You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geode.apache.org by Tushar Khairnar <tu...@gmail.com> on 2015/08/07 17:35:27 UTC
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37209/
-----------------------------------------------------------
(Updated Aug. 7, 2015, 3:35 p.m.)
Review request for geode, Amogh Shetkar and Jens Deppe.
Summary (updated)
-----------------
GEODE-17 : Integrated Security Code Merge
Repository: geode
Description
-------
GEODE-77 : Integrated Security Code Merge
This is manual merge of code from int_security branch.
Testing done : JMX RMI-connector testing done from JConsole, Gfsh interactive testing with different roles. DUnits are not yet integrated into open.
Diffs
-----
gemfire-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java d25063c
gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java b7b2cd8
gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java 472959d
gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java 10094a9
gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b8dfeb3
gemfire-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java f5ae3e5
gemfire-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java 8ba07a2
gemfire-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java 59f6537
gemfire-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java f14d16c
gemfire-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java f0a0a79
gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java 3e5ba1a
gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b6c5219
gemfire-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java e53d50a
gemfire-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java 04fda7e
gemfire-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java e935fcd
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java 43bfe73
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java 74695ee
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java d8f6983
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java 2eb1318
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java 279fb45
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java 919d6fe
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java 9e60839
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java 4591b53
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java 4614ce7
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java 01910d6
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java d4134ad
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java 0d8c54a
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java d9d4bea
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java c978381
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java 302d7bb
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java 797f654
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java da8f11d
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java d236d81
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java 7b298d6
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java 80ba89e
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java 4bdab90
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java 5abd08a
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java a6d9abf
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java 864907b
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java 58040cd
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java 1926db5
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java e217045
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java b0198e4
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java 375cc27
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java d85ce65
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java 50942c1
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java 1851977
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java 4dc27e1
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceConstants.java 3f4d7cb
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java f149479
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java aa1c38c
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java 73ce926
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java 517d942
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java 6767ec1
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java 2df3432
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java de81543
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java 66d344f
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java 1e22bd9
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java 8ebed02
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java 8bd9d37
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java dac1271
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java 0dfbdbd
gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java a122339
gemfire-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java 89644f0
gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java ab9333d
gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java 44aef44
gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java 384493b
gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java f061240
gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/AbstractBaseController.java feed8c7
gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/BaseControllerAdvice.java 5ae88bc
gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/CommonCrudController.java ef52347
gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/FunctionAccessController.java 45d6f66
gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/PdxBasedCrudController.java 96551c6
gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/QueryAccessController.java b20c849
gemfire-web-api/src/main/webapp/WEB-INF/web.xml 554ef4b
Diff: https://reviews.apache.org/r/37209/diff/
Testing
-------
Thanks,
Tushar Khairnar
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
Posted by Tushar Khairnar <tu...@gmail.com>.
Hi Jacob,
Exactly. Initially I too had considered Spring Security (which provides
http complaint and pluggable way for authentication filters so that user
can choose). Even Pulse extensions for GEODE-17 are Spring Security based.
Neelkanth can provide more details why he felt Token based approach was
better.
regards,
Tushar
On Fri, Aug 7, 2015 at 10:09 PM, Jacob Barrett <jb...@pivotal.io> wrote:
> Performance vs. security should never be considered. Security trumps
> everything.
>
> We should adopt standards where available. We should use other open source
> libraries where applicable. As part of the Apache ecosystem now we need to
> look at Apache projects that may provide these capabilities. We rarely want
> to reinvent something, especially in security.
>
> -Jake
>
> —
> Jacob Barrett
> Manager
> GemFire Advanced Customer Engineering (ACE)
> Pivotal
>
> jbarrett@pivotal.io
> 503-533-3763
>
> For immediate support please contact Pivotal Support at
> http://support.pivotal.io/
>
>
>
> On Fri, Aug 7, 2015 at 9:28 AM, Anthony Baker <ab...@pivotal.io> wrote:
>
>> Am I missing something? Not verifying the integrity of a security token
>> creates a vulnerability, right?
>>
>> Have you quantified the performance impact of Spring Security?
