You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geode.apache.org by "Thacker, Dharam" <dh...@jpmorgan.com> on 2017/06/06 09:10:59 UTC
ExampleSecurityManager in Apache geode
Hi Jinmei & Team,
I was going through "New Security In Apache Geode" video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.geode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: FW: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Thanks Jinmei and John!
But could you guide us with some steps how we can include that shiro config file with locator startup and joining peer locator or server from gfsh?
Regards,
Dharam
Sent with BlackBerry Work (www.blackberry.com)
________________________________
From: John Blum <jb...@pivotal.io>
Sent: Jun 8, 2017 22:21
To: user@geode.apache.org
Subject: Re: FW: ExampleSecurityManager in Apache geode
Cc: "Thacker, Dharam" <dh...@jpmorgan.com>
Dharam-
... or use Apache Shiro, which provides tooling [1] to handle securing credentials [2]. Shiro also handles encryption [3]. Although it is not well spelled in the Apache Geode documentation [4], Apache Geode does integrate with Apache Shiro for security as well.
As any FYI, in Spring Data Geode, I provided first-class support for Apache Geode when using Apache Shiro. I blogged about this [5] (see section starting with "Security!").
So, my recommendation, in addition to Jinmei's option #1 below, is to use Apache Shiro over implementing your own Apache Geode SecurityManager interface.
Hope this helps!
-John
[1] https://shiro.apache.org/command-line-hasher.html
[2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
[3] https://shiro.apache.org/cryptography-features.html
[4] http://geode.apache.org/docs/guide/11/managing/security/chapter_overview.html
[5] https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released
On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io>> wrote:
SampleSecurityManager doesn't do encryption/decryption. It's meant only as an example.
There are multiple ways to protect your password:
1) read-protect your security.json so that only a certain user can read it.
2) implement your own security-manager to decrypt the password using a secret key. (but here again you will need to find a way to protect this key in your corporation. In my opinion, it's simply changing the subject, but the problem is still there).
We usually recommend the first approach, but in some situations, 2nd one might be an option too.
On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei,
Is there any way to encrypt password in security.json file with Geode 1.1.1? I tried below but it did not work for me,
"users": [
{
"name": "admin",
"password": "encrypted(0859A0F6C68B9785)",
"roles": ["ADMIN"]
…
},
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Wednesday, June 07, 2017 11:26 AM
To: 'user@geode.apache.org<ma...@geode.apache.org>'; 'jiliao@pivotal.io<ma...@pivotal.io>'
Subject: RE: FW: ExampleSecurityManager in Apache geode
Thanks Jinmei for quick reply!
>> It did not work for me when I used [--classpath] and [--security-properties-file] even though my classpath contains security.json file [That’s strange]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
>> It worked for me when I used --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin [SUCCESS]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin --classpath=C:\Users\GeodeWorkDir\locator2
SUCCESS
Thanks & Regards,
Dharam
From: Jinmei Liao [mailto:jiliao@pivotal.io]
Sent: Wednesday, June 07, 2017 11:12 AM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
I tried using the SampleSecurityManager, and either one of the following command to start the 2nd locator is working: (I executed these commands while connected to the first locator, so I don't need to provide the --locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security --security-properties-file=locator2.properties
// locator2.properties only contains "security-username" and "security-password" properties.
2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin
I suspect that the reason one of your commands did not work is because of the locator2 can't find a security.json in its classpath, not because you did not provide the username/password. One of the complication of using our SampleSecurityManager is that it will need a security.json in it's classpath which complicates the issue. We should have a simpler security manager in the sample that's easier for users to experiment with.
On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
I am able to start server with –user and –password to join existing secure locator. But I am not able to start another locator to join the existing secure locator. Could someone guide me here?
start locator --name=locator1 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
SUCCESS
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties [gfsecurity.properties ---- security-username=clusteruser security-password=****]
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Tuesday, June 06, 2017 3:41 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: RE: ExampleSecurityManager in Apache geode
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.ge<http://org.apache.ge>ode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
--
-John
john.blum10101 (skype)
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: FW: ExampleSecurityManager in Apache geode
Posted by Mark Secrist <ms...@pivotal.io>.
Ah, ok. I did find that servers also needed that reference and I forgot to
mention that. Though I haven't attempted to start the server using SDG, I
suspect the issue is still the classpath reference from the server
starting. I found that when starting the locator with that reference to the
locator.properties, it added the line: 'security-manager =
org.apache.geode.examples.security.ExampleSecurityManager' to the cluster
configuration properties file. Consequently, all servers are expected to
have the security.json file on the classpath as well. I'm not sure if this
is intentional or even should be required, but that's what happens.
I don't have experience yet with configuring Apache Shiro so can't help
with that one, sorry.
Mark
On Mon, Jun 12, 2017 at 8:42 AM, Thacker, Dharam <
dharam.thacker@jpmorgan.com> wrote:
> Hi Mark,
>
> Thanks for the guidance! But I am not facing issue with starting secure
> locator using security.json.
>
> I am facing issue while starting server using spring data geode. Though It
> works well from gfsh start server with user and password.
>
> Usually src/main/resources artifacts compile into BOOT-INF/classes/* in
> the final jar with spring boot maven plugin.
>
> The below one is different case,
>
> Opposite case with shiro.ini which works well from spring data geode
> while starting server but fails with locator startup even with absolute
> classpath from gfsh.
>
>
> Any guesses with that?
>
>
> Regards,
> Dharam
>
> Sent with BlackBerry Work (www.blackberry.com)
>
>
>
> Sent with BlackBerry Work (www.blackberry.com)
> ------------------------------
> *From: *Mark Secrist <ms...@pivotal.io>
> *Sent: *Jun 12, 2017 7:55 PM
> *To: *user@geode.apache.org
> *Subject: *Re: FW: ExampleSecurityManager in Apache geode
> *Cc: *jiliao@pivotal.io
>
> Usually, source artifacts placed under src/main/resources and
> src/main/java get compiled to a target folder or into a JAR file. My best
> guess is your security.json file would end up at the top level folder of
> either the target folder or the JAR file.
>
> Regardless, here's how I have this working for our lab exercise for the
> GemFire Admin course.
> 1. Create a security folder and place security.json in that folder
> 2. Starting gfsh in the parent folder, start locator as:
> start locator --name=locator1 --classpath=../security
> --properties-file=locator.properties
> where: locator.properties contains the reference to the
> ExampleSecurityManager class
>
> Note, in my start example above, I used a relative path and that required
> going up a level. That's because the above example uses the name as the
> working directory of the locator, hence the need to use '../security'. A
> much better way to do this is to use an absolute path in the classpath or
> put into a JAR file.
>
> Mark
>
> On Mon, Jun 12, 2017 at 12:38 AM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
>> Hi Team,
>>
>>
>>
>> Any update on this?
>>
>>
>>
>> I tried hard with both of options but no luck! Appreciate if you can
>> verify at your end and suggest some alternative.
>>
>>
>>
>> *Option1: security.json along with ExampleSecurityManager*
>>
>>
>>
>> This works fine from gfsh to start secure locator as expected. But it
>> fails from spring-data-geode with below exception to bootstrap server using
>> spring data geode!
>>
>>
>>
>> I tried every possible way to inform that security.json is in classpath
>> [src/main/resources/security.json] ! J [-Dloader.path or
>> -Dspring.config.location or –Dsecurity-json=security.json or java -cp
>> option]
>>
>>
>>
>> org.springframework.beans.factory.BeanCreationException: Error creating
>> bean with name 'CacheServer': Cannot resolve reference to bean 'geodeCache'
>> while setting bean property 'cache'; nested exception is
>> org.springframework.beans
>>
>> .factory.BeanCreationException: Error creating bean with name
>> 'geodeCache': FactoryBean threw exception on object creation; nested
>> exception is org.apache.geode.security.AuthenticationFailedException:
>> ExampleSecurityManager: unabl
>>
>> e to find json resource "security.json" as specified by [security-json].
>>
>> at org.springframework.beans.factory.support.BeanDefinitionValu
>> eResolver.resolveReference(BeanDefinitionValueResolver.java:359)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.BeanDefinitionValu
>> eResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractAutowireCa
>> pableBeanFactory.applyPropertyValues(AbstractAu
>> towireCapableBeanFactory.java:1531) ~[spring-beans-4.3.7.RELEASE.j
>> ar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractAutowireCa
>> pableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1276)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractAutowireCa
>> pableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractAutowireCa
>> pableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractBeanFactor
>> y$1.getObject(AbstractBeanFactory.java:306)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.DefaultSingletonBe
>> anRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractBeanFactor
>> y.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.3.7.RELEASE.j
>> ar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractBeanFactor
>> y.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.7.RELEASE.j
>> ar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.DefaultListableBea
>> nFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:742)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.context.support.AbstractApplicationConte
>> xt.finishBeanFactoryInitialization(AbstractApplicationContext.java:866)
>> ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.context.support.AbstractApplicationConte
>> xt.refresh(AbstractApplicationContext.java:542)
>> ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737)
>> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>>
>> at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370)
>> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>>
>> at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
>> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>>
>> at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162)
>> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>>
>> at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151)
>> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>>
>> at com.example.MyServer.main(MyServer.java:11)
>> [classes!/:0.0.1-SNAPSHOT]
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> ~[na:1.8.0_102]
>>
>> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>> ~[na:1.8.0_102]
>>
>> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> ~[na:1.8.0_102]
>>
>> at java.lang.reflect.Method.invoke(Method.java:498)
>> ~[na:1.8.0_102]
>>
>> at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
>> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>>
>> at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
>> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>>
>> at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
>> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>>
>> at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:557)
>> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>>
>> Caused by: org.springframework.beans.factory.BeanCreationException:
>> Error creating bean with name 'geodeCache': FactoryBean threw exception on
>> object creation; nested exception is org.apache.geode.security.Auth
>> enticationFailedExce
>>
>> ption: ExampleSecurityManager: unable to find json resource
>> "security.json" as specified by [security-json].
>>
>> at org.springframework.beans.factory.support.FactoryBeanRegistr
>> ySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.FactoryBeanRegistr
>> ySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractBeanFactor
>> y.getObjectForBeanInstance(AbstractBeanFactory.java:1634)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractBeanFactor
>> y.doGetBean(AbstractBeanFactory.java:254) ~[spring-beans-4.3.7.RELEASE.j
>> ar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.AbstractBeanFactor
>> y.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.7.RELEASE.j
>> ar!/:4.3.7.RELEASE]
>>
>> at org.springframework.beans.factory.support.BeanDefinitionValu
>> eResolver.resolveReference(BeanDefinitionValueResolver.java:351)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> ... 26 common frames omitted
>>
>> Caused by: org.apache.geode.security.AuthenticationFailedException:
>> ExampleSecurityManager: unable to find json resource "security.json" as
>> specified by [security-json].
>>
>> at org.apache.geode.examples.security.ExampleSecurityManager.
>> init(ExampleSecurityManager.java:132) ~[geode-core-1.1.1.jar!/:na]
>>
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:332)
>> ~[geode-core-1.1.1.jar!/:na]
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
>> ~[geode-core-1.1.1.jar!/:na]
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
>> ~[geode-core-1.1.1.jar!/:na]
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
>> ~[geode-core-1.1.1.jar!/:na]
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>> ~[geode-core-1.1.1.jar!/:na]
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>> ~[geode-core-1.1.1.jar!/:na]
>>
>> at org.springframework.data.gemfire.CacheFactoryBean.createCache(CacheFactoryBean.java:354)
>> ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
>>
>> at org.springframework.data.gemfire.CacheFactoryBean.resolveCache(CacheFactoryBean.java:248)
>> ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
>>
>> at org.springframework.data.gemfire.CacheFactoryBean.init(CacheFactoryBean.java:189)
>> ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
>>
>> at org.springframework.data.gemfire.CacheFactoryBean.getObject(CacheFactoryBean.java:175)
>> ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
>>
>> at org.springframework.data.gemfire.CacheFactoryBean.getObject(CacheFactoryBean.java:87)
>> ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
>>
>> at org.springframework.beans.factory.support.FactoryBeanRegistr
>> ySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)
>> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>>
>> ... 31 common frames omitted
>>
>>
>>
>>
>>
>> *Option2: shiro.ini*
>>
>>
>>
>> As mentioned in below thread, it works fine with *spring-data-geode* but
>> fails from gfsh for secure locator
>>
>>
>>
>> Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher
>> failOnStart
>> INFO: locator is exiting due to an exception
>> java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil
>> at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(Re
>> flectionBuilder.java:409)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:702)
>> at org.apache.shiro.config.ReflectionBuilder.applySinglePropert
>> y(ReflectionBuilder.java:364)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:325)
>> at org.apache.shiro.config.ReflectionBuilder$AssignmentStatemen
>> t.doExecute(ReflectionBuilder.java:955)
>> at org.apache.shiro.config.ReflectionBuilder$Statement.execute(
>> ReflectionBuilder.java:887)
>> at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationP
>> rocessor.execute(ReflectionBuilder.java:765)
>> at org.apache.shiro.config.ReflectionBuilder.buildObjects(Refle
>> ctionBuilder.java:260)
>> at org.apache.shiro.config.IniSecurityManagerFactory.buildInsta
>> nces(IniSecurityManagerFactory.java:167)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:130)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:108)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:94)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:46)
>> at org.apache.shiro.config.IniFactorySupport.createInstance(Ini
>> FactorySupport.java:123)
>> at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFa
>> ctory.java:47)
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:322)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>> Caused by: java.lang.ClassNotFoundException:
>> org.apache.commons.beanutils.PropertyUtil at
>> java.net.URLClassLoader.findClass(URLClassLoader.java:381)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>> ... 28 more
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError:
>> org/apache/commons/beanutils/PropertyUtil at
>> org.apache.shiro.config.ReflectionBuilder.isTypedProperty(Re
>> flectionBuilder.java:409)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:702)
>> at org.apache.shiro.config.ReflectionBuilder.applySinglePropert
>> y(ReflectionBuilder.java:364)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:325)
>> at org.apache.shiro.config.ReflectionBuilder$AssignmentStatemen
>> t.doExecute(ReflectionBuilder.java:955)
>> at org.apache.shiro.config.ReflectionBuilder$Statement.execute(
>> ReflectionBuilder.java:887)
>> at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationP
>> rocessor.execute(ReflectionBuilder.java:765)
>> at org.apache.shiro.config.ReflectionBuilder.buildObjects(Refle
>> ctionBuilder.java:260)
>> at org.apache.shiro.config.IniSecurityManagerFactory.buildInsta
>> nces(IniSecurityManagerFactory.java:167)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:130)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:108)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:94)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:46)
>> at org.apache.shiro.config.IniFactorySupport.createInstance(Ini
>> FactorySupport.java:123)
>> at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFa
>> ctory.java:47)
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:322)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>> Caused by: java.lang.ClassNotFoundException:
>> org.apache.commons.beanutils.PropertyUtil at
>> java.net.URLClassLoader.findClass(URLClassLoader.java:381)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>> ... 28 more
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>> *From:* Thacker, Dharam
>> *Sent:* Friday, June 09, 2017 9:51 AM
>> *To:* user@geode.apache.org
>> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Hi,
>>
>>
>>
>> Thanks John for reference links! I gave a try using security-shiro-init
>> property in locator.properties.
>>
>> But it's not able to find out Apache commons library even after giving
>> all classpath references.
>>
>>
>>
>> Am I missing anything?
>>
>>
>>
>> gfsh>start locator --name=locator1 --properties-file=locator1.properties
>> --classpath=/home/dharam/Downloads/apache-geode/locator1:lib
>>
>>
>>
>>
>>
>> gfsh>start locator --name=locator1 --properties-file=locator1.properties
>> --classpath=/home/dharam/Downloads/apache-geode/locator1:./lib/*
>>
>>
>>
>>
>>
>> Exception :
>>
>>
>> Starting a Geode Locator in /home/dharam/Downloads/apache-
>> geode/locator1...
>> The Locator process terminated unexpectedly with exit status 1. Please
>> refer to the log file in /home/dharam/Downloads/apache-geode/locator1
>> for full details.
