Geode is introducing additional security features which allow finer grained control for JMX operations as well as GFSH commands and Pulse. Additional information can be found here: Geode Integrated Security.

To quickly get started using permissions for JMX and GFSH a sample implementation of org.apache.geode.security.SecurityManager is provided by the class org.apache.geode.examples.security.ExampleSecurityManager. This implementation requires a JSON file which defines the allowed users and their corresponding permissions. For example:

{
  "roles": [
    {
      "name": "cluster",
      "operationsAllowed": [
        "CLUSTER:MANAGE",
        "CLUSTER:WRITE",
        "CLUSTER:READ"
      ]
    },
    {
      "name": "data",
      "operationsAllowed": [
        "DATA:MANAGE",
        "DATA:WRITE",
        "DATA:READ"
      ]
    },
    {
      "name": "region1&2Reader",
      "operationsAllowed": [
        "DATA:READ"
      ],
	  "regions": ["region1", "region2"]
    }
  ],
  "users": [
    {
      "name": "super-user",
      "password": "1234567",
      "roles": [
        "cluster",
        "data"
      ]
    },
    {
      "name": "joebloggs",
      "password": "1234567",
      "roles": [
        "data"
      ]
    }
  ]
}

In this sample "security.json" file, we have two roles defined: cluster and data. The cluster role can perform cluster level operations like list members, whereas the data role can access/store data in Regions. The data role only has access to two regions: region1 and region2.

To start using this sample perform the following steps:

  1. Copy the above "security.json" file into locator's and server's directory (locator1 and server1 in the example below).

  2. Using gfsh, start a locator with security activated. In the example below, we disable peer-to-peer security for simplicity of configuration

    gfsh> start locator --name=locator1 \
    --J=-Dgemfire.security-manager=org.apache.geode.examples.security.ExampleSecurityManager --classpath=.

  3. Similarly, start a server (you will need to provide user/password in order to join the cluster. The user needs to have cluster:manage privilege). Notice server is started with a security-manager, but since locator's cluster configuration is enabled, the security-manager setting will be distributed to the server automatically. This ensures that the entire cluster is using the same security-manager.

    gfsh> start server --name=server1 --locators=localhost[10334] \
   --classpath=. \
   --user=super-user --password=1234567

  4. Start a new instance of gfsh and connect with one of the users defined in your JSON file. The super-user should be allowed to do everything in gfsh.

    gfsh> connect --locator=localhost[10334] --user=super-user --password=1234567

  5. Disconnect and reconnect with a user with lesser privileges:

    gfsh> disconnect
gfsh> connect --locator=localhost[10334] --user=joebloggs --password=1234567
gfsh> stop server --name=server1
An error occurred while attempting to stop a Cache Server: Subject does not have permission [CLUSTER:READ]
 
  6. Currently, changes to the security.json file require the locator to be restarted.

 

2 Comments

  1. Dan Smith

    In order to enable client security, you also need to provide the security properties when starting the server. Otherwise the server is not secure.

    Also, this page doesn't document how you actually use this json file. You need to create a file called "security.json" and put in a jar or a folder, and then add the jar or folder to the classpath with the --classpath option.

    1. Swapnil Bawaskar

      Thanks Dan! I have incorporated your feedback.