>>
>> Anthony
>>
>> >
>> > Agreed. Initially I had spec'd it out based on Spring Security. But
>> Neelkanth felt token based approach is better for performance where we
>> check only for presence of Token but not its Integrity
>> >
>> >
>> > - Tushar
>> >
>>
>>
>
--
Regards,
Tushar Khairnar
Re: Review Request 37209: GEODE-17 : Integrated Security Code
Merge
Posted by Jacob Barrett <jb...@pivotal.io>.
Performance vs. security should never be considered. Security trumps everything.
We should adopt standards where available. We should use other open source libraries where applicable. As part of the Apache ecosystem now we need to look at Apache projects that may provide these capabilities. We rarely want to reinvent something, especially in security.
-Jake
—
Jacob Barrett
Manager
GemFire Advanced Customer Engineering (ACE)
Pivotal
jbarrett@pivotal.io
503-533-3763
For immediate support please contact Pivotal Support at http://support.pivotal.io/
On Fri, Aug 7, 2015 at 9:28 AM, Anthony Baker <ab...@pivotal.io> wrote:
> Am I missing something? Not verifying the integrity of a security token creates a vulnerability, right?
> Have you quantified the performance impact of Spring Security?
> Anthony
>>
>> Agreed. Initially I had spec'd it out based on Spring Security. But Neelkanth felt token based approach is better for performance where we check only for presence of Token but not its Integrity
>>
>>
>> - Tushar
>>
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
Posted by Anthony Baker <ab...@pivotal.io>.
Am I missing something? Not verifying the integrity of a security token creates a vulnerability, right?
Have you quantified the performance impact of Spring Security?
Anthony
>
> Agreed. Initially I had spec'd it out based on Spring Security. But Neelkanth felt token based approach is better for performance where we check only for presence of Token but not its Integrity
>
>
> - Tushar
>
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
Posted by Tushar Khairnar <tu...@gmail.com>.
> On Aug. 7, 2015, 3:48 p.m., Jens Deppe wrote:
> > I'm not sure if this comment should go here or elsewhere as it is more about the overall approach and not the actual code.
> >
> > Specifically with regard to securing the REST endpoint(s). My feeling is that we are being way too prescriptive about the protocol we are defining. Seeing that our REST endpoints are already based on Spring, we should rather be providing means to plug directly into the Spring Security flow so that customers can implement whatever protocol they want. Whether it's something custom or something better known like JWT.
> >
> > Remember that our API not only becomes the Java interfaces that a customer needs to implement, but (and possibly more importantly), the API exposed to clients. In addition, we're not providing any client implementations so every user is going to have to provide/write their own. I think this will be a significant barrier to using this new capability.
> >
> > The cons to this approach would be that it could be more work for the user to configure. One way to mitigate would be to provide a comprehensive reference implementation.
Agreed. Initially I had spec'd it out based on Spring Security. But Neelkanth felt token based approach is better for performance where we check only for presence of Token but not its Integrity
- Tushar
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37209/#review94552
-----------------------------------------------------------
On Aug. 7, 2015, 3:35 p.m., Tushar Khairnar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37209/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2015, 3:35 p.m.)
>
>
> Review request for geode, Amogh Shetkar and Jens Deppe.
>
>
> Repository: geode
>
>
> Description
> -------
>
> GEODE-77 : Integrated Security Code Merge
>
> This is manual merge of code from int_security branch.
>
> Testing done : JMX RMI-connector testing done from JConsole, Gfsh interactive testing with different roles. DUnits are not yet integrated into open.