>>
>> Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher
>> failOnStart
>> INFO: locator is exiting due to an exception
>> java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil
>> at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(Re
>> flectionBuilder.java:409)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:702)
>> at org.apache.shiro.config.ReflectionBuilder.applySinglePropert
>> y(ReflectionBuilder.java:364)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:325)
>> at org.apache.shiro.config.ReflectionBuilder$AssignmentStatemen
>> t.doExecute(ReflectionBuilder.java:955)
>> at org.apache.shiro.config.ReflectionBuilder$Statement.execute(
>> ReflectionBuilder.java:887)
>> at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationP
>> rocessor.execute(ReflectionBuilder.java:765)
>> at org.apache.shiro.config.ReflectionBuilder.buildObjects(Refle
>> ctionBuilder.java:260)
>> at org.apache.shiro.config.IniSecurityManagerFactory.buildInsta
>> nces(IniSecurityManagerFactory.java:167)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:130)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:108)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:94)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:46)
>> at org.apache.shiro.config.IniFactorySupport.createInstance(Ini
>> FactorySupport.java:123)
>> at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFa
>> ctory.java:47)
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:322)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>> Caused by: java.lang.ClassNotFoundException:
>> org.apache.commons.beanutils.PropertyUtil at
>> java.net.URLClassLoader.findClass(URLClassLoader.java:381)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>> ... 28 more
>>
>> Exception in thread "main" java.lang.NoClassDefFoundError:
>> org/apache/commons/beanutils/PropertyUtil at
>> org.apache.shiro.config.ReflectionBuilder.isTypedProperty(Re
>> flectionBuilder.java:409)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:702)
>> at org.apache.shiro.config.ReflectionBuilder.applySinglePropert
>> y(ReflectionBuilder.java:364)
>> at org.apache.shiro.config.ReflectionBuilder.applyProperty(Refl
>> ectionBuilder.java:325)
>> at org.apache.shiro.config.ReflectionBuilder$AssignmentStatemen
>> t.doExecute(ReflectionBuilder.java:955)
>> at org.apache.shiro.config.ReflectionBuilder$Statement.execute(
>> ReflectionBuilder.java:887)
>> at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationP
>> rocessor.execute(ReflectionBuilder.java:765)
>> at org.apache.shiro.config.ReflectionBuilder.buildObjects(Refle
>> ctionBuilder.java:260)
>> at org.apache.shiro.config.IniSecurityManagerFactory.buildInsta
>> nces(IniSecurityManagerFactory.java:167)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:130)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createSecu
>> rityManager(IniSecurityManagerFactory.java:108)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:94)
>> at org.apache.shiro.config.IniSecurityManagerFactory.createInst
>> ance(IniSecurityManagerFactory.java:46)
>> at org.apache.shiro.config.IniFactorySupport.createInstance(Ini
>> FactorySupport.java:123)
>> at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFa
>> ctory.java:47)
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:322)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>> Caused by: java.lang.ClassNotFoundException:
>> org.apache.commons.beanutils.PropertyUtil at
>> java.net.URLClassLoader.findClass(URLClassLoader.java:381)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
>> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
>> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
>> ... 28 more
>>
>> Thanks,
>> - Dharam Thacker
>>
>>
>> Sent with BlackBerry Work (www.blackberry.com)
>> ------------------------------
>>
>> *From: *John Blum <jb...@pivotal.io>
>> *Sent: *Jun 8, 2017 10:55 PM
>> *To: *user@geode.apache.org
>> *Subject: *Re: FW: ExampleSecurityManager in Apache geode
>>
>> Hi Dharam-
>>
>>
>>
>> I admit, I have not actually used Apache Shiro to secure a Locator yet.
>> I cannot think of any reason off the top of my head why this would not work.
>>
>>
>>
>> Apache Geode has a security property to specify an Apache Shiro INI
>> file...
>>
>>
>>
>> security-shiro-init
>>
>>
>>
>> The support in *Spring Data Geode* makes this brain dead simple to do
>> [1].
>>
>>
>>
>> Most of the decision making about which Security Provider will be used in
>> Apache Geode's Integrated Security Framework is done here [2]. SDG is
>> aware of this, and using the Annotations, makes the appropriate decision
>> based on the configuration.
>>
>>
>>
>> Also +1 to *Udo's* comment.
>>
>>
>>
>> -John
>>
>>
>>
>>
>>
>> [1] https://github.com/spring-projects/spring-data-geode/blo
>> b/master/src/main/java/org/springframework/data/gemfire/conf
>> ig/annotation/EnableSecurity.java#L107-L113
>>
>> [2] https://github.com/apache/geode/blob/develop/geode-core/
>> src/main/java/org/apache/geode/internal/security/IntegratedS
>> ecurityService.java#L286-L334
>>
>>
>>
>>
>>
>> On Thu, Jun 8, 2017 at 10:12 AM, Udo Kohlmeyer <uk...@pivotal.io>
>> wrote:
>>
>> In addition to this, Jinmei's #2 can be easily achieved using a KMIP like
>> HashiCorp Vault. https://www.vaultproject.io/
>>
>>
>>
>> On 6/8/17 09:51, John Blum wrote:
>>
>> Dharam-
>>
>>
>>
>> ... or use *Apache Shiro*, which provides tooling [1] to handle securing
>> credentials [2]. Shiro also handles encryption [3]. Although it is not
>> well spelled in the Apache Geode documentation [4], Apache Geode does
>> integrate with Apache Shiro for security as well.
>>
>>
>>
>> As any FYI, in *Spring Data Geode*, I provided first-class support for
>> Apache Geode when using Apache Shiro. I blogged about this [5] (see
>> section starting with "Security!").
>>
>>
>>
>> So, my recommendation, in addition to Jinmei's option #1 below, is to use
>> Apache Shiro over implementing your own Apache Geode SecurityManager
>> interface.
>>
>>
>>
>> Hope this helps!
>>
>>
>>
>> -John
>>
>>
>>
>>
>>
>> [1] https://shiro.apache.org/command-line-hasher.html
>>
>> [2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
>>
>> [3] https://shiro.apache.org/cryptography-features.html
>>
>> [4] http://geode.apache.org/docs/guide/11/managing/security/
>> chapter_overview.html
>>
>> [5] https://spring.io/blog/2016/11/10/spring-data-geode-1-0-
>> 0-incubating-release-released
>>
>>
>>
>>
>>
>> On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io> wrote:
>>
>> SampleSecurityManager doesn't do encryption/decryption. It's meant only
>> as an example.
>>
>>
>>
>> There are multiple ways to protect your password:
>>
>> 1) read-protect your security.json so that only a certain user can read
>> it.
>>
>> 2) implement your own security-manager to decrypt the password using a
>> secret key. (but here again you will need to find a way to protect this key
>> in your corporation. In my opinion, it's simply changing the subject, but
>> the problem is still there).
>>
>>
>>
>> We usually recommend the first approach, but in some situations, 2nd one
>> might be an option too.
>>
>>
>>
>>
>>
>> On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>> Hi Jinmei,
>>
>>
>>
>> Is there any way to encrypt password in security.json file with Geode
>> 1.1.1? I tried below but it did not work for me,
>>
>>
>>
>> "users": [
>>
>> {
>>
>> "name": "admin",
>>
>> "password": "encrypted(0859A0F6C68B9785)",
>>
>> "roles": ["ADMIN"]
>>
>> …
>>
>> },
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>> *From:* Thacker, Dharam
>> *Sent:* Wednesday, June 07, 2017 11:26 AM
>> *To:* 'user@geode.apache.org'; 'jiliao@pivotal.io'
>> *Subject:* RE: FW: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Thanks Jinmei for quick reply!
>>
>>
>>
>> >> It did not work for me when I used [*--classpath]* and [*--security-properties-file]
>> *even though my classpath contains security.json file* [**That’s strange*
>> *]*
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --*security-properties-file*=gfsecurity.properties --*classpath*
>> =C:\Users\GeodeWorkDir\locator2
>>
>> FAILED
>>
>>
>>
>> >> It worked for me when I used --J=-Dgemfire.security-username=admin
>> --J=-Dgemfire.security-password=admin [*SUCCESS*]
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --J=-*Dgemfire.security-username*=admin --J=-*Dgemfire.security-password*=admin
>> --*classpath*=C:\Users\GeodeWorkDir\locator2
>>
>> SUCCESS
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>> *From:* Jinmei Liao [mailto:jiliao@pivotal.io <ji...@pivotal.io>]
>> *Sent:* Wednesday, June 07, 2017 11:12 AM
>> *To:* user@geode.apache.org
>> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>>
>>
>>
>> I tried using the SampleSecurityManager, and either one of the following
>> command to start the 2nd locator is working: (I executed these commands
>> while connected to the first locator, so I don't need to provide the
>> --locators option, it knows which locator to join)
>>
>>
>>
>> 1> start locator --name=locator2 --port=10335
>> --classpath=/Users/jiliao/my_geode/security
>> --security-properties-file=locator2.properties
>>
>> // locator2.properties only contains "security-username" and
>> "security-password" properties.
>>
>>
>>
>> 2> start locator --name=locator2 --port=10335
>> --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/
>> --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-passwor
>> d=admin
>>
>>
>>
>>
>>
>> I suspect that the reason one of your commands did not work is because of
>> the locator2 can't find a security.json in its classpath, not because you
>> did not provide the username/password. One of the complication of using our
>> SampleSecurityManager is that it will need a security.json in it's
>> classpath which complicates the issue. We should have a simpler security
>> manager in the sample that's easier for users to experiment with.
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>> I am able to start server with –user and –password to join existing
>> secure locator. But I am not able to start another locator to join the
>> existing secure locator. Could someone guide me here?
>>
>>
>>
>> start locator --name=locator1 --locators=localhost[10334],localhost[10335]
>> --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
>>
>>
>> SUCCESS
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --properties-file=locator.properties --classpath=C:\Users\GeodeWork
>> Dir\locator2
>>
>> FAILED
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --security-properties-file=gfsecurity.properties
>> [gfsecurity.properties ---- security-username=clusteruser
>> security-password=****]
>>
>> FAILED
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --security-properties-file=gfsecurity.properties
>> --classpath=C:\Users\GeodeWorkDir\locator2
>>
>> FAILED
>>
>>
>>
>>
>>
>> *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher
>> failOnStart*
>>
>> *INFO: locator is exiting due to an exception*
>>
>>
>>
>> *org.apache.geode.security.AuthenticationRequiredException: Failed to
>> find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>>
>>
>>
>> *Thanks & Regards,*
>>
>> *Dharam*
>>
>>
>>
>> *From:* Thacker, Dharam
>> *Sent:* Tuesday, June 06, 2017 3:41 PM
>> *To:* user@geode.apache.org
>> *Cc:* jiliao@pivotal.io
>> *Subject:* RE: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Thank you Nilkanth!
>>
>>
>>
>> Classpath worked!
>>
>>
>>
>> start locator --name=locator1 --properties-file=locator.properties
>> --classpath=C:\Users\GeodeWorkDir\locator1
>>
>> *security-json file location:*
>>
>> C:\Users\GeodeWorkDir\locator1\security.json
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
>> <ni...@gmail.com>]
>> *Sent:* Tuesday, June 06, 2017 3:35 PM
>> *To:* user@geode.apache.org
>> *Cc:* jiliao@pivotal.io
>> *Subject:* Re: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Dharam,
>>
>>
>>
>> Try out something like bellow, "security.json" is kept into
>> /work/code/oss/geode/locator1 dir.
>>
>>
>>
>> gfsh>start locator --name=/work/code/oss/geode/locator1
>> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
>> --classpath=/work/code/oss/geode/locator1
>>
>>
>>
>> Additional checks,
>>
>> 1. specify classpath while starting locator as shown in above command.
>>
>> 2. check the file permission for security.json.
>>
>>
>>
>> Nilkanth.
>>
>>
>>
>> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>> Hi Nilkanth,
>>
>>
>>
>> Thanks for the reply! I tried below one but it’s still not taking
>> security.json file. Do you suggest anything different?
>>
>>
>>
>> *My Current Directory:*
>>
>> C:\Users\GeodeWorkDir
>>
>>
>>
>> *Locator Directory:*
>>
>> C:\Users\GeodeWorkDir\locator1
>>
>>
>>
>> *security-json file location [Tried both locations]:*
>>
>> C:\Users\GeodeWorkDir\locator1\security.json
>>
>> C:\Users\GeodeWorkDir\security.json
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>>
>>
>> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
>> *Sent:* Tuesday, June 06, 2017 3:07 PM
>> *To:* user@geode.apache.org
>> *Cc:* jiliao@pivotal.io
>> *Subject:* Re: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Dharam,
>>
>>
>>
>> I believe following will be helpful to you.
>>
>>
>>
>> IMO with the existing implementation, "security.json" file has to be
>> kept in a locator/server directory. In your case you need to be keep it in
>> a locator director (l1) and should work.
>>
>>
>>
>> Hope this helps.
>>
>>
>>
>> Nilkanth Patel.
>>
>>
>>
>> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>> Hi Jinmei & Team,
>>
>>
>>
>> I was going through “New Security In Apache Geode” video. I also tried to
>> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
>> below,
>>
>>
>>
>> *locator.proprties*
>>
>>
>>
>> mcast-port=0
>>
>> security-manager=org.apache.geode.examples.security.ExampleS
>> ecurityManager
>>
>> security-post-processor=org.apache.geode.examples.security.
>> ExamplePostProcessor
>>
>>
>>
>> > dir
>>
>> locator.properties
>>
>> security.json
>>
>> security-config.jar
>>
>>
>>
>> My security-config.jar has following structure,
>>
>> --- resources -> security.json
>>
>> --- META-INF -> MANIFEST.MF
>>
>>
>>
>> Could you guide me with below error?
>>
>>
>>
>> gfsh>start locator --name=locator1 --properties-file=locator.properties
>> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>>
>> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>>
>> The Locator process terminated unexpectedly with exit status 1. Please
>> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>>
>>
>>
>> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
>> failOnStart
>>
>> INFO: locator is exiting due to an exception
>>
>> org.apache.geode.security.AuthenticationFailedException:
>> ExampleSecurityManager: unable to find json resource "security.json" as
>> specified by [security-json].
>>
>> at org.apache.geode.examples.security.ExampleSecurityManager.in
>> it(ExampleSecurityManager.java:132)
>>
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:332)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>>
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>>
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>>
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>>
>>
>>
>> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
>> ExampleSecurityManager: unable to find json resource "security.json" as
>> specified by [security-json].
>>
>> at org.apache.geode.examples.security.ExampleSecurityManager.in
>> it(ExampleSecurityManager.java:132)
>>
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:332)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>>
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>>
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>>
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>>
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>>
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>>
>>
>>
>>
>> --
>>
>> Cheers
>>
>>
>>
>> Jinmei
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>>
>>
>>
>>
>> --
>>
>> Cheers
>>
>>
>>
>> Jinmei
>>
>>
>>
>>
>>
>> --
>>
>> -John
>>
>> john.blum10101 (skype)
>>
>>
>>
>>
>>
>>
>>
>> --
>>
>> -John
>>
>> john.blum10101 (skype)
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>
>
>
> --
>
> *Mark Secrist | Sr Manager, **Global Education Delivery*
>
> msecrist@pivotal.io
>
> 970.214.4567 Mobile
>
> *pivotal.io <http://www.pivotal.io/>*
>
> Follow Us: Twitter <http://www.twitter.com/pivotal> | LinkedIn
> <http://www.linkedin.com/company/pivotalsoftware> | Facebook
> <http://www.facebook.com/pivotalsoftware> | YouTube
> <http://www.youtube.com/gopivotal> | Google+
> <https://plus.google.com/105320112436428794490>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
--
*Mark Secrist | Sr Manager, **Global Education Delivery*
msecrist@pivotal.io
970.214.4567 Mobile
*pivotal.io <http://www.pivotal.io/>*
Follow Us: Twitter <http://www.twitter.com/pivotal> | LinkedIn
<http://www.linkedin.com/company/pivotalsoftware> | Facebook
<http://www.facebook.com/pivotalsoftware> | YouTube
<http://www.youtube.com/gopivotal> | Google+
<https://plus.google.com/105320112436428794490>
Re: FW: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Hi Mark,
Thanks for the guidance! But I am not facing issue with starting secure locator using security.json.
