management Operations
Page:
Creating a persistent cache service
Page:
Publishing Geode Metrics to External Monitoring Systems
kb-how-to-article
security
1 Comment
Nitin Lamba
For sake of completeness, following gfsh commands are missing from the second table:
Command
Permission
export offline-disk-store
upgrade offline-disk-store
validate offline-disk-store
start locator
start server
status locator
status server
Also, I could not find showLog and startManager commands in GFSH. Do those commands belong to a different interface (table)?
Permalink
Aug 10, 2016
Overview
Content Tools
Atlassian Confluence Open Source Project License
granted to Apache Software Foundation.
Evaluate Confluence today
Atlassian Confluence
8.5.31
Printed by Atlassian Confluence 8.5.31
Report a bug
Atlassian News
Atlassian
{"serverDuration": 116, "requestCorrelationId": "d1e68042b5ab76af"}