>
>
> Diffs
> -----
>
> gemfire-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java d25063c
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java b7b2cd8
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java 472959d
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java 10094a9
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b8dfeb3
> gemfire-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java f5ae3e5
> gemfire-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java 8ba07a2
> gemfire-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java 59f6537
> gemfire-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java f14d16c
> gemfire-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java f0a0a79
> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java 3e5ba1a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b6c5219
> gemfire-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java e53d50a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java 04fda7e
> gemfire-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java e935fcd
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java 43bfe73
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java 74695ee
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java d8f6983
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java 2eb1318
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java 279fb45
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java 919d6fe
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java 9e60839
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java 4591b53
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java 4614ce7
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java 01910d6
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java d4134ad
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java 0d8c54a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java d9d4bea
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java c978381
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java 302d7bb
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java 797f654
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java da8f11d
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java d236d81
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java 7b298d6
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java 80ba89e
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java 4bdab90
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java 5abd08a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java a6d9abf
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java 864907b
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java 58040cd
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java 1926db5
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java e217045
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java b0198e4
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java 375cc27
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java d85ce65
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java 50942c1
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java 1851977
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java 4dc27e1
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceConstants.java 3f4d7cb
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java f149479
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java aa1c38c
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java 73ce926
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java 517d942
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java 6767ec1
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java 2df3432
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java de81543
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java 66d344f
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java 1e22bd9
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java 8ebed02
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java 8bd9d37
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java dac1271
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java 0dfbdbd
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java a122339
> gemfire-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java 89644f0
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java ab9333d
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java 44aef44
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java 384493b
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java f061240
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/AbstractBaseController.java feed8c7
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/BaseControllerAdvice.java 5ae88bc
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/CommonCrudController.java ef52347
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/FunctionAccessController.java 45d6f66
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/PdxBasedCrudController.java 96551c6
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/QueryAccessController.java b20c849
> gemfire-web-api/src/main/webapp/WEB-INF/web.xml 554ef4b
>
> Diff: https://reviews.apache.org/r/37209/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Tushar Khairnar
>
>
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
Posted by Jens Deppe <je...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/37209/#review94552
-----------------------------------------------------------
I'm not sure if this comment should go here or elsewhere as it is more about the overall approach and not the actual code.
Specifically with regard to securing the REST endpoint(s). My feeling is that we are being way too prescriptive about the protocol we are defining. Seeing that our REST endpoints are already based on Spring, we should rather be providing means to plug directly into the Spring Security flow so that customers can implement whatever protocol they want. Whether it's something custom or something better known like JWT.
Remember that our API not only becomes the Java interfaces that a customer needs to implement, but (and possibly more importantly), the API exposed to clients. In addition, we're not providing any client implementations so every user is going to have to provide/write their own. I think this will be a significant barrier to using this new capability.
The cons to this approach would be that it could be more work for the user to configure. One way to mitigate would be to provide a comprehensive reference implementation.
- Jens Deppe
On Aug. 7, 2015, 3:35 p.m., Tushar Khairnar wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37209/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2015, 3:35 p.m.)
>
>
> Review request for geode, Amogh Shetkar and Jens Deppe.
>
>
> Repository: geode
>
>
> Description
> -------
>
> GEODE-77 : Integrated Security Code Merge
>
> This is manual merge of code from int_security branch.
>
> Testing done : JMX RMI-connector testing done from JConsole, Gfsh interactive testing with different roles. DUnits are not yet integrated into open.
>
>
> Diffs
> -----
>
> gemfire-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java d25063c
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java b7b2cd8
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java 472959d
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java 10094a9
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java b8dfeb3
> gemfire-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java f5ae3e5
> gemfire-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java 8ba07a2
> gemfire-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java 59f6537
> gemfire-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java f14d16c
> gemfire-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java f0a0a79
> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java 3e5ba1a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java b6c5219
> gemfire-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java e53d50a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java 04fda7e
> gemfire-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java e935fcd
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java 43bfe73
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java 74695ee
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java d8f6983
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java 2eb1318
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java 279fb45
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java 919d6fe
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java 9e60839
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java 4591b53
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java 4614ce7
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java 01910d6
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java d4134ad
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java 0d8c54a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java d9d4bea
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java c978381
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java 302d7bb
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java 797f654
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java da8f11d
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java d236d81
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java 7b298d6
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java 80ba89e
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java 4bdab90
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java 5abd08a
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java a6d9abf
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java 864907b
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java 58040cd
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java 1926db5
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java e217045
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java b0198e4
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java 375cc27
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java d85ce65
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java 50942c1
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java 1851977
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java 4dc27e1
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceConstants.java 3f4d7cb
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java f149479
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java aa1c38c
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java 73ce926
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java 517d942
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java 6767ec1
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java 2df3432
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java de81543
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java 66d344f
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java 1e22bd9
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java 8ebed02
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java 8bd9d37
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java dac1271
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java 0dfbdbd
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java a122339
> gemfire-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java 89644f0
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java ab9333d
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java 44aef44
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java 384493b
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java f061240
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/AbstractBaseController.java feed8c7
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/BaseControllerAdvice.java 5ae88bc
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/CommonCrudController.java ef52347
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/FunctionAccessController.java 45d6f66
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/PdxBasedCrudController.java 96551c6
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/QueryAccessController.java b20c849
> gemfire-web-api/src/main/webapp/WEB-INF/web.xml 554ef4b
>
> Diff: https://reviews.apache.org/r/37209/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Tushar Khairnar
>
>
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
Posted by Nilkanth Patel <ni...@gmail.com>.