I am facing issue while starting server using spring data geode. Though It works well from gfsh start server with user and password.
Usually src/main/resources artifacts compile into BOOT-INF/classes/* in the final jar with spring boot maven plugin.
The below one is different case,
Opposite case with shiro.ini<http://shiro.ini> which works well from spring data geode while starting server but fails with locator startup even with absolute classpath from gfsh.
Any guesses with that?
Regards,
Dharam
Sent with BlackBerry Work (www.blackberry.com)
Sent with BlackBerry Work (www.blackberry.com)
________________________________
From: Mark Secrist <ms...@pivotal.io>
Sent: Jun 12, 2017 7:55 PM
To: user@geode.apache.org
Subject: Re: FW: ExampleSecurityManager in Apache geode
Cc: jiliao@pivotal.io
Usually, source artifacts placed under src/main/resources and src/main/java get compiled to a target folder or into a JAR file. My best guess is your security.json file would end up at the top level folder of either the target folder or the JAR file.
Regardless, here's how I have this working for our lab exercise for the GemFire Admin course.
1. Create a security folder and place security.json in that folder
2. Starting gfsh in the parent folder, start locator as:
start locator --name=locator1 --classpath=../security --properties-file=locator.properties
where: locator.properties contains the reference to the ExampleSecurityManager class
Note, in my start example above, I used a relative path and that required going up a level. That's because the above example uses the name as the working directory of the locator, hence the need to use '../security'. A much better way to do this is to use an absolute path in the classpath or put into a JAR file.
Mark
On Mon, Jun 12, 2017 at 12:38 AM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Team,
Any update on this?
I tried hard with both of options but no luck! Appreciate if you can verify at your end and suggest some alternative.
Option1: security.json along with ExampleSecurityManager
This works fine from gfsh to start secure locator as expected. But it fails from spring-data-geode with below exception to bootstrap server using spring data geode!
I tried every possible way to inform that security.json is in classpath [src/main/resources/security.json] ! :) [-Dloader.path or -Dspring.config.location or –Dsecurity-json=security.json or java -cp option]
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'CacheServer': Cannot resolve reference to bean 'geodeCache' while setting bean property 'cache'; nested exception is org.springframework.beans
.factory.BeanCreationException: Error creating bean with name 'geodeCache': FactoryBean threw exception on object creation; nested exception is org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unabl
e to find json resource "security.json" as specified by [security-json].
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1531) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1276) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:742) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:866) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at com.example.MyServer.main(MyServer.java:11) [classes!/:0.0.1-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_102]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_102]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_102]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_102]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:557) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'geodeCache': FactoryBean threw exception on object creation; nested exception is org.apache.geode.security.AuthenticationFailedExce
ption: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1634) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
... 26 common frames omitted
Caused by: org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218) ~[geode-core-1.1.1.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.createCache(CacheFactoryBean.java:354) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.resolveCache(CacheFactoryBean.java:248) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.init(CacheFactoryBean.java:189) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.getObject(CacheFactoryBean.java:175) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.getObject(CacheFactoryBean.java:87) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
... 31 common frames omitted
Option2: shiro.ini
As mentioned in below thread, it works fine with spring-data-geode but fails from gfsh for secure locator
Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Friday, June 09, 2017 9:51 AM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
Hi,
Thanks John for reference links! I gave a try using security-shiro-init property in locator.properties.
But it's not able to find out Apache commons library even after giving all classpath references.
Am I missing anything?
gfsh>start locator --name=locator1 --properties-file=locator1.properties --classpath=/home/dharam/Downloads/apache-geode/locator1:lib
gfsh>start locator --name=locator1 --properties-file=locator1.properties --classpath=/home/dharam/Downloads/apache-geode/locator1:./lib/*
Exception :
Starting a Geode Locator in /home/dharam/Downloads/apache-geode/locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in /home/dharam/Downloads/apache-geode/locator1 for full details.
Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Thanks,
- Dharam Thacker
Sent with BlackBerry Work (www.blackberry.com<http://www.blackberry.com>)
________________________________
From: John Blum <jb...@pivotal.io>>
Sent: Jun 8, 2017 10:55 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
Hi Dharam-
I admit, I have not actually used Apache Shiro to secure a Locator yet. I cannot think of any reason off the top of my head why this would not work.
Apache Geode has a security property to specify an Apache Shiro INI file...
security-shiro-init
The support in Spring Data Geode makes this brain dead simple to do [1].
Most of the decision making about which Security Provider will be used in Apache Geode's Integrated Security Framework is done here [2]. SDG is aware of this, and using the Annotations, makes the appropriate decision based on the configuration.
Also +1 to Udo's comment.
-John
[1] https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSecurity.java#L107-L113
[2] https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java#L286-L334
On Thu, Jun 8, 2017 at 10:12 AM, Udo Kohlmeyer <uk...@pivotal.io>> wrote:
In addition to this, Jinmei's #2 can be easily achieved using a KMIP like HashiCorp Vault. https://www.vaultproject.io/
On 6/8/17 09:51, John Blum wrote:
Dharam-
... or use Apache Shiro, which provides tooling [1] to handle securing credentials [2]. Shiro also handles encryption [3]. Although it is not well spelled in the Apache Geode documentation [4], Apache Geode does integrate with Apache Shiro for security as well.
As any FYI, in Spring Data Geode, I provided first-class support for Apache Geode when using Apache Shiro. I blogged about this [5] (see section starting with "Security!").
So, my recommendation, in addition to Jinmei's option #1 below, is to use Apache Shiro over implementing your own Apache Geode SecurityManager interface.
Hope this helps!
-John
[1] https://shiro.apache.org/command-line-hasher.html
[2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
[3] https://shiro.apache.org/cryptography-features.html
[4] http://geode.apache.org/docs/guide/11/managing/security/chapter_overview.html
[5] https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released
On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io>> wrote:
SampleSecurityManager doesn't do encryption/decryption. It's meant only as an example.
There are multiple ways to protect your password:
1) read-protect your security.json so that only a certain user can read it.
2) implement your own security-manager to decrypt the password using a secret key. (but here again you will need to find a way to protect this key in your corporation. In my opinion, it's simply changing the subject, but the problem is still there).
We usually recommend the first approach, but in some situations, 2nd one might be an option too.
On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei,
Is there any way to encrypt password in security.json file with Geode 1.1.1? I tried below but it did not work for me,
"users": [
{
"name": "admin",
"password": "encrypted(0859A0F6C68B9785)",
"roles": ["ADMIN"]
…
},
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Wednesday, June 07, 2017 11:26 AM
To: 'user@geode.apache.org<ma...@geode.apache.org>'; 'jiliao@pivotal.io<ma...@pivotal.io>'
Subject: RE: FW: ExampleSecurityManager in Apache geode
Thanks Jinmei for quick reply!
>> It did not work for me when I used [--classpath] and [--security-properties-file] even though my classpath contains security.json file [That’s strange]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
>> It worked for me when I used --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin [SUCCESS]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin --classpath=C:\Users\GeodeWorkDir\locator2
SUCCESS
Thanks & Regards,
Dharam
From: Jinmei Liao [mailto:jiliao@pivotal.io]
Sent: Wednesday, June 07, 2017 11:12 AM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
I tried using the SampleSecurityManager, and either one of the following command to start the 2nd locator is working: (I executed these commands while connected to the first locator, so I don't need to provide the --locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security --security-properties-file=locator2.properties
// locator2.properties only contains "security-username" and "security-password" properties.
2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin
I suspect that the reason one of your commands did not work is because of the locator2 can't find a security.json in its classpath, not because you did not provide the username/password. One of the complication of using our SampleSecurityManager is that it will need a security.json in it's classpath which complicates the issue. We should have a simpler security manager in the sample that's easier for users to experiment with.
On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
I am able to start server with –user and –password to join existing secure locator. But I am not able to start another locator to join the existing secure locator. Could someone guide me here?
start locator --name=locator1 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
SUCCESS
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties [gfsecurity.properties ---- security-username=clusteruser security-password=****]
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Tuesday, June 06, 2017 3:41 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: RE: ExampleSecurityManager in Apache geode
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.ge<http://org.apache.ge>ode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.in<http://rity.ExampleSecurityManager.in>it(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.in<http://rity.ExampleSecurityManager.in>it(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
--
-John
john.blum10101 (skype)
--
-John
john.blum10101 (skype)
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Mark Secrist | Sr Manager, Global Education Delivery
msecrist@pivotal.io<ma...@pivotal.io>
970.214.4567 Mobile
[http://d1fto35gcfffzn.cloudfront.net/images/header/logo-pivotal-220.png] pivotal.io<http://www.pivotal.io/>
Follow Us: Twitter<http://www.twitter.com/pivotal> | LinkedIn<http://www.linkedin.com/company/pivotalsoftware> | Facebook<http://www.facebook.com/pivotalsoftware> | YouTube<http://www.youtube.com/gopivotal> | Google+<https://plus.google.com/105320112436428794490>
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: FW: ExampleSecurityManager in Apache geode
Posted by Mark Secrist <ms...@pivotal.io>.
Usually, source artifacts placed under src/main/resources and src/main/java
get compiled to a target folder or into a JAR file. My best guess is your
security.json file would end up at the top level folder of either the
target folder or the JAR file.
Regardless, here's how I have this working for our lab exercise for the
GemFire Admin course.
1. Create a security folder and place security.json in that folder
2. Starting gfsh in the parent folder, start locator as:
start locator --name=locator1 --classpath=../security
--properties-file=locator.properties
where: locator.properties contains the reference to the
ExampleSecurityManager class
Note, in my start example above, I used a relative path and that required
going up a level. That's because the above example uses the name as the
working directory of the locator, hence the need to use '../security'. A
much better way to do this is to use an absolute path in the classpath or
put into a JAR file.
Mark
On Mon, Jun 12, 2017 at 12:38 AM, Thacker, Dharam <
dharam.thacker@jpmorgan.com> wrote:
> Hi Team,
>
>
>
> Any update on this?
>
>
>
> I tried hard with both of options but no luck! Appreciate if you can
> verify at your end and suggest some alternative.
>
>
>
> *Option1: security.json along with ExampleSecurityManager*
>
>
>
> This works fine from gfsh to start secure locator as expected. But it
> fails from spring-data-geode with below exception to bootstrap server using
> spring data geode!
>
>
>
> I tried every possible way to inform that security.json is in classpath
> [src/main/resources/security.json] ! J [-Dloader.path or
> -Dspring.config.location or –Dsecurity-json=security.json or java -cp
> option]
>
>
>
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'CacheServer': Cannot resolve reference to bean 'geodeCache'
> while setting bean property 'cache'; nested exception is
> org.springframework.beans
>
> .factory.BeanCreationException: Error creating bean with name
> 'geodeCache': FactoryBean threw exception on object creation; nested
> exception is org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unabl
>
> e to find json resource "security.json" as specified by [security-json].
>
> at org.springframework.beans.factory.support.
> BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> BeanDefinitionValueResolver.resolveValueIfNecessary(
> BeanDefinitionValueResolver.java:108) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.applyPropertyValues(
> AbstractAutowireCapableBeanFactory.java:1531)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.populateBean(
> AbstractAutowireCapableBeanFactory.java:1276)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.doCreateBean(
> AbstractAutowireCapableBeanFactory.java:553) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.createBean(
> AbstractAutowireCapableBeanFactory.java:483) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> DefaultListableBeanFactory.preInstantiateSingletons(
> DefaultListableBeanFactory.java:742) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.context.support.AbstractApplicationContext.
> finishBeanFactoryInitialization(AbstractApplicationContext.java:866)
> ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.context.support.AbstractApplicationContext.
> refresh(AbstractApplicationContext.java:542) ~[spring-context-4.3.7.
> RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at com.example.MyServer.main(MyServer.java:11)
> [classes!/:0.0.1-SNAPSHOT]
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_102]
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62) ~[na:1.8.0_102]
>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_102]
>
> at java.lang.reflect.Method.invoke(Method.java:498)
> ~[na:1.8.0_102]
>
> at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>
> at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>
> at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>
> at org.springframework.boot.loader.PropertiesLauncher.
> main(PropertiesLauncher.java:557) [adminserver-0.0.1-SNAPSHOT.
> jar:0.0.1-SNAPSHOT]
>
> Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'geodeCache': FactoryBean threw exception on object
> creation; nested exception is org.apache.geode.security.
> AuthenticationFailedExce
>
> ption: ExampleSecurityManager: unable to find json resource
> "security.json" as specified by [security-json].
>
> at org.springframework.beans.factory.support.
> FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(
> FactoryBeanRegistrySupport.java:175) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> FactoryBeanRegistrySupport.getObjectFromFactoryBean(
> FactoryBeanRegistrySupport.java:103) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.AbstractBeanFactory.
> getObjectForBeanInstance(AbstractBeanFactory.java:1634)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> ... 26 common frames omitted
>
> Caused by: org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132) ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208) ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798) ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> createCache(CacheFactoryBean.java:354) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> resolveCache(CacheFactoryBean.java:248) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.init(CacheFactoryBean.java:189)
> ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> getObject(CacheFactoryBean.java:175) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> getObject(CacheFactoryBean.java:87) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.beans.factory.support.
> FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(
> FactoryBeanRegistrySupport.java:168) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> ... 31 common frames omitted
>
>
>
>
>
> *Option2: shiro.ini*
>
>
>
> As mentioned in below thread, it works fine with *spring-data-geode* but
> fails from gfsh for secure locator
>
>
>
> Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart
> INFO: locator is exiting due to an exception
> java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil
> at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(
> ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
> Exception in thread "main" java.lang.NoClassDefFoundError:
> org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.
> ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Friday, June 09, 2017 9:51 AM
> *To:* user@geode.apache.org
> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>
>
>
> Hi,
>
>
>
> Thanks John for reference links! I gave a try using security-shiro-init
> property in locator.properties.
>
> But it's not able to find out Apache commons library even after giving all
> classpath references.
>
>
>
> Am I missing anything?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator1.properties
> --classpath=/home/dharam/Downloads/apache-geode/locator1:lib
>
>
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator1.properties
> --classpath=/home/dharam/Downloads/apache-geode/locator1:./lib/*
>
>
>
>
>
> Exception :
>
>
> Starting a Geode Locator in /home/dharam/Downloads/apache-
> geode/locator1...
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in /home/dharam/Downloads/apache-geode/locator1 for
> full details.
>
> Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart
> INFO: locator is exiting due to an exception
> java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil
> at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(
> ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
> Exception in thread "main" java.lang.NoClassDefFoundError:
> org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.
> ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
> Thanks,
> - Dharam Thacker
>
>
> Sent with BlackBerry Work (www.blackberry.com)
> ------------------------------
>
> *From: *John Blum <jb...@pivotal.io>
> *Sent: *Jun 8, 2017 10:55 PM
> *To: *user@geode.apache.org
> *Subject: *Re: FW: ExampleSecurityManager in Apache geode
>
> Hi Dharam-
>
>
>
> I admit, I have not actually used Apache Shiro to secure a Locator yet. I
> cannot think of any reason off the top of my head why this would not work.
>
>
>
> Apache Geode has a security property to specify an Apache Shiro INI file...
>
>
>
> security-shiro-init
>
>
>
> The support in *Spring Data Geode* makes this brain dead simple to do [1].
>
>
>
> Most of the decision making about which Security Provider will be used in
> Apache Geode's Integrated Security Framework is done here [2]. SDG is
> aware of this, and using the Annotations, makes the appropriate decision
> based on the configuration.
>
>
>
> Also +1 to *Udo's* comment.
>
>
>
> -John
>
>
>
>
>
> [1] https://github.com/spring-projects/spring-data-geode/
> blob/master/src/main/java/org/springframework/data/gemfire/
> config/annotation/EnableSecurity.java#L107-L113
>
> [2] https://github.com/apache/geode/blob/develop/geode-core/
> src/main/java/org/apache/geode/internal/security/
> IntegratedSecurityService.java#L286-L334
>
>
>
>
>
> On Thu, Jun 8, 2017 at 10:12 AM, Udo Kohlmeyer <uk...@pivotal.io>
> wrote:
>
> In addition to this, Jinmei's #2 can be easily achieved using a KMIP like
> HashiCorp Vault. https://www.vaultproject.io/
>
>
>
> On 6/8/17 09:51, John Blum wrote:
>
> Dharam-
>
>
>
> ... or use *Apache Shiro*, which provides tooling [1] to handle securing
> credentials [2]. Shiro also handles encryption [3]. Although it is not
> well spelled in the Apache Geode documentation [4], Apache Geode does
> integrate with Apache Shiro for security as well.
