2. Apache Geode
Apache Geode is a data management platform.
It provides you tools to manage your cluster and your data:
Cluster management: start/stop locator/server, shutdown, alter runtime…
Cluster read/write: describe member, config, regions, alter log level...
Data management: create/destroy region, indexes, disk stores, create functions...
Data read/write: put/get data entries, querying….
Various ways for you to interact with your cluster/data:
Java client, native client
6. SecurityManager
Implement a single interface to secure your Geode cluster.
public class SimpleSecurityManager implements SecurityManager {
@Override
public void init(Properties securityProps) {}
// authenticated if username matches password
public Object authenticate(Properties credentials) throws AuthenticationFailedException {
String username = credentials.getProperty("security-username");
String password = credentials.getProperty("security-password");
If (username!=null && username.equals(password)) {
return username;
}
throw new AuthenticationFailedException("invalid username/password");
}
// authorized if username is the beginning part of the permission string
public boolean authorize(Object principal, ResourcePermission permission) {
String permissionString = permission.toString().replace(":","").toLowerCase();
String principle = principal.toString().toLowerCase();
return permissionString.startsWith(principle);
}
@Override
public void close() {}
}
7. Defined by your implementation of
SecurityManager
authorize(principal, permission)
Defined by Geode Security
Users, Permissions and Operations
Permission
Permission
Permission
Permission
Permission
Operation
Operation
Operation
Operation
Operation
Operation
Operation
Operation
Operation
has requires
8. ResourcePermission
It’s the key to unify authorization across different communication channels.
It contains at most 4 parts:
Resource: DATA, CLUSTER
Operation: READ, WRITE, MANAGE
Region (only for data): region name
Key (only for data): key value
Each operation, no matter where it originates, has a corresponding
ResourcePermission:
Start server: CLUSTER:MANAGE
9. Roles
● Your SecurityManager needs to define User ->Permission mapping.
● By definition, there would be 2 x 3 x #of regions x #of keys permission
permutations. Can’t possibly grant them individually.
● ResourcePermission(resource:operation:region:key) has this implication
system built in:
○ A --> A:B --> A:B:C --> A:B:C:D
○ E.g. data -> data:manage -> data:manage:regionA -> data:manage:regionA:key1
○ * means “all”, and can be put in any of the four parts.
● It’s easier to assign roles to the user and have roles implies specific
10. Post Processor
An add-on feature to authentication/authorization
Any region data returned back to clients as a result of user operation will pass
through this post processor first
Any form of getting region value in the client, gfsh command or rest service
Query results, continued query results.
Data in the registered interest events
Configured by security-post-processor property
Method to be implemented (showing SamplePostProcessor):
public Object processRegionValue(Object principal, String regionName, Object key, Object value) {
12. Geode
How it’s Done
Shiro
Security
Engine
Custom
Realm
SecurityManager
Client PeerJMX Rest Pulse
Credentials
In the authenticators:
1. Authenticate credentials.
2. Puts the logged-in subject in
the current executing thread.
Anywhere In Geode:
1. Get the subject out of the
executing thread.
2. Check the required permission
13. Apache Shiro
Apache Shiro is a Java security framework that performs authentication,
authorization, cryptography, and session management.
Easy to Use API
Subject based, saved in ThreadLocal, you can retrieve it anywhere in your code.
Single method call to authenticate/authorize
currentUser.login(username, password)
currentUser.checkPermission(permission)
Powerful:
Pluggable data source, called Realms to manage your users.
14. GEODE Security
In Geode’s Future
Shiro
Security
Engine
LDAP Realm
Custom Realm SecurityManager
shiro.ini
AD Realm
JDBC Realm
TextConfig Realm
Client PeerJMX Rest Pulse
Your own Realm
Hinweis der Redaktion
What is region, in memory, key value pair (Apache con)
Just showing a typical Geode topology to illustrate the security framework (pre 9.0)
Pulse’s underlying communication to Geode is still over JMX, so still secured by jmx-manager-* settings, but no restrictions on page views
Each of those colored components is different implementation.
Too much setup, too many implementations and un-unified implementation leads to data leak.
Currently credentials are sent in as security-username and security-password for all interfaces.
RESTful OAuth is after 1.0
Authenticate method returns the principal used in the authorize method.
Roles are used to group permissions for easier management
This ResourcePermission is passed to your implementation of SecurityManager for authorization
Note regionName or key could be null when the system is calling this method, because in some situations we can’t determine those values, like when we return a big resultset
Start locator with security
Login using wrong password
Login using user
Start server with locators (demo peer to peer authentication/authorization) (server 1 with sufficient privilage, server2 with insufficient privilage)
Create region
Put data
Get data
Demo permission is specific enough to allow granular control.
Lesson learned
Threading, annotations
Geode’s ResourcePermission extends from Shiro’s WildCardPermission