Do we have a flexibility of changing an existing security interfaces now ?
Reg. Code Review.
Tushar, i have tried to merge your patch but do not see any branch
feature/GEODE-17
into git repo. Is changes for integrated security available locally only?
What is the best way to merge it?
These looks a big change in first sight. For the sake of better review,
want to know, Did you have any initial code reviews internally before while
doing check-ins to int_security (internal) branch or is this the first code
review?
Nilkanth.
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
Posted by Tushar Khairnar <tu...@gmail.com>.
* If i would have adopted spring security for REST APIs, REST APIs security
might not work with customer's existing security plugins. *
- Not entirely true Neelkanth. But yeah we might have to change interface
a bit little. For eg. HMAC will require User Secret which we dont really
expose through plugins. So yes drop-in replacement of SpringSecurity was
not possible but with some change in gem-interfaces it was.
*I believe, pulse has already used a spring security, We kept pulse out of
integrated security as required a lot of changes to align towards
integrated security. *
- Pulse uses SpringSecurity as security framework where by implementing
SpringSecurity interfaces where implementation call Gemfire security plugin
we get best of both world. If you look current implementation it only
requires implemention of AuthenticationProvider
<http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/authentication/AuthenticationProvider.html>.
Point here is that people understand SpringSecurity and if we adopt its
easy for people to understand code, extend and contribute, experiment
*TokenService*
- Problem with TokenService is that it only passes on Principal but not
current request context. Stateless service request has to be checked for
integrity of all its request components - headers, request parameters,
request URL. Current design trusts incoming request once token is found. So
we are ultimately only authenticating Token instead of entire request.
Personally I envision GemFire REST to be REST Key-value store where people
can deploy it through cloud and expose REST interface without worrying
about security, once security is properly configured. Current design has
good trade-off by adding refresh token approach for preventing token
mis-use. But there should be way for users to add check for token
integrity. I am not saying this had to be default but we should not
restrict it just principal and token
regards,
Tushar
On Wed, Aug 12, 2015 at 11:20 AM, Nilkanth Patel <ni...@gmail.com>
wrote:
> Implementation is designed in the context of integrated security approach
> where user/customer needs to install/configure single Authentication and
> Authorization plugin and that should work for all channels that communicate
> with server. FYI, we have not changed anything to existing geode C/S
> security, rather planned to incorporate it into the other channels like
> developer REST APIs, GFSH and M&M REST.
>
> In the design phase, We had a lot of brain storming regarding the approach
> including Spring security for developer REST and others, some of the
> findings that we had come across are.
>
> - Currently geode C/S security does not support the spring security,
> In-fact we believed not preferable to add an extra layer of spring security
> that can degrades ops performance.
> - If i would have adopted spring security for REST APIs, REST APIs
> security might not work with customer's existing security plugins.
> - I believe, pulse has already used a spring security, We kept pulse out
> of integrated security as required a lot of changes to align towards
> integrated security.
>
> *Integrity of a security token* :
> REST APIs are recommend to use with HTTPS, so tokens will be secured in
> transit. If any one choose not to use https, he can use encrypted token
> (using tokenservice impl).
> Token service has a capabilities like generating, validating and
> refreshing tokens. User can plug their choice of implementation, standard
> (including JWT) or custom if they have.
>
> *Easy to use and flexible*
> With this desing, We have agreed to provide default implementation for
> TokenService, that will be used by default if user has not configured
> "security-rest-token-service" system property. User needs to hook its own
> (non-default) Tokenservice implementation using configuring
> "security-rest-token-service" property. This will make sure that user does
> not need to more work.
>
> Nilkanth Patel.