>
>
>
> As any FYI, in *Spring Data Geode*, I provided first-class support for
> Apache Geode when using Apache Shiro. I blogged about this [5] (see
> section starting with "Security!").
>
>
>
> So, my recommendation, in addition to Jinmei's option #1 below, is to use
> Apache Shiro over implementing your own Apache Geode SecurityManager
> interface.
>
>
>
> Hope this helps!
>
>
>
> -John
>
>
>
>
>
> [1] https://shiro.apache.org/command-line-hasher.html
>
> [2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
>
> [3] https://shiro.apache.org/cryptography-features.html
>
> [4] http://geode.apache.org/docs/guide/11/managing/
> security/chapter_overview.html
>
> [5] https://spring.io/blog/2016/11/10/spring-data-geode-
> 1-0-0-incubating-release-released
>
>
>
>
>
> On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io> wrote:
>
> SampleSecurityManager doesn't do encryption/decryption. It's meant only as
> an example.
>
>
>
> There are multiple ways to protect your password:
>
> 1) read-protect your security.json so that only a certain user can read it.
>
> 2) implement your own security-manager to decrypt the password using a
> secret key. (but here again you will need to find a way to protect this key
> in your corporation. In my opinion, it's simply changing the subject, but
> the problem is still there).
>
>
>
> We usually recommend the first approach, but in some situations, 2nd one
> might be an option too.
>
>
>
>
>
> On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Jinmei,
>
>
>
> Is there any way to encrypt password in security.json file with Geode
> 1.1.1? I tried below but it did not work for me,
>
>
>
> "users": [
>
> {
>
> "name": "admin",
>
> "password": "encrypted(0859A0F6C68B9785)",
>
> "roles": ["ADMIN"]
>
> …
>
> },
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Wednesday, June 07, 2017 11:26 AM
> *To:* 'user@geode.apache.org'; 'jiliao@pivotal.io'
> *Subject:* RE: FW: ExampleSecurityManager in Apache geode
>
>
>
> Thanks Jinmei for quick reply!
>
>
>
> >> It did not work for me when I used [*--classpath]* and [*--security-properties-file]
> *even though my classpath contains security.json file* [**That’s strange*
> *]*
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --*security-properties-file*=gfsecurity.properties --*classpath*=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
> >> It worked for me when I used --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin [*SUCCESS*]
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --J=-*Dgemfire.security-username*=admin --J=-*Dgemfire.security-password*=admin
> --*classpath*=C:\Users\GeodeWorkDir\locator2
>
> SUCCESS
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Jinmei Liao [mailto:jiliao@pivotal.io <ji...@pivotal.io>]
> *Sent:* Wednesday, June 07, 2017 11:12 AM
> *To:* user@geode.apache.org
> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>
>
>
> I tried using the SampleSecurityManager, and either one of the following
> command to start the 2nd locator is working: (I executed these commands
> while connected to the first locator, so I don't need to provide the
> --locators option, it knows which locator to join)
>
>
>
> 1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security
> --security-properties-file=locator2.properties
>
> // locator2.properties only contains "security-username" and
> "security-password" properties.
>
>
>
> 2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334]
> --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin
>
>
>
>
>
> I suspect that the reason one of your commands did not work is because of
> the locator2 can't find a security.json in its classpath, not because you
> did not provide the username/password. One of the complication of using our
> SampleSecurityManager is that it will need a security.json in it's
> classpath which complicates the issue. We should have a simpler security
> manager in the sample that's easier for users to experiment with.
>
>
>
>
>
>
>
> On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> I am able to start server with –user and –password to join existing secure
> locator. But I am not able to start another locator to join the existing
> secure locator. Could someone guide me here?
>
>
>
> start locator --name=locator1 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
>
>
> SUCCESS
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties
> [gfsecurity.properties ---- security-username=clusteruser
> security-password=****]
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
>
>
> *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart*
>
> *INFO: locator is exiting due to an exception*
>
>
>
> *org.apache.geode.security.AuthenticationRequiredException: Failed to find
> credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>
>
>
> *Thanks & Regards,*
>
> *Dharam*
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Tuesday, June 06, 2017 3:41 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* RE: ExampleSecurityManager in Apache geode
>
>
>
> Thank you Nilkanth!
>
>
>
> Classpath worked!
>
>
>
> start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator1
>
> *security-json file location:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
> <ni...@gmail.com>]
> *Sent:* Tuesday, June 06, 2017 3:35 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> Try out something like bellow, "security.json" is kept into
> /work/code/oss/geode/locator1 dir.
>
>
>
> gfsh>start locator --name=/work/code/oss/geode/locator1
> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
> --classpath=/work/code/oss/geode/locator1
>
>
>
> Additional checks,
>
> 1. specify classpath while starting locator as shown in above command.
>
> 2. check the file permission for security.json.
>
>
>
> Nilkanth.
>
>
>
> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Nilkanth,
>
>
>
> Thanks for the reply! I tried below one but it’s still not taking
> security.json file. Do you suggest anything different?
>
>
>
> *My Current Directory:*
>
> C:\Users\GeodeWorkDir
>
>
>
> *Locator Directory:*
>
> C:\Users\GeodeWorkDir\locator1
>
>
>
> *security-json file location [Tried both locations]:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> C:\Users\GeodeWorkDir\security.json
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
>
>
> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
> *Sent:* Tuesday, June 06, 2017 3:07 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> I believe following will be helpful to you.
>
>
>
> IMO with the existing implementation, "security.json" file has to be kept
> in a locator/server directory. In your case you need to be keep it in a
> locator director (l1) and should work.
>
>
>
> Hope this helps.
>
>
>
> Nilkanth Patel.
>
>
>
> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Jinmei & Team,
>
>
>
> I was going through “New Security In Apache Geode” video. I also tried to
> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
> below,
>
>
>
> *locator.proprties*
>
>
>
> mcast-port=0
>
> security-manager=org.apache.geode.examples.security.ExampleSecurityManager
>
> security-post-processor=org.apache.geode.examples.
> security.ExamplePostProcessor
>
>
>
> > dir
>
> locator.properties
>
> security.json
>
> security-config.jar
>
>
>
> My security-config.jar has following structure,
>
> --- resources -> security.json
>
> --- META-INF -> MANIFEST.MF
>
>
>
> Could you guide me with below error?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>
> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>
>
>
> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
> failOnStart
>
> INFO: locator is exiting due to an exception
>
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.in
> it(ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.in
> it(ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Thanks & Regards,
>
> Dharam
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
>
>
> --
>
> Cheers
>
>
>
> Jinmei
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
>
>
> --
>
> Cheers
>
>
>
> Jinmei
>
>
>
>
>
> --
>
> -John
>
> john.blum10101 (skype)
>
>
>
>
>
>
>
> --
>
> -John
>
> john.blum10101 (skype)
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
--
*Mark Secrist | Sr Manager, **Global Education Delivery*
msecrist@pivotal.io
970.214.4567 Mobile
*pivotal.io <http://www.pivotal.io/>*
Follow Us: Twitter <http://www.twitter.com/pivotal> | LinkedIn
<http://www.linkedin.com/company/pivotalsoftware> | Facebook
<http://www.facebook.com/pivotalsoftware> | YouTube
<http://www.youtube.com/gopivotal> | Google+
<https://plus.google.com/105320112436428794490>
RE: FW: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Hi Team,
Any update on this?
I tried hard with both of options but no luck! Appreciate if you can verify at your end and suggest some alternative.
Option1: security.json along with ExampleSecurityManager
This works fine from gfsh to start secure locator as expected. But it fails from spring-data-geode with below exception to bootstrap server using spring data geode!
I tried every possible way to inform that security.json is in classpath [src/main/resources/security.json] ! :) [-Dloader.path or -Dspring.config.location or -Dsecurity-json=security.json or java -cp option]
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'CacheServer': Cannot resolve reference to bean 'geodeCache' while setting bean property 'cache'; nested exception is org.springframework.beans
.factory.BeanCreationException: Error creating bean with name 'geodeCache': FactoryBean threw exception on object creation; nested exception is org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unabl
e to find json resource "security.json" as specified by [security-json].
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1531) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1276) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:742) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:866) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:542) ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:314) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1162) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at org.springframework.boot.SpringApplication.run(SpringApplication.java:1151) [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
at com.example.MyServer.main(MyServer.java:11) [classes!/:0.0.1-SNAPSHOT]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_102]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_102]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_102]
at java.lang.reflect.Method.invoke(Method.java:498) ~[na:1.8.0_102]
at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.Launcher.launch(Launcher.java:50) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
at org.springframework.boot.loader.PropertiesLauncher.main(PropertiesLauncher.java:557) [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'geodeCache': FactoryBean threw exception on object creation; nested exception is org.apache.geode.security.AuthenticationFailedExce
ption: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:175) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:103) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getObjectForBeanInstance(AbstractBeanFactory.java:1634) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
... 26 common frames omitted
Caused by: org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178) ~[geode-core-1.1.1.jar!/:na]
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218) ~[geode-core-1.1.1.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.createCache(CacheFactoryBean.java:354) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.resolveCache(CacheFactoryBean.java:248) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.init(CacheFactoryBean.java:189) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.getObject(CacheFactoryBean.java:175) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.data.gemfire.CacheFactoryBean.getObject(CacheFactoryBean.java:87) ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168) ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
... 31 common frames omitted
Option2: shiro.ini
As mentioned in below thread, it works fine with spring-data-geode but fails from gfsh for secure locator
Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Friday, June 09, 2017 9:51 AM
To: user@geode.apache.org
Subject: Re: FW: ExampleSecurityManager in Apache geode
Hi,
Thanks John for reference links! I gave a try using security-shiro-init property in locator.properties.
But it's not able to find out Apache commons library even after giving all classpath references.
Am I missing anything?
gfsh>start locator --name=locator1 --properties-file=locator1.properties --classpath=/home/dharam/Downloads/apache-geode/locator1:lib
gfsh>start locator --name=locator1 --properties-file=locator1.properties --classpath=/home/dharam/Downloads/apache-geode/locator1:./lib/*
Exception :
Starting a Geode Locator in /home/dharam/Downloads/apache-geode/locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in /home/dharam/Downloads/apache-geode/locator1 for full details.
Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Thanks,
- Dharam Thacker
Sent with BlackBerry Work (www.blackberry.com<http://www.blackberry.com>)
________________________________
From: John Blum <jb...@pivotal.io>>
Sent: Jun 8, 2017 10:55 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
Hi Dharam-
I admit, I have not actually used Apache Shiro to secure a Locator yet. I cannot think of any reason off the top of my head why this would not work.
Apache Geode has a security property to specify an Apache Shiro INI file...
security-shiro-init
The support in Spring Data Geode makes this brain dead simple to do [1].
Most of the decision making about which Security Provider will be used in Apache Geode's Integrated Security Framework is done here [2]. SDG is aware of this, and using the Annotations, makes the appropriate decision based on the configuration.
Also +1 to Udo's comment.
-John
[1] https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSecurity.java#L107-L113
[2] https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java#L286-L334
On Thu, Jun 8, 2017 at 10:12 AM, Udo Kohlmeyer <uk...@pivotal.io>> wrote:
In addition to this, Jinmei's #2 can be easily achieved using a KMIP like HashiCorp Vault. https://www.vaultproject.io/
On 6/8/17 09:51, John Blum wrote:
Dharam-
... or use Apache Shiro, which provides tooling [1] to handle securing credentials [2]. Shiro also handles encryption [3]. Although it is not well spelled in the Apache Geode documentation [4], Apache Geode does integrate with Apache Shiro for security as well.
As any FYI, in Spring Data Geode, I provided first-class support for Apache Geode when using Apache Shiro. I blogged about this [5] (see section starting with "Security!").
So, my recommendation, in addition to Jinmei's option #1 below, is to use Apache Shiro over implementing your own Apache Geode SecurityManager interface.
Hope this helps!
-John
[1] https://shiro.apache.org/command-line-hasher.html
[2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
[3] https://shiro.apache.org/cryptography-features.html
[4] http://geode.apache.org/docs/guide/11/managing/security/chapter_overview.html
[5] https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released
On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io>> wrote:
SampleSecurityManager doesn't do encryption/decryption. It's meant only as an example.
There are multiple ways to protect your password:
1) read-protect your security.json so that only a certain user can read it.
2) implement your own security-manager to decrypt the password using a secret key. (but here again you will need to find a way to protect this key in your corporation. In my opinion, it's simply changing the subject, but the problem is still there).
We usually recommend the first approach, but in some situations, 2nd one might be an option too.
On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei,
Is there any way to encrypt password in security.json file with Geode 1.1.1? I tried below but it did not work for me,
"users": [
{
"name": "admin",
"password": "encrypted(0859A0F6C68B9785)",
"roles": ["ADMIN"]
...
},
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Wednesday, June 07, 2017 11:26 AM
To: 'user@geode.apache.org<ma...@geode.apache.org>'; 'jiliao@pivotal.io<ma...@pivotal.io>'
Subject: RE: FW: ExampleSecurityManager in Apache geode
Thanks Jinmei for quick reply!
>> It did not work for me when I used [--classpath] and [--security-properties-file] even though my classpath contains security.json file [That's strange]
start locator -name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
>> It worked for me when I used --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin [SUCCESS]
start locator -name=locator2 --locators=localhost[10334],localhost[10335] --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin --classpath=C:\Users\GeodeWorkDir\locator2
SUCCESS
Thanks & Regards,
Dharam
From: Jinmei Liao [mailto:jiliao@pivotal.io]
Sent: Wednesday, June 07, 2017 11:12 AM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
I tried using the SampleSecurityManager, and either one of the following command to start the 2nd locator is working: (I executed these commands while connected to the first locator, so I don't need to provide the --locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security --security-properties-file=locator2.properties
// locator2.properties only contains "security-username" and "security-password" properties.
2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin
I suspect that the reason one of your commands did not work is because of the locator2 can't find a security.json in its classpath, not because you did not provide the username/password. One of the complication of using our SampleSecurityManager is that it will need a security.json in it's classpath which complicates the issue. We should have a simpler security manager in the sample that's easier for users to experiment with.
On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
I am able to start server with -user and -password to join existing secure locator. But I am not able to start another locator to join the existing secure locator. Could someone guide me here?
start locator --name=locator1 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
SUCCESS
start locator -name=locator2 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
start locator -name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties [gfsecurity.properties ---- security-username=clusteruser security-password=****]
FAILED
start locator -name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Tuesday, June 06, 2017 3:41 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: RE: ExampleSecurityManager in Apache geode
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it's still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through "New Security In Apache Geode" video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.ge<http://org.apache.ge>ode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.in<http://rity.ExampleSecurityManager.in>it(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.in<http://rity.ExampleSecurityManager.in>it(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
--
-John
john.blum10101 (skype)
--
-John
john.blum10101 (skype)
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: FW: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Hi,
Thanks John for reference links! I gave a try using security-shiro-init property in locator.properties.
But it's not able to find out Apache commons library even after giving all classpath references.
Am I missing anything?
gfsh>start locator --name=locator1 --properties-file=locator1.properties --classpath=/home/dharam/Downloads/apache-geode/locator1:lib
gfsh>start locator --name=locator1 --properties-file=locator1.properties --classpath=/home/dharam/Downloads/apache-geode/locator1:./lib/*
Exception :
Starting a Geode Locator in /home/dharam/Downloads/apache-geode/locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in /home/dharam/Downloads/apache-geode/locator1 for full details.
Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:702)
at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(ReflectionBuilder.java:364)
at org.apache.shiro.config.ReflectionBuilder.applyProperty(ReflectionBuilder.java:325)
at org.apache.shiro.config.ReflectionBuilder$AssignmentStatement.doExecute(ReflectionBuilder.java:955)
at org.apache.shiro.config.ReflectionBuilder$Statement.execute(ReflectionBuilder.java:887)
at org.apache.shiro.config.ReflectionBuilder$BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
at org.apache.shiro.config.ReflectionBuilder.buildObjects(ReflectionBuilder.java:260)
at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(IniSecurityManagerFactory.java:167)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:130)
at org.apache.shiro.config.IniSecurityManagerFactory.createSecurityManager(IniSecurityManagerFactory.java:108)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:94)
at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(IniSecurityManagerFactory.java:46)
at org.apache.shiro.config.IniFactorySupport.createInstance(IniFactorySupport.java:123)
at org.apache.shiro.util.AbstractFactory.getInstance(AbstractFactory.java:47)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:322)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.beanutils.PropertyUtil at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
... 28 more
Thanks,
- Dharam Thacker
Sent with BlackBerry Work (www.blackberry.com)
________________________________
From: John Blum <jb...@pivotal.io>
Sent: Jun 8, 2017 10:55 PM
To: user@geode.apache.org
Subject: Re: FW: ExampleSecurityManager in Apache geode
Hi Dharam-
I admit, I have not actually used Apache Shiro to secure a Locator yet. I cannot think of any reason off the top of my head why this would not work.
Apache Geode has a security property to specify an Apache Shiro INI file...
security-shiro-init
The support in Spring Data Geode makes this brain dead simple to do [1].
Most of the decision making about which Security Provider will be used in Apache Geode's Integrated Security Framework is done here [2]. SDG is aware of this, and using the Annotations, makes the appropriate decision based on the configuration.
Also +1 to Udo's comment.
-John
[1] https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSecurity.java#L107-L113
[2] https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java#L286-L334
On Thu, Jun 8, 2017 at 10:12 AM, Udo Kohlmeyer <uk...@pivotal.io>> wrote:
In addition to this, Jinmei's #2 can be easily achieved using a KMIP like HashiCorp Vault. https://www.vaultproject.io/
On 6/8/17 09:51, John Blum wrote:
Dharam-
... or use Apache Shiro, which provides tooling [1] to handle securing credentials [2]. Shiro also handles encryption [3]. Although it is not well spelled in the Apache Geode documentation [4], Apache Geode does integrate with Apache Shiro for security as well.
As any FYI, in Spring Data Geode, I provided first-class support for Apache Geode when using Apache Shiro. I blogged about this [5] (see section starting with "Security!").
So, my recommendation, in addition to Jinmei's option #1 below, is to use Apache Shiro over implementing your own Apache Geode SecurityManager interface.
Hope this helps!
-John
[1] https://shiro.apache.org/command-line-hasher.html
[2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
[3] https://shiro.apache.org/cryptography-features.html
[4] http://geode.apache.org/docs/guide/11/managing/security/chapter_overview.html
[5] https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released
On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io>> wrote:
SampleSecurityManager doesn't do encryption/decryption. It's meant only as an example.
There are multiple ways to protect your password:
1) read-protect your security.json so that only a certain user can read it.
2) implement your own security-manager to decrypt the password using a secret key. (but here again you will need to find a way to protect this key in your corporation. In my opinion, it's simply changing the subject, but the problem is still there).
We usually recommend the first approach, but in some situations, 2nd one might be an option too.
On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei,
Is there any way to encrypt password in security.json file with Geode 1.1.1? I tried below but it did not work for me,
"users": [
{
"name": "admin",
"password": "encrypted(0859A0F6C68B9785)",
"roles": ["ADMIN"]
…
},
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Wednesday, June 07, 2017 11:26 AM
To: 'user@geode.apache.org<ma...@geode.apache.org>'; 'jiliao@pivotal.io<ma...@pivotal.io>'
Subject: RE: FW: ExampleSecurityManager in Apache geode
Thanks Jinmei for quick reply!
>> It did not work for me when I used [--classpath] and [--security-properties-file] even though my classpath contains security.json file [That’s strange]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
>> It worked for me when I used --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin [SUCCESS]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin --classpath=C:\Users\GeodeWorkDir\locator2
SUCCESS
Thanks & Regards,
Dharam
From: Jinmei Liao [mailto:jiliao@pivotal.io]
Sent: Wednesday, June 07, 2017 11:12 AM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
I tried using the SampleSecurityManager, and either one of the following command to start the 2nd locator is working: (I executed these commands while connected to the first locator, so I don't need to provide the --locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security --security-properties-file=locator2.properties
// locator2.properties only contains "security-username" and "security-password" properties.
2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin
I suspect that the reason one of your commands did not work is because of the locator2 can't find a security.json in its classpath, not because you did not provide the username/password. One of the complication of using our SampleSecurityManager is that it will need a security.json in it's classpath which complicates the issue. We should have a simpler security manager in the sample that's easier for users to experiment with.
On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
I am able to start server with –user and –password to join existing secure locator. But I am not able to start another locator to join the existing secure locator. Could someone guide me here?
start locator --name=locator1 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
SUCCESS
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties [gfsecurity.properties ---- security-username=clusteruser security-password=****]
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Tuesday, June 06, 2017 3:41 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: RE: ExampleSecurityManager in Apache geode
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.ge<http://org.apache.ge>ode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.in<http://rity.ExampleSecurityManager.in>it(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.in<http://rity.ExampleSecurityManager.in>it(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
--
-John
john.blum10101 (skype)
--
-John
john.blum10101 (skype)
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: FW: ExampleSecurityManager in Apache geode
Posted by John Blum <jb...@pivotal.io>.
Hi Dharam-
I admit, I have not actually used Apache Shiro to secure a Locator yet. I
cannot think of any reason off the top of my head why this would not work.
Apache Geode has a security property to specify an Apache Shiro INI file...
security-shiro-init
The support in *Spring Data Geode* makes this brain dead simple to do [1].
Most of the decision making about which Security Provider will be used in
Apache Geode's Integrated Security Framework is done here [2]. SDG is
aware of this, and using the Annotations, makes the appropriate decision
based on the configuration.
Also +1 to *Udo's* comment.
-John
[1]
https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableSecurity.java#L107-L113
[2]
https://github.com/apache/geode/blob/develop/geode-core/src/main/java/org/apache/geode/internal/security/IntegratedSecurityService.java#L286-L334
On Thu, Jun 8, 2017 at 10:12 AM, Udo Kohlmeyer <uk...@pivotal.io>
wrote:
> In addition to this, Jinmei's #2 can be easily achieved using a KMIP like
> HashiCorp Vault. https://www.vaultproject.io/
>
> On 6/8/17 09:51, John Blum wrote:
>
> Dharam-
>
> ... or use *Apache Shiro*, which provides tooling [1] to handle securing
> credentials [2]. Shiro also handles encryption [3]. Although it is not
> well spelled in the Apache Geode documentation [4], Apache Geode does
> integrate with Apache Shiro for security as well.
>
> As any FYI, in *Spring Data Geode*, I provided first-class support for
> Apache Geode when using Apache Shiro. I blogged about this [5] (see
> section starting with "Security!").
>
> So, my recommendation, in addition to Jinmei's option #1 below, is to use
> Apache Shiro over implementing your own Apache Geode SecurityManager
> interface.
>
> Hope this helps!
>
> -John
>
>
> [1] https://shiro.apache.org/command-line-hasher.html
> [2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
> [3] https://shiro.apache.org/cryptography-features.html
> [4] http://geode.apache.org/docs/guide/11/managing/
> security/chapter_overview.html
> [5] https://spring.io/blog/2016/11/10/spring-data-geode-
> 1-0-0-incubating-release-released
>
>
> On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io> wrote:
>
>> SampleSecurityManager doesn't do encryption/decryption. It's meant only
>> as an example.
>>
>> There are multiple ways to protect your password:
>> 1) read-protect your security.json so that only a certain user can read
>> it.
>> 2) implement your own security-manager to decrypt the password using a
>> secret key. (but here again you will need to find a way to protect this key
>> in your corporation. In my opinion, it's simply changing the subject, but
>> the problem is still there).
>>
>> We usually recommend the first approach, but in some situations, 2nd one
>> might be an option too.
>>
>>
>> On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>>> Hi Jinmei,
>>>
>>>
>>>
>>> Is there any way to encrypt password in security.json file with Geode
>>> 1.1.1? I tried below but it did not work for me,
>>>
>>>
>>>
>>> "users": [
>>>
>>> {
>>>
>>> "name": "admin",
>>>
>>> "password": "encrypted(0859A0F6C68B9785)",
>>>
>>> "roles": ["ADMIN"]
>>>
>>> …
>>>
>>> },
>>>
>>>
>>>
>>> Thanks & Regards,
>>>
>>> Dharam
>>>
>>>
>>>
>>> *From:* Thacker, Dharam
>>> *Sent:* Wednesday, June 07, 2017 11:26 AM
>>> *To:* 'user@geode.apache.org'; 'jiliao@pivotal.io'
>>> *Subject:* RE: FW: ExampleSecurityManager in Apache geode
>>>
>>>
>>>
>>> Thanks Jinmei for quick reply!
>>>
>>>
>>>
>>> >> It did not work for me when I used [*--classpath]* and [*--security-properties-file]
>>> *even though my classpath contains security.json file* [**That’s
>>> strange**]*
>>>
>>>
>>>
>>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>>> --*security-properties-file*=gfsecurity.properties --*classpath*
>>> =C:\Users\GeodeWorkDir\locator2
>>>
>>> FAILED
>>>
>>>
>>>
>>> >> It worked for me when I used --J=-Dgemfire.security-username=admin
>>> --J=-Dgemfire.security-password=admin [*SUCCESS*]
>>>
>>>
>>>
>>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>>> --J=-*Dgemfire.security-username*=admin --J=-
>>> *Dgemfire.security-password*=admin --*classpath*=C:\Users\GeodeWor
>>> kDir\locator2
>>>
>>> SUCCESS
>>>
>>>
>>>
>>> Thanks & Regards,
>>>
>>> Dharam
>>>
>>>
>>>
>>> *From:* Jinmei Liao [mailto:jiliao@pivotal.io <ji...@pivotal.io>]
>>> *Sent:* Wednesday, June 07, 2017 11:12 AM
>>> *To:* user@geode.apache.org
>>> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>>>
>>>
>>>
>>> I tried using the SampleSecurityManager, and either one of the following
>>> command to start the 2nd locator is working: (I executed these commands
>>> while connected to the first locator, so I don't need to provide the
>>> --locators option, it knows which locator to join)
>>>
>>>
>>>
>>> 1> start locator --name=locator2 --port=10335
>>> --classpath=/Users/jiliao/my_geode/security
>>> --security-properties-file=locator2.properties
>>>
>>> // locator2.properties only contains "security-username" and
>>> "security-password" properties.
>>>
>>>
>>>
>>> 2> start locator --name=locator2 --port=10335
>>> --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/
>>> --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-passwor
>>> d=admin
>>>
>>>
>>>
>>>
>>>
>>> I suspect that the reason one of your commands did not work is because
>>> of the locator2 can't find a security.json in its classpath, not because
>>> you did not provide the username/password. One of the complication of using
>>> our SampleSecurityManager is that it will need a security.json in it's
>>> classpath which complicates the issue. We should have a simpler security
>>> manager in the sample that's easier for users to experiment with.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <
>>> dharam.thacker@jpmorgan.com> wrote:
>>>
>>> I am able to start server with –user and –password to join existing
>>> secure locator. But I am not able to start another locator to join the
>>> existing secure locator. Could someone guide me here?
>>>
>>>
>>>
>>> start locator --name=locator1 --locators=localhost[10334],localhost[10335]
>>> --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
>>>
>>>
>>> SUCCESS
>>>
>>>
>>>
>>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>>> --properties-file=locator.properties --classpath=C:\Users\GeodeWork
>>> Dir\locator2
>>>
>>> FAILED
>>>
>>>
>>>
>>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>>> --security-properties-file=gfsecurity.properties
>>> [gfsecurity.properties ---- security-username=clusteruser
>>> security-password=****]
>>>
>>> FAILED
>>>
>>>
>>>
>>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>>> --security-properties-file=gfsecurity.properties
>>> --classpath=C:\Users\GeodeWorkDir\locator2
>>>
>>> FAILED
>>>
>>>
>>>
>>>
>>>
>>> *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher
>>> failOnStart*
>>>
>>> *INFO: locator is exiting due to an exception*
>>>
>>>
>>>
>>> *org.apache.geode.security.AuthenticationRequiredException: Failed to
>>> find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>>>
>>> * at
>>> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>>>
>>> * at
>>> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>>>
>>> * at
>>> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>>>
>>> * at
>>> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>>>
>>> * at
>>> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>>>
>>>
>>>
>>> *Thanks & Regards,*
>>>
>>> *Dharam*
>>>
>>>
>>>
>>> *From:* Thacker, Dharam
>>> *Sent:* Tuesday, June 06, 2017 3:41 PM
>>> *To:* user@geode.apache.org
>>> *Cc:* jiliao@pivotal.io
>>> *Subject:* RE: ExampleSecurityManager in Apache geode
>>>
>>>
>>>
>>> Thank you Nilkanth!
>>>
>>>
>>>
>>> Classpath worked!
>>>
>>>
>>>
>>> start locator --name=locator1 --properties-file=locator.properties
>>> --classpath=C:\Users\GeodeWorkDir\locator1
>>>
>>> *security-json file location:*
>>>
>>> C:\Users\GeodeWorkDir\locator1\security.json
>>>
>>> Thanks & Regards,
>>>
>>> Dharam
>>>
>>>
>>>
>>> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
>>> <ni...@gmail.com>]
>>> *Sent:* Tuesday, June 06, 2017 3:35 PM
>>> *To:* user@geode.apache.org
>>> *Cc:* jiliao@pivotal.io
>>> *Subject:* Re: ExampleSecurityManager in Apache geode
>>>
>>>
>>>
>>> Dharam,
>>>
>>>
>>>
>>> Try out something like bellow, "security.json" is kept into
>>> /work/code/oss/geode/locator1 dir.
>>>
>>>
>>>
>>> gfsh>start locator --name=/work/code/oss/geode/locator1
>>> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
>>> --classpath=/work/code/oss/geode/locator1
>>>
>>>
>>>
>>> Additional checks,
>>>
>>> 1. specify classpath while starting locator as shown in above command.
>>>
>>> 2. check the file permission for security.json.
>>>
>>>
>>>
>>> Nilkanth.
>>>
>>>
>>>
>>> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <
>>> dharam.thacker@jpmorgan.com> wrote:
>>>
>>> Hi Nilkanth,
>>>
>>>
>>>
>>> Thanks for the reply! I tried below one but it’s still not taking
>>> security.json file. Do you suggest anything different?
>>>
>>>
>>>
>>> *My Current Directory:*
>>>
>>> C:\Users\GeodeWorkDir
>>>
>>>
>>>
>>> *Locator Directory:*
>>>
>>> C:\Users\GeodeWorkDir\locator1
>>>
>>>
>>>
>>> *security-json file location [Tried both locations]:*
>>>
>>> C:\Users\GeodeWorkDir\locator1\security.json
>>>
>>> C:\Users\GeodeWorkDir\security.json
>>>
>>>
>>>
>>> Thanks & Regards,
>>>
>>> Dharam
>>>
>>>
>>>
>>>
>>>
>>> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
>>> *Sent:* Tuesday, June 06, 2017 3:07 PM
>>> *To:* user@geode.apache.org
>>> *Cc:* jiliao@pivotal.io
>>> *Subject:* Re: ExampleSecurityManager in Apache geode
>>>
>>>
>>>
>>> Dharam,
>>>
>>>
>>>
>>> I believe following will be helpful to you.
>>>
>>>
>>>
>>> IMO with the existing implementation, "security.json" file has to be
>>> kept in a locator/server directory. In your case you need to be keep it in
>>> a locator director (l1) and should work.
>>>
>>>
>>>
>>> Hope this helps.
>>>
>>>
>>>
>>> Nilkanth Patel.
