new security framework in apache geode
TRANSCRIPT
Geode SecurityBefore and After
Apache Geode
Apache Geode is a data management platform.
It provides you tools to manage your cluster and your data:
Cluster management: start/stop locator/server, shutdown, alter runtime…
Cluster read/write: describe member, config, regions, alter log level...
Data management: create/destroy region, indexes, disk stores, create functions...
Data read/write: put/get data entries, querying….
Various ways for you to interact with your cluster/data:
Java client, native client
Gfsh
JMX Client
RESTful API
Pulse
Geode Security
Authentication
Resolve identity, represented as a principal
Authorization
Resolve roles and permissions
Post Processing
Resolve final value presented back to user
jmx-manager-passw
ord-file
Geode Security - Before
Java Client
JMX Client Gfsh Pulse
Locator
Server
Server
Server
Native Client
Credentials(TCP)
Peer Auth
RESTful Client
Cred
entia
ls(T
CP)
Client-Auth
Credentials(JMX)
Not Secured (HTTP)
Client-Accessor
jmx-manager-a
ccess-file
Properties needed:
Security-peer-auth-initSecurity-peer-authenticatorSecurity-client-auth-initSecurity-client-authenticatorSecurity-client-accessorJmx-manager-password-filejmx-manager-access-file
Security Manager
Security Manager
Security Manager
Geode Security - 1.0
Java Client
JMX Client Gfsh Pulse
Locator
Server
Server
Native Client
Credentials(TCP)
RESTful Client
Cred
entia
ls(T
CP) Credentials(JM
X)
Credentials (HTTP)
Properties needed:
security-manager
SecurityManagerImplement a single interface to secure your Geode cluster.
public class SimpleSecurityManager implements SecurityManager {
@Override public void init(Properties securityProps) {}
// authenticated if username matches password public Object authenticate(Properties credentials) throws AuthenticationFailedException { String username = credentials.getProperty("security-username"); String password = credentials.getProperty("security-password"); If (username!=null && username.equals(password)) { return username; } throw new AuthenticationFailedException("invalid username/password"); }
// authorized if username is the beginning part of the permission string public boolean authorize(Object principal, ResourcePermission permission) { String permissionString = permission.toString().replace(":","").toLowerCase(); String principle = principal.toString().toLowerCase(); return permissionString.startsWith(principle); }
@Override public void close() {}}
Defined by your implementation of SecurityManager
authorize(principal, permission)
Defined by Geode Security
Users, Permissions and Operations
PermissionPermission
PermissionPermission
Permission
OperationOperation
OperationOperation
OperationOperation
OperationOperation
Operation
has requires
ResourcePermissionIt’s the key to unify authorization across different communication channels.
It contains at most 4 parts:
Resource: DATA, CLUSTER
Operation: READ, WRITE, MANAGE
Region (only for data): region name
Key (only for data): key value
Each operation, no matter where it originates, has a corresponding ResourcePermission:
Start server: CLUSTER:MANAGE
List member: CLUSTER:READ
Create region: DATA:MANAGE
Region get: DATA:READ:regionName:key
Region write: DATA:WRITE:regionName:key
For a complete list: in Geode1.0.0-incubating
Roles
● Your SecurityManager needs to define User ->Permission mapping.
● By definition, there would be 2 x 3 x #of regions x #of keys permission permutations. Can’t possibly grant them individually.
● ResourcePermission(resource:operation:region:key) has this implication system built in:
○ A --> A:B --> A:B:C --> A:B:C:D
○ E.g. data -> data:manage -> data:manage:regionA -> data:manage:regionA:key1
○ * means “all”, and can be put in any of the four parts.
● It’s easier to assign roles to the user and have roles implies specific permissions.
Post Processor
An add-on feature to authentication/authorization
Any region data returned back to clients as a result of user operation will pass through this post processor first
Any form of getting region value in the client, gfsh command or rest service
Query results, continued query results.
Data in the registered interest events
Configured by security-post-processor property
Method to be implemented (showing SamplePostProcessor):
public Object processRegionValue(Object principal, String regionName, Object key, Object value) { return principal +"/" + regionName + "/" + key + "/" + value;}
Demo
Geode
How it’s Done
ShiroSecurityEngine
Custom Realm SecurityManager
Client PeerJMX Rest Pulse
Credentials
In the authenticators:
1. Authenticate credentials.2. Puts the logged-in subject in
the current executing thread.
Anywhere In Geode:
1. Get the subject out of the executing thread.
2. Check the required permission
Apache Shiro
Apache Shiro is a Java security framework that performs authentication, authorization, cryptography, and session management.
Easy to Use API
Subject based, saved in ThreadLocal, you can retrieve it anywhere in your code.
Single method call to authenticate/authorize
currentUser.login(username, password)
currentUser.checkPermission(permission)
Powerful:
Pluggable data source, called Realms to manage your users.
Shiro provides out-of-the-box realms for popular data sources like LDAP, Active Directory, and JDBC
GEODE Security
In Geode’s Future
ShiroSecurityEngine
LDAP Realm
Custom Realm SecurityManager
shiro.ini
AD Realm
JDBC Realm
TextConfig Realm
Client PeerJMX Rest Pulse
Your own Realm