>
>
> On Fri, Aug 7, 2015 at 9:05 PM, Tushar Khairnar <tushar.khairnar@gmail.com
> > wrote:
>
>>
>> -----------------------------------------------------------
>> This is an automatically generated e-mail. To reply, visit:
>> https://reviews.apache.org/r/37209/
>> -----------------------------------------------------------
>>
>> (Updated Aug. 7, 2015, 3:35 p.m.)
>>
>>
>> Review request for geode, Amogh Shetkar and Jens Deppe.
>>
>>
>> Summary (updated)
>> -----------------
>>
>> GEODE-17 : Integrated Security Code Merge
>>
>>
>> Repository: geode
>>
>>
>> Description
>> -------
>>
>> GEODE-77 : Integrated Security Code Merge
>>
>> This is manual merge of code from int_security branch.
>>
>> Testing done : JMX RMI-connector testing done from JConsole, Gfsh
>> interactive testing with different roles. DUnits are not yet integrated
>> into open.
>>
>>
>> Diffs
>> -----
>>
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
>> d25063c
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
>> b7b2cd8
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
>> 472959d
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
>> 10094a9
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
>> b8dfeb3
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
>> f5ae3e5
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java
>> 8ba07a2
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
>> 59f6537
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
>> f14d16c
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
>> f0a0a79
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
>> 3e5ba1a
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
>> b6c5219
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
>> e53d50a
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
>> 04fda7e
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
>> e935fcd
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
>> 43bfe73
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java
>> 74695ee
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
>> d8f6983
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
>> 2eb1318
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
>> 279fb45
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
>> 919d6fe
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
>> 9e60839
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
>> 4591b53
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
>> 4614ce7
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
>> 01910d6
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
>> d4134ad
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
>> 0d8c54a
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java
>> d9d4bea
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
>> c978381
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
>> 302d7bb
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
>> 797f654
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
>> da8f11d
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
>> d236d81
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
>> 7b298d6
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
>> 80ba89e
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
>> 4bdab90
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
>> 5abd08a
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
>> a6d9abf
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java
>> 864907b
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java
>> 58040cd
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java
>> 1926db5
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java
>> e217045
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
>> b0198e4
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java
>> 375cc27
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
>> d85ce65
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
>> 50942c1
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java
>> 1851977
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
>> 4dc27e1
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceConstants.java
>> 3f4d7cb
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
>> f149479
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
>> aa1c38c
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
>> 73ce926
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
>> 517d942
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
>> 6767ec1
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
>> 2df3432
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
>> de81543
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
>> 66d344f
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
>> 1e22bd9
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
>> 8ebed02
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
>> 8bd9d37
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
>> dac1271
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
>> 0dfbdbd
>>
>> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
>> a122339
>>
>> gemfire-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
>> 89644f0
>>
>> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
>> ab9333d
>>
>> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
>> 44aef44
>>
>> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java
>> 384493b
>>
>> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java
>> f061240
>>
>> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/AbstractBaseController.java
>> feed8c7
>>
>> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/BaseControllerAdvice.java
>> 5ae88bc
>>
>> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/CommonCrudController.java
>> ef52347
>>
>> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/FunctionAccessController.java
>> 45d6f66
>>
>> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/PdxBasedCrudController.java
>> 96551c6
>>
>> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/QueryAccessController.java
>> b20c849
>> gemfire-web-api/src/main/webapp/WEB-INF/web.xml 554ef4b
>>
>> Diff: https://reviews.apache.org/r/37209/diff/
>>
>>
>> Testing
>> -------
>>
>>
>> Thanks,
>>
>> Tushar Khairnar
>>
>>
>
--
Regards,
Tushar Khairnar
Re: Review Request 37209: GEODE-17 : Integrated Security Code Merge
Posted by Nilkanth Patel <ni...@gmail.com>.
Implementation is designed in the context of integrated security approach
where user/customer needs to install/configure single Authentication and
Authorization plugin and that should work for all channels that communicate
with server. FYI, we have not changed anything to existing geode C/S
security, rather planned to incorporate it into the other channels like
developer REST APIs, GFSH and M&M REST.
In the design phase, We had a lot of brain storming regarding the approach
including Spring security for developer REST and others, some of the
findings that we had come across are.
- Currently geode C/S security does not support the spring security,
In-fact we believed not preferable to add an extra layer of spring security
that can degrades ops performance.