>>>
>>>
>>>
>>> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
>>> dharam.thacker@jpmorgan.com> wrote:
>>>
>>> Hi Jinmei & Team,
>>>
>>>
>>>
>>> I was going through “New Security In Apache Geode” video. I also tried
>>> to start locator with ExampleSecurityManager and ExamplePostProcessor as
>>> shown below,
>>>
>>>
>>>
>>> *locator.proprties*
>>>
>>>
>>>
>>> mcast-port=0
>>>
>>> security-manager=org.apache.geode.examples.security.ExampleS
>>> ecurityManager
>>>
>>> security-post-processor=org.apache.geode.examples.security.E
>>> xamplePostProcessor
>>>
>>>
>>>
>>> > dir
>>>
>>> locator.properties
>>>
>>> security.json
>>>
>>> security-config.jar
>>>
>>>
>>>
>>> My security-config.jar has following structure,
>>>
>>> --- resources -> security.json
>>>
>>> --- META-INF -> MANIFEST.MF
>>>
>>>
>>>
>>> Could you guide me with below error?
>>>
>>>
>>>
>>> gfsh>start locator --name=locator1 --properties-file=locator.properties
>>> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>>>
>>> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>>>
>>> The Locator process terminated unexpectedly with exit status 1. Please
>>> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>>>
>>>
>>>
>>> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
>>> failOnStart
>>>
>>> INFO: locator is exiting due to an exception
>>>
>>> org.apache.geode.security.AuthenticationFailedException:
>>> ExampleSecurityManager: unable to find json resource "security.json" as
>>> specified by [security-json].
>>>
>>> at org.apache.geode.examples.security.ExampleSecurityManager.in
>>> it(ExampleSecurityManager.java:132)
>>>
>>> at org.apache.geode.internal.security.IntegratedSecurityService
>>> .initSecurity(IntegratedSecurityService.java:332)
>>>
>>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>>> GemFireCacheImpl.java:1208)
>>>
>>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>>> (GemFireCacheImpl.java:798)
>>>
>>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>>> ireCacheImpl.java:783)
>>>
>>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>>>
>>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startC
>>> ache(InternalLocator.java:767)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startD
>>> istributedSystem(InternalLocator.java:752)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startL
>>> ocator(InternalLocator.java:357)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startL
>>> ocator(InternalLocator.java:315)
>>>
>>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>>> uncher.java:630)
>>>
>>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>>> cher.java:532)
>>>
>>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>>> ncher.java:174)
>>>
>>>
>>>
>>> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
>>> ExampleSecurityManager: unable to find json resource "security.json" as
>>> specified by [security-json].
>>>
>>> at org.apache.geode.examples.security.ExampleSecurityManager.in
>>> it(ExampleSecurityManager.java:132)
>>>
>>> at org.apache.geode.internal.security.IntegratedSecurityService
>>> .initSecurity(IntegratedSecurityService.java:332)
>>>
>>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>>> GemFireCacheImpl.java:1208)
>>>
>>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>>> (GemFireCacheImpl.java:798)
>>>
>>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>>> ireCacheImpl.java:783)
>>>
>>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>>>
>>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startC
>>> ache(InternalLocator.java:767)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startD
>>> istributedSystem(InternalLocator.java:752)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startL
>>> ocator(InternalLocator.java:357)
>>>
>>> at org.apache.geode.distributed.internal.InternalLocator.startL
>>> ocator(InternalLocator.java:315)
>>>
>>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>>> uncher.java:630)
>>>
>>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>>> cher.java:532)
>>>
>>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>>> ncher.java:174)
>>>
>>>
>>>
>>> Thanks & Regards,
>>>
>>> Dharam
>>>
>>> This message is confidential and subject to terms at: http://
>>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>>> privilege, viruses and monitoring of electronic messages. If you are not
>>> the intended recipient, please delete this message and notify the sender
>>> immediately. Any unauthorized use is strictly prohibited.
>>>
>>>
>>>
>>> This message is confidential and subject to terms at: http://
>>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>>> privilege, viruses and monitoring of electronic messages. If you are not
>>> the intended recipient, please delete this message and notify the sender
>>> immediately. Any unauthorized use is strictly prohibited.
>>>
>>>
>>>
>>> This message is confidential and subject to terms at: http://
>>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>>> privilege, viruses and monitoring of electronic messages. If you are not
>>> the intended recipient, please delete this message and notify the sender
>>> immediately. Any unauthorized use is strictly prohibited.
>>>
>>> This message is confidential and subject to terms at: http://
>>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>>> privilege, viruses and monitoring of electronic messages. If you are not
>>> the intended recipient, please delete this message and notify the sender
>>> immediately. Any unauthorized use is strictly prohibited.
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Cheers
>>>
>>>
>>>
>>> Jinmei
>>>
>>> This message is confidential and subject to terms at: http://
>>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>>> privilege, viruses and monitoring of electronic messages. If you are not
>>> the intended recipient, please delete this message and notify the sender
>>> immediately. Any unauthorized use is strictly prohibited.
>>>
>>
>>
>>
>> --
>> Cheers
>>
>> Jinmei
>>
>
>
>
> --
> -John
> john.blum10101 (skype)
>
>
>
--
-John
john.blum10101 (skype)
Re: FW: ExampleSecurityManager in Apache geode
Posted by Udo Kohlmeyer <uk...@pivotal.io>.
In addition to this, Jinmei's #2 can be easily achieved using a KMIP
like HashiCorp Vault. https://www.vaultproject.io/
On 6/8/17 09:51, John Blum wrote:
> Dharam-
>
> ... or use *Apache Shiro*, which provides tooling [1] to handle
> securing credentials [2]. Shiro also handles encryption [3].
> Although it is not well spelled in the Apache Geode documentation [4],
> Apache Geode does integrate with Apache Shiro for security as well.
>
> As any FYI, in /Spring Data Geode/, I provided first-class support for
> Apache Geode when using Apache Shiro. I blogged about this [5] (see
> section starting with "Security!").
>
> So, my recommendation, in addition to Jinmei's option #1 below, is to
> use Apache Shiro over implementing your own Apache Geode
> SecurityManager interface.
>
> Hope this helps!
>
> -John
>
>
> [1] https://shiro.apache.org/command-line-hasher.html
> [2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
> [3] https://shiro.apache.org/cryptography-features.html
> [4]
> http://geode.apache.org/docs/guide/11/managing/security/chapter_overview.html
> [5]
> https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released
>
>
> On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <jiliao@pivotal.io
> <ma...@pivotal.io>> wrote:
>
> SampleSecurityManager doesn't do encryption/decryption. It's meant
> only as an example.
>
> There are multiple ways to protect your password:
> 1) read-protect your security.json so that only a certain user can
> read it.
> 2) implement your own security-manager to decrypt the password
> using a secret key. (but here again you will need to find a way to
> protect this key in your corporation. In my opinion, it's simply
> changing the subject, but the problem is still there).
>
> We usually recommend the first approach, but in some situations,
> 2nd one might be an option too.
>
>
> On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam
> <dharam.thacker@jpmorgan.com <ma...@jpmorgan.com>>
> wrote:
>
> Hi Jinmei,
>
> Is there any way to encrypt password in security.json file
> with Geode 1.1.1? I tried below but it did not work for me,
>
> "users": [
>
> {
>
> "name": "admin",
>
> "password": "encrypted(0859A0F6C68B9785)",
>
> "roles": ["ADMIN"]
>
> …
>
> },
>
> Thanks & Regards,
>
> Dharam
>
> *From:*Thacker, Dharam
> *Sent:* Wednesday, June 07, 2017 11:26 AM
> *To:* 'user@geode.apache.org <ma...@geode.apache.org>';
> 'jiliao@pivotal.io <ma...@pivotal.io>'
> *Subject:* RE: FW: ExampleSecurityManager in Apache geode
>
> Thanks Jinmei for quick reply!
>
> >> It did not work for me when I used [*--classpath]* and
> [*--security-properties-file] *even though my classpath
> contains security.json file*[**That’s strange**]*
>
> start locator –name=locator2
> --locators=localhost[10334],localhost[10335]
> --*security-properties-file*=gfsecurity.properties
> --*classpath*=C:\Users\GeodeWorkDir\locator2
>
> FAILED
>
> >> It worked for me when I used
> --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin[*SUCCESS*]
>
> start locator –name=locator2
> --locators=localhost[10334],localhost[10335]
> --J=-*Dgemfire.security-username*=admin
> --J=-*Dgemfire.security-password*=admin
> --*classpath*=C:\Users\GeodeWorkDir\locator2
>
> SUCCESS
>
> Thanks & Regards,
>
> Dharam
>
> **
>
> *From:*Jinmei Liao [mailto:jiliao@pivotal.io]
> *Sent:* Wednesday, June 07, 2017 11:12 AM
> *To:* user@geode.apache.org <ma...@geode.apache.org>
> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>
> I tried using the SampleSecurityManager, and either one of the
> following command to start the 2nd locator is working: (I
> executed these commands while connected to the first locator,
> so I don't need to provide the --locators option, it knows
> which locator to join)
>
> 1> start locator --name=locator2 --port=10335
> --classpath=/Users/jiliao/my_geode/security
> --security-properties-file=locator2.properties
>
> // locator2.properties only contains "security-username" and
> "security-password" properties.
>
> 2> start locator --name=locator2 --port=10335
> --locators=jiliao-mbpro.lan[10334]
> --classpath=/Users/jiliao/my_geode/security/
> --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin
>
> I suspect that the reason one of your commands did not work is
> because of the locator2 can't find a security.json in its
> classpath, not because you did not provide the
> username/password. One of the complication of using our
> SampleSecurityManager is that it will need a security.json in
> it's classpath which complicates the issue. We should have a
> simpler security manager in the sample that's easier for users
> to experiment with.
>
> On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam
> <dharam.thacker@jpmorgan.com
> <ma...@jpmorgan.com>> wrote:
>
> I am able to start server with –user and –password to join
> existing secure locator. But I am not able to start another
> locator to join the existing secure locator. Could someone
> guide me here?
>
> start locator --name=locator1
> --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator1
>
> SUCCESS
>
> start locator –name=locator2
> --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator2
>
> FAILED
>
> start locator –name=locator2
> --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties
> [gfsecurity.properties ----
> security-username=clusteruser security-password=****]
>
> FAILED
>
> start locator –name=locator2
> --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties
> --classpath=C:\Users\GeodeWorkDir\locator2
>
> FAILED
>
> **
>
> **
>
> *Jun 07, 2017 10:27:06 AM
> org.apache.geode.distributed.LocatorLauncher failOnStart*
>
> *INFO: locator is exiting due to an exception*
>
> **
>
> *org.apache.geode.security.AuthenticationRequiredException:
> Failed to find credentials from
> [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>
> *at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>
> *at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>
> *at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>
> *at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>
> *at
> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>
> **
>
> *Thanks & Regards,*
>
> *Dharam*
>
> **
>
> *From:*Thacker, Dharam
> *Sent:* Tuesday, June 06, 2017 3:41 PM
> *To:* user@geode.apache.org <ma...@geode.apache.org>
> *Cc:* jiliao@pivotal.io <ma...@pivotal.io>
> *Subject:* RE: ExampleSecurityManager in Apache geode
>
> Thank you Nilkanth!
>
> Classpath worked!
>
> start locator --name=locator1
> --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator1
>
> *_security-json file location:_*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> Thanks & Regards,
>
> Dharam
>
> *From:*Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
> <ma...@gmail.com>]
> *Sent:* Tuesday, June 06, 2017 3:35 PM
> *To:* user@geode.apache.org <ma...@geode.apache.org>
> *Cc:* jiliao@pivotal.io <ma...@pivotal.io>
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
> Dharam,
>
> Try out something like bellow, "security.json" is kept into
> /work/code/oss/geode/locator1 dir.
>
> gfsh>start locator --name=/work/code/oss/geode/locator1
> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
> --classpath=/work/code/oss/geode/locator1
>
> Additional checks,
>
> 1. specify classpath while starting locator as shown in above
> command.
>
> 2. check the file permission for security.json.
>
> Nilkanth.
>
> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam
> <dharam.thacker@jpmorgan.com
> <ma...@jpmorgan.com>> wrote:
>
> Hi Nilkanth,
>
> Thanks for the reply! I tried below one but it’s still not
> taking security.json file. Do you suggest anything different?
>
> *_My Current Directory:_*
>
> C:\Users\GeodeWorkDir
>
> *_Locator Directory:_*
>
> C:\Users\GeodeWorkDir\locator1
>
> *_security-json file location [Tried both locations]:_*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> C:\Users\GeodeWorkDir\security.json
>
> Thanks & Regards,
>
> Dharam
>
> **
>
> **
>
> *From:*Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
> <ma...@gmail.com>]
> *Sent:* Tuesday, June 06, 2017 3:07 PM
> *To:* user@geode.apache.org <ma...@geode.apache.org>
> *Cc:* jiliao@pivotal.io <ma...@pivotal.io>
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
> Dharam,
>
> I believe following will be helpful to you.
>
> IMO with the existing implementation, "security.json" file
> has to be kept in a locator/server directory. In your case you
> need to be keep it in a locator director (l1) and should work.
>
> Hope this helps.
>
> Nilkanth Patel.
>
> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam
> <dharam.thacker@jpmorgan.com
> <ma...@jpmorgan.com>> wrote:
>
> Hi Jinmei & Team,
>
> I was going through “New Security In Apache Geode” video. I
> also tried to start locator with ExampleSecurityManager and
> ExamplePostProcessor as shown below,
>
> *_locator.proprties_*
>
> mcast-port=0
>
> security-manager=org.apache.ge
> <http://org.apache.ge>ode.examples.security.ExampleSecurityManager
>
> security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
>
> > dir
>
> locator.properties
>
> security.json
>
> security-config.jar
>
> My security-config.jar has following structure,
>
> --- resources -> security.json
>
> --- META-INF -> MANIFEST.MF
>
> Could you guide me with below error?
>
> gfsh>start locator --name=locator1
> --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>
> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>
> The Locator process terminated unexpectedly with exit status
> 1. Please refer to the log file in
> C:\Users\GeodeWorkDir\locator1 for full details.
>
> Jun 06, 2017 2:19:50 PM
> org.apache.geode.distributed.LocatorLauncher failOnStart
>
> INFO: locator is exiting due to an exception
>
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource
> "security.json" as specified by [security-json].
>
> at
> org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
>
> at
> org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
>
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
>
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
>
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
>
> at
> org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at
> org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
>
> at
> org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
>
> at
> org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
>
> at
> org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
>
> Exception in thread "main"
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource
> "security.json" as specified by [security-json].
>
> at
> org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
>
> at
> org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
>
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
>
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
>
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
>
> at
> org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at
> org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
>
> at
> org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
>
> at
> org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
>
> at
> org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
>
> at
> org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
>
> Thanks & Regards,
>
> Dharam
>
> This message is confidential and subject to terms at:
> http://www.jpmorgan.com/emaildisclaimer
> <http://www.jpmorgan.com/emaildisclaimer> including on
> confidentiality, legal privilege, viruses and monitoring of
> electronic messages. If you are not the intended recipient,
> please delete this message and notify the sender immediately.
> Any unauthorized use is strictly prohibited.
>
> This message is confidential and subject to terms at:
> http://www.jpmorgan.com/emaildisclaimer
> <http://www.jpmorgan.com/emaildisclaimer> including on
> confidentiality, legal privilege, viruses and monitoring of
> electronic messages. If you are not the intended recipient,
> please delete this message and notify the sender immediately.
> Any unauthorized use is strictly prohibited.
>
> This message is confidential and subject to terms at:
> http://www.jpmorgan.com/emaildisclaimer
> <http://www.jpmorgan.com/emaildisclaimer> including on
> confidentiality, legal privilege, viruses and monitoring of
> electronic messages. If you are not the intended recipient,
> please delete this message and notify the sender immediately.
> Any unauthorized use is strictly prohibited.
>
> This message is confidential and subject to terms at:
> http://www.jpmorgan.com/emaildisclaimer
> <http://www.jpmorgan.com/emaildisclaimer> including on
> confidentiality, legal privilege, viruses and monitoring of
> electronic messages. If you are not the intended recipient,
> please delete this message and notify the sender immediately.
> Any unauthorized use is strictly prohibited.
>
>
>
> --
>
> Cheers
>
> Jinmei
>
> This message is confidential and subject to terms at:
> http://www.jpmorgan.com/emaildisclaimer
> <http://www.jpmorgan.com/emaildisclaimer> including on
> confidentiality, legal privilege, viruses and monitoring of
> electronic messages. If you are not the intended recipient,
> please delete this message and notify the sender immediately.
