You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@geode.apache.org by Sudhir Babu Pothineni <sb...@gmail.com> on 2017/12/22 15:15:40 UTC

Authentication: gfsecurity.properties

I am working on Geode(1.2) authentication. According to the doc,
https://geode.apache.org/docs/guide/12/managing/security/implementing_authentication.html

I put gfsecurity.properties:

security-username=admin
security-password=xyz1234

Any other parameters needed?

because of some reason Geode working without authentication,
gfsecurity.properties is in the class path. I am expecting JMX manager also
should work on these credentials.

Thanks for the help
Sudhir

Re: Authentication: gfsecurity.properties

Posted by Jens Deppe <jd...@pivotal.io>.

Great. Thanks for the feedback about the documentation!

--Jens

On Fri, Dec 22, 2017 at 10:27 AM, Sudhir Babu Pothineni <
sbpothineni@gmail.com> wrote:

> Thanks Jens! Its working.
>
> I think in the doc these three parameter should be mentioned together
> somewhere, Otherwise its not intuitive, although there is lot of
> description around SecurityManager.
>
> security-manager=org.apache.geode.examples.SimpleSecurityManager
>
> security-username=admin
>
> security-password=xyz1234
>
> On Fri, Dec 22, 2017 at 10:36 AM, Jens Deppe <jd...@pivotal.io> wrote:
>
>> Hi Sudhir,
>>
>> You should find two sample SecurityManagers in the code.
>>
>> The first is *org.apache.geode.examples.SimpleSecurityManager* [1]. This
>> manager will simply compare the username/password and *authenticate* if
>> they match. In addition if the username matches a required permission, then
>> the request is also *authorized*. For example, if the credentials are
>> *'admin/xyz1234'* then it will never authenticate. If the credentials
>> are *'dataRead/dataRead'* then the user would be authenticated for all
>> operations requiring DATA:READ permissions. Although it's simplistic, this
>> manager is very useful for testing your whole flow and validating specific
>> permissions for various operations.
>>
>> The other SecurityManager provided is
>> *org.apache.geode.examples.security.ExampleSecurityManage*r [2]. This
>> manager takes as input a JSON file which maps users -> roles ->
>> permissions. The javadoc has examples of using this [3].
>>
>> --Jens
>>
>> [1] https://github.com/apache/geode/blob/develop/geode-core/
>> src/main/java/org/apache/geode/examples/SimpleSecurityManager.java
>> [2] https://github.com/apache/geode/blob/develop/geode-core/
>> src/main/java/org/apache/geode/examples/security/ExampleSecu
>> rityManager.java
>> [3] http://geode.apache.org/releases/latest/javadoc/org/apac
>> he/geode/examples/security/ExampleSecurityManager.html
>>
>> On Fri, Dec 22, 2017 at 7:55 AM, Sudhir Babu Pothineni <
>> sbpothineni@gmail.com> wrote:
>>
>>> let me extend my question:
>>>
>>> Does Geode has any Default/SimpleSecurityManager implementation?
>>>
>>> On Fri, Dec 22, 2017 at 9:15 AM, Sudhir Babu Pothineni <
>>> sbpothineni@gmail.com> wrote:
>>>
>>>> I am working on Geode(1.2) authentication. According to the doc,
>>>> https://geode.apache.org/docs/guide/12/managing/securit
>>>> y/implementing_authentication.html
>>>>
>>>> I put gfsecurity.properties:
>>>>
>>>> security-username=admin
>>>> security-password=xyz1234
>>>>
>>>> Any other parameters needed?
>>>>
>>>> because of some reason Geode working without authentication,
>>>> gfsecurity.properties is in the class path. I am expecting JMX manager also
>>>> should work on these credentials.
>>>>
>>>> Thanks for the help
>>>> Sudhir
>>>>
>>>
>>>
>>
>

Re: Authentication: gfsecurity.properties

Posted by Sudhir Babu Pothineni <sb...@gmail.com>.

Thanks Jens! Its working.

I think in the doc these three parameter should be mentioned together
somewhere, Otherwise its not intuitive, although there is lot of
description around SecurityManager.

security-manager=org.apache.geode.examples.SimpleSecurityManager

security-username=admin

security-password=xyz1234

On Fri, Dec 22, 2017 at 10:36 AM, Jens Deppe <jd...@pivotal.io> wrote:

> Hi Sudhir,
>
> You should find two sample SecurityManagers in the code.
>
> The first is *org.apache.geode.examples.SimpleSecurityManager* [1]. This
> manager will simply compare the username/password and *authenticate* if
> they match. In addition if the username matches a required permission, then
> the request is also *authorized*. For example, if the credentials are
> *'admin/xyz1234'* then it will never authenticate. If the credentials are
> *'dataRead/dataRead'* then the user would be authenticated for all
> operations requiring DATA:READ permissions. Although it's simplistic, this
> manager is very useful for testing your whole flow and validating specific
> permissions for various operations.
>
> The other SecurityManager provided is
> *org.apache.geode.examples.security.ExampleSecurityManage*r [2]. This
> manager takes as input a JSON file which maps users -> roles ->
> permissions. The javadoc has examples of using this [3].
>
> --Jens
>
> [1] https://github.com/apache/geode/blob/develop/geode-core/
> src/main/java/org/apache/geode/examples/SimpleSecurityManager.java
> [2] https://github.com/apache/geode/blob/develop/geode-core/
> src/main/java/org/apache/geode/examples/security/
> ExampleSecurityManager.java
> [3] http://geode.apache.org/releases/latest/javadoc/org/
> apache/geode/examples/security/ExampleSecurityManager.html
>
> On Fri, Dec 22, 2017 at 7:55 AM, Sudhir Babu Pothineni <
> sbpothineni@gmail.com> wrote:
>
>> let me extend my question:
>>
>> Does Geode has any Default/SimpleSecurityManager implementation?
>>
>> On Fri, Dec 22, 2017 at 9:15 AM, Sudhir Babu Pothineni <
>> sbpothineni@gmail.com> wrote:
>>
>>> I am working on Geode(1.2) authentication. According to the doc,
>>> https://geode.apache.org/docs/guide/12/managing/securit
>>> y/implementing_authentication.html
>>>
>>> I put gfsecurity.properties:
>>>
>>> security-username=admin
>>> security-password=xyz1234
>>>
>>> Any other parameters needed?
>>>
>>> because of some reason Geode working without authentication,
>>> gfsecurity.properties is in the class path. I am expecting JMX manager also
>>> should work on these credentials.
>>>
>>> Thanks for the help
>>> Sudhir
>>>
>>
>>
>

Re: Authentication: gfsecurity.properties

Posted by Jens Deppe <jd...@pivotal.io>.

Hi Sudhir,

You should find two sample SecurityManagers in the code.

The first is *org.apache.geode.examples.SimpleSecurityManager* [1]. This
manager will simply compare the username/password and *authenticate* if
they match. In addition if the username matches a required permission, then
the request is also *authorized*. For example, if the credentials are
*'admin/xyz1234'* then it will never authenticate. If the credentials are
*'dataRead/dataRead'* then the user would be authenticated for all
operations requiring DATA:READ permissions. Although it's simplistic, this
manager is very useful for testing your whole flow and validating specific
permissions for various operations.

The other SecurityManager provided is
*org.apache.geode.examples.security.ExampleSecurityManage*r [2]. This
manager takes as input a JSON file which maps users -> roles ->
permissions. The javadoc has examples of using this [3].

--Jens

[1]
https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/examples/SimpleSecurityManager.java
[2]
https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/examples/security/ExampleSecurityManager.java
[3]
http://geode.apache.org/releases/latest/javadoc/org/apache/geode/examples/security/ExampleSecurityManager.html

On Fri, Dec 22, 2017 at 7:55 AM, Sudhir Babu Pothineni <
sbpothineni@gmail.com> wrote:

> let me extend my question:
>
> Does Geode has any Default/SimpleSecurityManager implementation?
>
> On Fri, Dec 22, 2017 at 9:15 AM, Sudhir Babu Pothineni <
> sbpothineni@gmail.com> wrote:
>
>> I am working on Geode(1.2) authentication. According to the doc,
>> https://geode.apache.org/docs/guide/12/managing/securit
>> y/implementing_authentication.html
>>
>> I put gfsecurity.properties:
>>
>> security-username=admin
>> security-password=xyz1234
>>
>> Any other parameters needed?
>>
>> because of some reason Geode working without authentication,
>> gfsecurity.properties is in the class path. I am expecting JMX manager also
>> should work on these credentials.
>>
>> Thanks for the help
>> Sudhir
>>
>
>

Re: Authentication: gfsecurity.properties

Posted by Sudhir Babu Pothineni <sb...@gmail.com>.

let me extend my question:

Does Geode has any Default/SimpleSecurityManager implementation?

On Fri, Dec 22, 2017 at 9:15 AM, Sudhir Babu Pothineni <
sbpothineni@gmail.com> wrote:

> I am working on Geode(1.2) authentication. According to the doc,
> https://geode.apache.org/docs/guide/12/managing/security/implementing_
> authentication.html
>
> I put gfsecurity.properties:
>
> security-username=admin
> security-password=xyz1234
>
> Any other parameters needed?
>
> because of some reason Geode working without authentication,
> gfsecurity.properties is in the class path. I am expecting JMX manager also
> should work on these credentials.
>
> Thanks for the help
> Sudhir
>