- If i would have adopted spring security for REST APIs, REST APIs
security might not work with customer's existing security plugins.
- I believe, pulse has already used a spring security, We kept pulse out
of integrated security as required a lot of changes to align towards
integrated security.
*Integrity of a security token* :
REST APIs are recommend to use with HTTPS, so tokens will be secured in
transit. If any one choose not to use https, he can use encrypted token
(using tokenservice impl).
Token service has a capabilities like generating, validating and
refreshing tokens. User can plug their choice of implementation, standard
(including JWT) or custom if they have.
*Easy to use and flexible*
With this desing, We have agreed to provide default implementation for
TokenService, that will be used by default if user has not configured
"security-rest-token-service" system property. User needs to hook its own
(non-default) Tokenservice implementation using configuring
"security-rest-token-service" property. This will make sure that user does
not need to more work.
Nilkanth Patel.
On Fri, Aug 7, 2015 at 9:05 PM, Tushar Khairnar <tu...@gmail.com>
wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/37209/
> -----------------------------------------------------------
>
> (Updated Aug. 7, 2015, 3:35 p.m.)
>
>
> Review request for geode, Amogh Shetkar and Jens Deppe.
>
>
> Summary (updated)
> -----------------
>
> GEODE-17 : Integrated Security Code Merge
>
>
> Repository: geode
>
>
> Description
> -------
>
> GEODE-77 : Integrated Security Code Merge
>
> This is manual merge of code from int_security branch.
>
> Testing done : JMX RMI-connector testing done from JConsole, Gfsh
> interactive testing with different roles. DUnits are not yet integrated
> into open.
>
>
> Diffs
> -----
>
>
> gemfire-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java
> d25063c
>
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java
> b7b2cd8
>
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java
> 472959d
>
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java
> 10094a9
>
> gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java
> b8dfeb3
>
> gemfire-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java
> f5ae3e5
>
> gemfire-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java
> 8ba07a2
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java
> 59f6537
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java
> f14d16c
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java
> f0a0a79
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java
> 3e5ba1a
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java
> b6c5219
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java
> e53d50a
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java
> 04fda7e
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java
> e935fcd
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java
> 43bfe73
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java
> 74695ee
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java
> d8f6983
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java
> 2eb1318
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java
> 279fb45
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java
> 919d6fe
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java
> 9e60839
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java
> 4591b53
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java
> 4614ce7
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java
> 01910d6
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java
> d4134ad
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java
> 0d8c54a
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java
> d9d4bea
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java
> c978381
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java
> 302d7bb
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java
> 797f654
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java
> da8f11d
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java
> d236d81
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java
> 7b298d6
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java
> 80ba89e
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java
> 4bdab90
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java
> 5abd08a
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java
> a6d9abf
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java
> 864907b
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java
> 58040cd
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java
> 1926db5
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java
> e217045
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java
> b0198e4
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java
> 375cc27
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java
> d85ce65
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java
> 50942c1
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java
> 1851977
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java
> 4dc27e1
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceConstants.java
> 3f4d7cb
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java
> f149479
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java
> aa1c38c
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java
> 73ce926
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java
> 517d942
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java
> 6767ec1
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java
> 2df3432
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java
> de81543
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java
> 66d344f
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java
> 1e22bd9
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java
> 8ebed02
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java
> 8bd9d37
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java
> dac1271
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java
> 0dfbdbd
>
> gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java
> a122339
>
> gemfire-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java
> 89644f0
>
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java
> ab9333d
>
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java
> 44aef44
>
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java
> 384493b
>
> gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java
> f061240
>
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/AbstractBaseController.java
> feed8c7
>
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/BaseControllerAdvice.java
> 5ae88bc
>
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/CommonCrudController.java
> ef52347
>
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/FunctionAccessController.java
> 45d6f66
>
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/PdxBasedCrudController.java
> 96551c6
>
> gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/QueryAccessController.java
> b20c849
> gemfire-web-api/src/main/webapp/WEB-INF/web.xml 554ef4b
>
> Diff: https://reviews.apache.org/r/37209/diff/
>
>
> Testing
> -------
>
>
> Thanks,
>
> Tushar Khairnar
>
>