> Any unauthorized use is strictly prohibited.
>
>
>
>
> --
> Cheers
>
> Jinmei
>
>
>
>
> --
> -John
> john.blum10101 (skype)
Re: FW: ExampleSecurityManager in Apache geode
Posted by John Blum <jb...@pivotal.io>.
Dharam-
... or use *Apache Shiro*, which provides tooling [1] to handle securing
credentials [2]. Shiro also handles encryption [3]. Although it is not
well spelled in the Apache Geode documentation [4], Apache Geode does
integrate with Apache Shiro for security as well.
As any FYI, in *Spring Data Geode*, I provided first-class support for
Apache Geode when using Apache Shiro. I blogged about this [5] (see
section starting with "Security!").
So, my recommendation, in addition to Jinmei's option #1 below, is to use
Apache Shiro over implementing your own Apache Geode SecurityManager
interface.
Hope this helps!
-John
[1] https://shiro.apache.org/command-line-hasher.html
[2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
[3] https://shiro.apache.org/cryptography-features.html
[4]
http://geode.apache.org/docs/guide/11/managing/security/chapter_overview.html
[5]
https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released
On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <ji...@pivotal.io> wrote:
> SampleSecurityManager doesn't do encryption/decryption. It's meant only as
> an example.
>
> There are multiple ways to protect your password:
> 1) read-protect your security.json so that only a certain user can read it.
> 2) implement your own security-manager to decrypt the password using a
> secret key. (but here again you will need to find a way to protect this key
> in your corporation. In my opinion, it's simply changing the subject, but
> the problem is still there).
>
> We usually recommend the first approach, but in some situations, 2nd one
> might be an option too.
>
>
> On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
>> Hi Jinmei,
>>
>>
>>
>> Is there any way to encrypt password in security.json file with Geode
>> 1.1.1? I tried below but it did not work for me,
>>
>>
>>
>> "users": [
>>
>> {
>>
>> "name": "admin",
>>
>> "password": "encrypted(0859A0F6C68B9785)",
>>
>> "roles": ["ADMIN"]
>>
>> …
>>
>> },
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>> *From:* Thacker, Dharam
>> *Sent:* Wednesday, June 07, 2017 11:26 AM
>> *To:* 'user@geode.apache.org'; 'jiliao@pivotal.io'
>> *Subject:* RE: FW: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Thanks Jinmei for quick reply!
>>
>>
>>
>> >> It did not work for me when I used [*--classpath]* and [*--security-properties-file]
>> *even though my classpath contains security.json file* [**That’s strange*
>> *]*
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --*security-properties-file*=gfsecurity.properties --*classpath*
>> =C:\Users\GeodeWorkDir\locator2
>>
>> FAILED
>>
>>
>>
>> >> It worked for me when I used --J=-Dgemfire.security-username=admin
>> --J=-Dgemfire.security-password=admin [*SUCCESS*]
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --J=-*Dgemfire.security-username*=admin --J=-*Dgemfire.security-password*=admin
>> --*classpath*=C:\Users\GeodeWorkDir\locator2
>>
>> SUCCESS
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>> *From:* Jinmei Liao [mailto:jiliao@pivotal.io <ji...@pivotal.io>]
>> *Sent:* Wednesday, June 07, 2017 11:12 AM
>> *To:* user@geode.apache.org
>> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>>
>>
>>
>> I tried using the SampleSecurityManager, and either one of the following
>> command to start the 2nd locator is working: (I executed these commands
>> while connected to the first locator, so I don't need to provide the
>> --locators option, it knows which locator to join)
>>
>>
>>
>> 1> start locator --name=locator2 --port=10335
>> --classpath=/Users/jiliao/my_geode/security
>> --security-properties-file=locator2.properties
>>
>> // locator2.properties only contains "security-username" and
>> "security-password" properties.
>>
>>
>>
>> 2> start locator --name=locator2 --port=10335
>> --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/
>> --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-passwor
>> d=admin
>>
>>
>>
>>
>>
>> I suspect that the reason one of your commands did not work is because of
>> the locator2 can't find a security.json in its classpath, not because you
>> did not provide the username/password. One of the complication of using our
>> SampleSecurityManager is that it will need a security.json in it's
>> classpath which complicates the issue. We should have a simpler security
>> manager in the sample that's easier for users to experiment with.
>>
>>
>>
>>
>>
>>
>>
>> On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>> I am able to start server with –user and –password to join existing
>> secure locator. But I am not able to start another locator to join the
>> existing secure locator. Could someone guide me here?
>>
>>
>>
>> start locator --name=locator1 --locators=localhost[10334],localhost[10335]
>> --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
>>
>>
>> SUCCESS
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --properties-file=locator.properties --classpath=C:\Users\GeodeWork
>> Dir\locator2
>>
>> FAILED
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --security-properties-file=gfsecurity.properties
>> [gfsecurity.properties ---- security-username=clusteruser
>> security-password=****]
>>
>> FAILED
>>
>>
>>
>> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
>> --security-properties-file=gfsecurity.properties
>> --classpath=C:\Users\GeodeWorkDir\locator2
>>
>> FAILED
>>
>>
>>
>>
>>
>> *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher
>> failOnStart*
>>
>> *INFO: locator is exiting due to an exception*
>>
>>
>>
>> *org.apache.geode.security.AuthenticationRequiredException: Failed to
>> find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>>
>> * at
>> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>>
>>
>>
>> *Thanks & Regards,*
>>
>> *Dharam*
>>
>>
>>
>> *From:* Thacker, Dharam
>> *Sent:* Tuesday, June 06, 2017 3:41 PM
>> *To:* user@geode.apache.org
>> *Cc:* jiliao@pivotal.io
>> *Subject:* RE: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Thank you Nilkanth!
>>
>>
>>
>> Classpath worked!
>>
>>
>>
>> start locator --name=locator1 --properties-file=locator.properties
>> --classpath=C:\Users\GeodeWorkDir\locator1
>>
>> *security-json file location:*
>>
>> C:\Users\GeodeWorkDir\locator1\security.json
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
>> <ni...@gmail.com>]
>> *Sent:* Tuesday, June 06, 2017 3:35 PM
>> *To:* user@geode.apache.org
>> *Cc:* jiliao@pivotal.io
>> *Subject:* Re: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Dharam,
>>
>>
>>
>> Try out something like bellow, "security.json" is kept into
>> /work/code/oss/geode/locator1 dir.
>>
>>
>>
>> gfsh>start locator --name=/work/code/oss/geode/locator1
>> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
>> --classpath=/work/code/oss/geode/locator1
>>
>>
>>
>> Additional checks,
>>
>> 1. specify classpath while starting locator as shown in above command.
>>
>> 2. check the file permission for security.json.
>>
>>
>>
>> Nilkanth.
>>
>>
>>
>> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>> Hi Nilkanth,
>>
>>
>>
>> Thanks for the reply! I tried below one but it’s still not taking
>> security.json file. Do you suggest anything different?
>>
>>
>>
>> *My Current Directory:*
>>
>> C:\Users\GeodeWorkDir
>>
>>
>>
>> *Locator Directory:*
>>
>> C:\Users\GeodeWorkDir\locator1
>>
>>
>>
>> *security-json file location [Tried both locations]:*
>>
>> C:\Users\GeodeWorkDir\locator1\security.json
>>
>> C:\Users\GeodeWorkDir\security.json
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>>
>>
>>
>>
>> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
>> *Sent:* Tuesday, June 06, 2017 3:07 PM
>> *To:* user@geode.apache.org
>> *Cc:* jiliao@pivotal.io
>> *Subject:* Re: ExampleSecurityManager in Apache geode
>>
>>
>>
>> Dharam,
>>
>>
>>
>> I believe following will be helpful to you.
>>
>>
>>
>> IMO with the existing implementation, "security.json" file has to be
>> kept in a locator/server directory. In your case you need to be keep it in
>> a locator director (l1) and should work.
>>
>>
>>
>> Hope this helps.
>>
>>
>>
>> Nilkanth Patel.
>>
>>
>>
>> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
>> dharam.thacker@jpmorgan.com> wrote:
>>
>> Hi Jinmei & Team,
>>
>>
>>
>> I was going through “New Security In Apache Geode” video. I also tried to
>> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
>> below,
>>
>>
>>
>> *locator.proprties*
>>
>>
>>
>> mcast-port=0
>>
>> security-manager=org.apache.geode.examples.security.ExampleS
>> ecurityManager
>>
>> security-post-processor=org.apache.geode.examples.security.
>> ExamplePostProcessor
>>
>>
>>
>> > dir
>>
>> locator.properties
>>
>> security.json
>>
>> security-config.jar
>>
>>
>>
>> My security-config.jar has following structure,
>>
>> --- resources -> security.json
>>
>> --- META-INF -> MANIFEST.MF
>>
>>
>>
>> Could you guide me with below error?
>>
>>
>>
>> gfsh>start locator --name=locator1 --properties-file=locator.properties
>> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>>
>> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>>
>> The Locator process terminated unexpectedly with exit status 1. Please
>> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>>
>>
>>
>> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
>> failOnStart
>>
>> INFO: locator is exiting due to an exception
>>
>> org.apache.geode.security.AuthenticationFailedException:
>> ExampleSecurityManager: unable to find json resource "security.json" as
>> specified by [security-json].
>>
>> at org.apache.geode.examples.security.ExampleSecurityManager.
>> init(ExampleSecurityManager.java:132)
>>
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:332)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>>
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>>
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>>
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>>
>>
>>
>> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
>> ExampleSecurityManager: unable to find json resource "security.json" as
>> specified by [security-json].
>>
>> at org.apache.geode.examples.security.ExampleSecurityManager.
>> init(ExampleSecurityManager.java:132)
>>
>> at org.apache.geode.internal.security.IntegratedSecurityService
>> .initSecurity(IntegratedSecurityService.java:332)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(
>> GemFireCacheImpl.java:1208)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate
>> (GemFireCacheImpl.java:798)
>>
>> at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemF
>> ireCacheImpl.java:783)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>>
>> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startC
>> ache(InternalLocator.java:767)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startD
>> istributedSystem(InternalLocator.java:752)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:357)
>>
>> at org.apache.geode.distributed.internal.InternalLocator.startL
>> ocator(InternalLocator.java:315)
>>
>> at org.apache.geode.distributed.LocatorLauncher.start(LocatorLa
>> uncher.java:630)
>>
>> at org.apache.geode.distributed.LocatorLauncher.run(LocatorLaun
>> cher.java:532)
>>
>> at org.apache.geode.distributed.LocatorLauncher.main(LocatorLau
>> ncher.java:174)
>>
>>
>>
>> Thanks & Regards,
>>
>> Dharam
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>>
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>>
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>>
>>
>>
>>
>> --
>>
>> Cheers
>>
>>
>>
>> Jinmei
>>
>> This message is confidential and subject to terms at: http://
>> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
>> privilege, viruses and monitoring of electronic messages. If you are not
>> the intended recipient, please delete this message and notify the sender
>> immediately. Any unauthorized use is strictly prohibited.
>>
>
>
>
> --
> Cheers
>
> Jinmei
>
--
-John
john.blum10101 (skype)
Re: FW: ExampleSecurityManager in Apache geode
Posted by Jinmei Liao <ji...@pivotal.io>.
SampleSecurityManager doesn't do encryption/decryption. It's meant only as
an example.
There are multiple ways to protect your password:
1) read-protect your security.json so that only a certain user can read it.
2) implement your own security-manager to decrypt the password using a
secret key. (but here again you will need to find a way to protect this key
in your corporation. In my opinion, it's simply changing the subject, but
the problem is still there).
We usually recommend the first approach, but in some situations, 2nd one
might be an option too.
On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <dharam.thacker@jpmorgan.com
> wrote:
> Hi Jinmei,
>
>
>
> Is there any way to encrypt password in security.json file with Geode
> 1.1.1? I tried below but it did not work for me,
>
>
>
> "users": [
>
> {
>
> "name": "admin",
>
> "password": "encrypted(0859A0F6C68B9785)",
>
> "roles": ["ADMIN"]
>
> …
>
> },
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Wednesday, June 07, 2017 11:26 AM
> *To:* 'user@geode.apache.org'; 'jiliao@pivotal.io'
> *Subject:* RE: FW: ExampleSecurityManager in Apache geode
>
>
>
> Thanks Jinmei for quick reply!
>
>
>
> >> It did not work for me when I used [*--classpath]* and [*--security-properties-file]
> *even though my classpath contains security.json file* [**That’s strange*
> *]*
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --*security-properties-file*=gfsecurity.properties --*classpath*=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
> >> It worked for me when I used --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin [*SUCCESS*]
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --J=-*Dgemfire.security-username*=admin --J=-*Dgemfire.security-password*=admin
> --*classpath*=C:\Users\GeodeWorkDir\locator2
>
> SUCCESS
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Jinmei Liao [mailto:jiliao@pivotal.io <ji...@pivotal.io>]
> *Sent:* Wednesday, June 07, 2017 11:12 AM
> *To:* user@geode.apache.org
> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>
>
>
> I tried using the SampleSecurityManager, and either one of the following
> command to start the 2nd locator is working: (I executed these commands
> while connected to the first locator, so I don't need to provide the
> --locators option, it knows which locator to join)
>
>
>
> 1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security
> --security-properties-file=locator2.properties
>
> // locator2.properties only contains "security-username" and
> "security-password" properties.
>
>
>
> 2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334]
> --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin
>
>
>
>
>
> I suspect that the reason one of your commands did not work is because of
> the locator2 can't find a security.json in its classpath, not because you
> did not provide the username/password. One of the complication of using our
> SampleSecurityManager is that it will need a security.json in it's
> classpath which complicates the issue. We should have a simpler security
> manager in the sample that's easier for users to experiment with.
>
>
>
>
>
>
>
> On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> I am able to start server with –user and –password to join existing secure
> locator. But I am not able to start another locator to join the existing
> secure locator. Could someone guide me here?
>
>
>
> start locator --name=locator1 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
>
>
> SUCCESS
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties
> [gfsecurity.properties ---- security-username=clusteruser
> security-password=****]
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
>
>
> *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart*
>
> *INFO: locator is exiting due to an exception*
>
>
>
> *org.apache.geode.security.AuthenticationRequiredException: Failed to find
> credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>
>
>
> *Thanks & Regards,*
>
> *Dharam*
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Tuesday, June 06, 2017 3:41 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* RE: ExampleSecurityManager in Apache geode
>
>
>
> Thank you Nilkanth!
>
>
>
> Classpath worked!
>
>
>
> start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator1
>
> *security-json file location:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
> <ni...@gmail.com>]
> *Sent:* Tuesday, June 06, 2017 3:35 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> Try out something like bellow, "security.json" is kept into
> /work/code/oss/geode/locator1 dir.
>
>
>
> gfsh>start locator --name=/work/code/oss/geode/locator1
> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
> --classpath=/work/code/oss/geode/locator1
>
>
>
> Additional checks,
>
> 1. specify classpath while starting locator as shown in above command.
>
> 2. check the file permission for security.json.
>
>
>
> Nilkanth.
>
>
>
> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Nilkanth,
>
>
>
> Thanks for the reply! I tried below one but it’s still not taking
> security.json file. Do you suggest anything different?
>
>
>
> *My Current Directory:*
>
> C:\Users\GeodeWorkDir
>
>
>
> *Locator Directory:*
>
> C:\Users\GeodeWorkDir\locator1
>
>
>
> *security-json file location [Tried both locations]:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> C:\Users\GeodeWorkDir\security.json
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
>
>
> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
> *Sent:* Tuesday, June 06, 2017 3:07 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> I believe following will be helpful to you.
>
>
>
> IMO with the existing implementation, "security.json" file has to be kept
> in a locator/server directory. In your case you need to be keep it in a
> locator director (l1) and should work.
>
>
>
> Hope this helps.
>
>
>
> Nilkanth Patel.
>
>
>
> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Jinmei & Team,
>
>
>
> I was going through “New Security In Apache Geode” video. I also tried to
> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
> below,
>
>
>
> *locator.proprties*
>
>
>
> mcast-port=0
>
> security-manager=org.apache.geode.examples.security.ExampleSecurityManager
>
> security-post-processor=org.apache.geode.examples.
