This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Page tree
Skip to end of metadata
Go to start of metadata

Geode is introducing additional security features which allow finer grained control for JMX operations as well as GFSH commands and Pulse. Additional information can be found here: Geode Integrated Security.

To quickly get started using permissions for JMX and GFSH a sample implementation of org.apache.geode.security.SecurityManager is provided by the class org.apache.geode.examples.security.ExampleSecurityManager. This implementation requires a JSON file which defines the allowed users and their corresponding permissions. For example:

{
  "roles": [
    {
      "name": "cluster",
      "operationsAllowed": [
        "CLUSTER:MANAGE",
        "CLUSTER:WRITE",
        "CLUSTER:READ"
      ]
    },
    {
      "name": "data",
      "operationsAllowed": [
        "DATA:MANAGE",
        "DATA:WRITE",
        "DATA:READ"
      ]
    },
    {
      "name": "region1&2Reader",
      "operationsAllowed": [
        "DATA:READ"
      ],
	  "regions": ["region1", "region2"]
    }
  ],
  "users": [
    {
      "name": "super-user",
      "password": "1234567",
      "roles": [
        "cluster",
        "data"
      ]
    },
    {
      "name": "joebloggs",
      "password": "1234567",
      "roles": [
        "data"
      ]
    }
  ]
}

In this sample "security.json" file, we have two roles defined: cluster and data. The cluster role can perform cluster level operations like list members, whereas the data role can access/store data in Regions. The data role only has access to two regions: region1 and region2.

To start using this sample perform the following steps:

  1. Copy the above "security.json" file into locator's and server's directory (locator1 and server1 in the example below).

  2. Using gfsh, start a locator with security activated. In the example below, we disable peer-to-peer security for simplicity of configuration

    gfsh> start locator --name=locator1 \
        --J=-Dgemfire.security-manager=org.apache.geode.examples.security.ExampleSecurityManager --classpath=. 
  3. Similarly, start a server (you will need to provide user/password in order to join the cluster. The user needs to have cluster:manage privilege). Notice server is started with a security-manager, but since locator's cluster configuration is enabled, the security-manager setting will be distributed to the server automatically. This ensures that the entire cluster is using the same security-manager.

    gfsh> start server --name=server1 --locators=localhost[10334] \
       --classpath=. \
       --user=super-user --password=1234567
  4. Start a new instance of gfsh and connect with one of the users defined in your JSON file. The super-user should be allowed to do everything in gfsh.

    gfsh> connect --locator=localhost[10334] --user=super-user --password=1234567
  5. Disconnect and reconnect with a user with lesser privileges:

    gfsh> disconnect
    gfsh> connect --locator=localhost[10334] --user=joebloggs --password=1234567
    gfsh> stop server --name=server1
    An error occurred while attempting to stop a Cache Server: Subject does not have permission [CLUSTER:READ]
     
  6. Currently, changes to the security.json file require the locator to be restarted.

 

2 Comments

  1. In order to enable client security, you also need to provide the security properties when starting the server. Otherwise the server is not secure.

    Also, this page doesn't document how you actually use this json file. You need to create a file called "security.json" and put in a jar or a folder, and then add the jar or folder to the classpath with the --classpath option.

    1. Thanks Dan! I have incorporated your feedback.