> security.ExamplePostProcessor
>
>
>
> > dir
>
> locator.properties
>
> security.json
>
> security-config.jar
>
>
>
> My security-config.jar has following structure,
>
> --- resources -> security.json
>
> --- META-INF -> MANIFEST.MF
>
>
>
> Could you guide me with below error?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>
> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>
>
>
> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
> failOnStart
>
> INFO: locator is exiting due to an exception
>
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Thanks & Regards,
>
> Dharam
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
>
>
> --
>
> Cheers
>
>
>
> Jinmei
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
--
Cheers
Jinmei
RE: FW: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Hi Jinmei,
Is there any way to encrypt password in security.json file with Geode 1.1.1? I tried below but it did not work for me,
"users": [
{
"name": "admin",
"password": "encrypted(0859A0F6C68B9785)",
"roles": ["ADMIN"]
…
},
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Wednesday, June 07, 2017 11:26 AM
To: 'user@geode.apache.org'; 'jiliao@pivotal.io'
Subject: RE: FW: ExampleSecurityManager in Apache geode
Thanks Jinmei for quick reply!
>> It did not work for me when I used [--classpath] and [--security-properties-file] even though my classpath contains security.json file [That’s strange]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
>> It worked for me when I used --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin [SUCCESS]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin --classpath=C:\Users\GeodeWorkDir\locator2
SUCCESS
Thanks & Regards,
Dharam
From: Jinmei Liao [mailto:jiliao@pivotal.io]
Sent: Wednesday, June 07, 2017 11:12 AM
To: user@geode.apache.org<ma...@geode.apache.org>
Subject: Re: FW: ExampleSecurityManager in Apache geode
I tried using the SampleSecurityManager, and either one of the following command to start the 2nd locator is working: (I executed these commands while connected to the first locator, so I don't need to provide the --locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security --security-properties-file=locator2.properties
// locator2.properties only contains "security-username" and "security-password" properties.
2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin
I suspect that the reason one of your commands did not work is because of the locator2 can't find a security.json in its classpath, not because you did not provide the username/password. One of the complication of using our SampleSecurityManager is that it will need a security.json in it's classpath which complicates the issue. We should have a simpler security manager in the sample that's easier for users to experiment with.
On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
I am able to start server with –user and –password to join existing secure locator. But I am not able to start another locator to join the existing secure locator. Could someone guide me here?
start locator --name=locator1 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
SUCCESS
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties [gfsecurity.properties ---- security-username=clusteruser security-password=****]
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Tuesday, June 06, 2017 3:41 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: RE: ExampleSecurityManager in Apache geode
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.geode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
RE: FW: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Thanks Jinmei for quick reply!
>> It did not work for me when I used [--classpath] and [--security-properties-file] even though my classpath contains security.json file [That’s strange]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
>> It worked for me when I used --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin [SUCCESS]
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin --classpath=C:\Users\GeodeWorkDir\locator2
SUCCESS
Thanks & Regards,
Dharam
From: Jinmei Liao [mailto:jiliao@pivotal.io]
Sent: Wednesday, June 07, 2017 11:12 AM
To: user@geode.apache.org
Subject: Re: FW: ExampleSecurityManager in Apache geode
I tried using the SampleSecurityManager, and either one of the following command to start the 2nd locator is working: (I executed these commands while connected to the first locator, so I don't need to provide the --locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security --security-properties-file=locator2.properties
// locator2.properties only contains "security-username" and "security-password" properties.
2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin
I suspect that the reason one of your commands did not work is because of the locator2 can't find a security.json in its classpath, not because you did not provide the username/password. One of the complication of using our SampleSecurityManager is that it will need a security.json in it's classpath which complicates the issue. We should have a simpler security manager in the sample that's easier for users to experiment with.
On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
I am able to start server with –user and –password to join existing secure locator. But I am not able to start another locator to join the existing secure locator. Could someone guide me here?
start locator --name=locator1 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
SUCCESS
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties [gfsecurity.properties ---- security-username=clusteruser security-password=****]
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Tuesday, June 06, 2017 3:41 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: RE: ExampleSecurityManager in Apache geode
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.geode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
--
Cheers
Jinmei
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: FW: ExampleSecurityManager in Apache geode
Posted by Jinmei Liao <ji...@pivotal.io>.
I tried using the SampleSecurityManager, and either one of the following
command to start the 2nd locator is working: (I executed these commands
while connected to the first locator, so I don't need to provide the
--locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335
--classpath=/Users/jiliao/my_geode/security
--security-properties-file=locator2.properties
// locator2.properties only contains "security-username" and
"security-password" properties.
2> start locator --name=locator2 --port=10335
--locators=jiliao-mbpro.lan[10334]
--classpath=/Users/jiliao/my_geode/security/
--J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin
I suspect that the reason one of your commands did not work is because of
the locator2 can't find a security.json in its classpath, not because you
did not provide the username/password. One of the complication of using our
SampleSecurityManager is that it will need a security.json in it's
classpath which complicates the issue. We should have a simpler security
manager in the sample that's easier for users to experiment with.
On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <
dharam.thacker@jpmorgan.com> wrote:
> I am able to start server with –user and –password to join existing secure
> locator. But I am not able to start another locator to join the existing
> secure locator. Could someone guide me here?
>
>
>
> start locator --name=locator1 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
>
>
> SUCCESS
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties
> [gfsecurity.properties ---- security-username=clusteruser
> security-password=****]
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
>
>
> *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart*
>
> *INFO: locator is exiting due to an exception*
>
>
>
> *org.apache.geode.security.AuthenticationRequiredException: Failed to find
> credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>
>
>
> *Thanks & Regards,*
>
> *Dharam*
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Tuesday, June 06, 2017 3:41 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* RE: ExampleSecurityManager in Apache geode
>
>
>
> Thank you Nilkanth!
>
>
>
> Classpath worked!
>
>
>
> start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator1
>
> *security-json file location:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com
> <ni...@gmail.com>]
> *Sent:* Tuesday, June 06, 2017 3:35 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> Try out something like bellow, "security.json" is kept into
> /work/code/oss/geode/locator1 dir.
>
>
>
> gfsh>start locator --name=/work/code/oss/geode/locator1
> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
> --classpath=/work/code/oss/geode/locator1
>
>
>
> Additional checks,
>
> 1. specify classpath while starting locator as shown in above command.
>
> 2. check the file permission for security.json.
>
>
>
> Nilkanth.
>
>
>
> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Nilkanth,
>
>
>
> Thanks for the reply! I tried below one but it’s still not taking
> security.json file. Do you suggest anything different?
>
>
>
> *My Current Directory:*
>
> C:\Users\GeodeWorkDir
>
>
>
> *Locator Directory:*
>
> C:\Users\GeodeWorkDir\locator1
>
>
>
> *security-json file location [Tried both locations]:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> C:\Users\GeodeWorkDir\security.json
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
>
>
> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
> *Sent:* Tuesday, June 06, 2017 3:07 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> I believe following will be helpful to you.
>
>
>
> IMO with the existing implementation, "security.json" file has to be kept
> in a locator/server directory. In your case you need to be keep it in a
> locator director (l1) and should work.
>
>
>
> Hope this helps.
>
>
>
> Nilkanth Patel.
>
>
>
> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Jinmei & Team,
>
>
>
> I was going through “New Security In Apache Geode” video. I also tried to
> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
> below,
>
>
>
> *locator.proprties*
>
>
>
> mcast-port=0
>
> security-manager=org.apache.geode.examples.security.ExampleSecurityManager
>
> security-post-processor=org.apache.geode.examples.
> security.ExamplePostProcessor
>
>
>
> > dir
>
> locator.properties
>
> security.json
>
> security-config.jar
>
>
>
> My security-config.jar has following structure,
>
> --- resources -> security.json
>
> --- META-INF -> MANIFEST.MF
>
>
>
> Could you guide me with below error?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>
> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>
>
>
> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
> failOnStart
>
> INFO: locator is exiting due to an exception
>
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Thanks & Regards,
>
> Dharam
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
--
Cheers
Jinmei
FW: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
I am able to start server with –user and –password to join existing secure locator. But I am not able to start another locator to join the existing secure locator. Could someone guide me here?
start locator --name=locator1 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
SUCCESS
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties [gfsecurity.properties ---- security-username=clusteruser security-password=****]
FAILED
start locator –name=locator2 --locators=localhost[10334],localhost[10335] --security-properties-file=gfsecurity.properties --classpath=C:\Users\GeodeWorkDir\locator2
FAILED
Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)
at org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)
at org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)
at org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)
Thanks & Regards,
Dharam
From: Thacker, Dharam
Sent: Tuesday, June 06, 2017 3:41 PM
To: user@geode.apache.org
Cc: jiliao@pivotal.io
Subject: RE: ExampleSecurityManager in Apache geode
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.geode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
RE: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Thank you Nilkanth!
Classpath worked!
start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\locator1
security-json file location:
C:\Users\GeodeWorkDir\locator1\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:35 PM
To: user@geode.apache.org
Cc: jiliao@pivotal.io
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
Try out something like bellow, "security.json" is kept into /work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1 --security-properties-file=/work/code/oss/geode/locator1/locator.properties --classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com<ma...@gmail.com>]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org<ma...@geode.apache.org>
Cc: jiliao@pivotal.io<ma...@pivotal.io>
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.geode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: ExampleSecurityManager in Apache geode
Posted by Nilkanth Patel <ni...@gmail.com>.
Dharam,
Try out something like bellow, "security.json" is kept into
/work/code/oss/geode/locator1 dir.
gfsh>start locator --name=/work/code/oss/geode/locator1
--security-properties-file=/work/code/oss/geode/locator1/locator.properties
--classpath=/work/code/oss/geode/locator1
Additional checks,
1. specify classpath while starting locator as shown in above command.
2. check the file permission for security.json.
Nilkanth.
On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <dharam.thacker@jpmorgan.com
> wrote:
> Hi Nilkanth,
>
>
>
> Thanks for the reply! I tried below one but it’s still not taking
> security.json file. Do you suggest anything different?
>
>
>
> *My Current Directory:*
>
> C:\Users\GeodeWorkDir
>
>
>
> *Locator Directory:*
>
> C:\Users\GeodeWorkDir\locator1
>
>
>
> *security-json file location [Tried both locations]:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> C:\Users\GeodeWorkDir\security.json
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
>
>
> *From:* Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
> *Sent:* Tuesday, June 06, 2017 3:07 PM
> *To:* user@geode.apache.org
> *Cc:* jiliao@pivotal.io
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> I believe following will be helpful to you.
>
>
>
> IMO with the existing implementation, "security.json" file has to be kept
> in a locator/server directory. In your case you need to be keep it in a
> locator director (l1) and should work.
>
>
>
> Hope this helps.
>
>
>
> Nilkanth Patel.
>
>
>
> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
> dharam.thacker@jpmorgan.com> wrote:
>
> Hi Jinmei & Team,
>
>
>
> I was going through “New Security In Apache Geode” video. I also tried to
> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
> below,
>
>
>
> *locator.proprties*
>
>
>
> mcast-port=0
>
> security-manager=org.apache.geode.examples.security.ExampleSecurityManager
>
> security-post-processor=org.apache.geode.examples.
> security.ExamplePostProcessor
>
>
>
> > dir
>
> locator.properties
>
> security.json
>
> security-config.jar
>
>
>
> My security-config.jar has following structure,
>
> --- resources -> security.json
>
> --- META-INF -> MANIFEST.MF
>
>
>
> Could you guide me with below error?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>
> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>
>
>
> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
> failOnStart
>
> INFO: locator is exiting due to an exception
>
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Thanks & Regards,
>
> Dharam
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
RE: ExampleSecurityManager in Apache geode
Posted by "Thacker, Dharam" <dh...@jpmorgan.com>.
Hi Nilkanth,
Thanks for the reply! I tried below one but it’s still not taking security.json file. Do you suggest anything different?
My Current Directory:
C:\Users\GeodeWorkDir
Locator Directory:
C:\Users\GeodeWorkDir\locator1
security-json file location [Tried both locations]:
C:\Users\GeodeWorkDir\locator1\security.json
C:\Users\GeodeWorkDir\security.json
Thanks & Regards,
Dharam
From: Nilkanth Patel [mailto:nilkanth.hpatel@gmail.com]
Sent: Tuesday, June 06, 2017 3:07 PM
To: user@geode.apache.org
Cc: jiliao@pivotal.io
Subject: Re: ExampleSecurityManager in Apache geode
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept in a locator/server directory. In your case you need to be keep it in a locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dh...@jpmorgan.com>> wrote:
Hi Jinmei & Team,
I was going through “New Security In Apache Geode” video. I also tried to start locator with ExampleSecurityManager and ExamplePostProcessor as shown below,
locator.proprties
mcast-port=0
security-manager=org.apache.geode.examples.security.ExampleSecurityManager
security-post-processor=org.apache.geode.examples.security.ExamplePostProcessor
> dir
locator.properties
security.json
security-config.jar
My security-config.jar has following structure,
--- resources -> security.json
--- META-INF -> MANIFEST.MF
Could you guide me with below error?
gfsh>start locator --name=locator1 --properties-file=locator.properties --classpath=C:\Users\GeodeWorkDir\security-config.jar
Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
The Locator process terminated unexpectedly with exit status 1. Please refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher failOnStart
INFO: locator is exiting due to an exception
org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Exception in thread "main" org.apache.geode.security.AuthenticationFailedException: ExampleSecurityManager: unable to find json resource "security.json" as specified by [security-json].
at org.apache.geode.examples.security.ExampleSecurityManager.init(ExampleSecurityManager.java:132)
at org.apache.geode.internal.security.IntegratedSecurityService.initSecurity(IntegratedSecurityService.java:332)
at org.apache.geode.internal.cache.GemFireCacheImpl.initialize(GemFireCacheImpl.java:1208)
at org.apache.geode.internal.cache.GemFireCacheImpl.basicCreate(GemFireCacheImpl.java:798)
at org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
at org.apache.geode.distributed.internal.InternalLocator.startCache(InternalLocator.java:767)
at org.apache.geode.distributed.internal.InternalLocator.startDistributedSystem(InternalLocator.java:752)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:357)
at org.apache.geode.distributed.internal.InternalLocator.startLocator(InternalLocator.java:315)
at org.apache.geode.distributed.LocatorLauncher.start(LocatorLauncher.java:630)
at org.apache.geode.distributed.LocatorLauncher.run(LocatorLauncher.java:532)
at org.apache.geode.distributed.LocatorLauncher.main(LocatorLauncher.java:174)
Thanks & Regards,
Dharam
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer<http://www.jpmorgan.com/emaildisclaimer> including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
This message is confidential and subject to terms at: http://www.jpmorgan.com/emaildisclaimer including on confidentiality, legal privilege, viruses and monitoring of electronic messages. If you are not the intended recipient, please delete this message and notify the sender immediately. Any unauthorized use is strictly prohibited.
Re: ExampleSecurityManager in Apache geode
Posted by Nilkanth Patel <ni...@gmail.com>.
Dharam,
I believe following will be helpful to you.
IMO with the existing implementation, "security.json" file has to be kept
in a locator/server directory. In your case you need to be keep it in a
locator director (l1) and should work.
Hope this helps.
Nilkanth Patel.
On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <dharam.thacker@jpmorgan.com
> wrote:
> Hi Jinmei & Team,
>
>
>
> I was going through “New Security In Apache Geode” video. I also tried to
> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
> below,
>
>
>
> *locator.proprties*
>
>
>
> mcast-port=0
>
> security-manager=org.apache.geode.examples.security.ExampleSecurityManager
>
> security-post-processor=org.apache.geode.examples.
> security.ExamplePostProcessor
>
>
>
> > dir
>
> locator.properties
>
> security.json
>
> security-config.jar
>
>
>
> My security-config.jar has following structure,
>
> --- resources -> security.json
>
> --- META-INF -> MANIFEST.MF
>
>
>
> Could you guide me with below error?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>
> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>
>
>
> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
> failOnStart
>
> INFO: locator is exiting due to an exception
>
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Exception in thread "main" org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Thanks & Regards,
>
> Dharam
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>