You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geode.apache.org by Parin dazz <pa...@gmail.com> on 2017/06/03 07:12:33 UTC
Spring data geode security example
Hi,
Do we have any example on how to use/implement security manager with
spring-data-geode?
More, haven't heard anything for new release of spring-data-geode :) Very
much excited for the new features and hard work john is doing. Any news on
release date?
Regards,
Parin
Re: Spring data geode security example
Posted by Luke Shannon <ls...@pivotal.io>.
+1 on John's examples. These are great!
On Tue, Jun 6, 2017 at 2:51 AM, Nilkanth Patel <ni...@gmail.com>
wrote:
> Hi Parin,
>
> Sometime back i have faced the similar. mailing list reference. [
> https://mail.google.com/mail/u/0/#search/shiro/15c0c3337b41e34e]
>
> Following worked for me when started a locator with shiro.ini, Have a look
> if it helps in your case.
> Note: This is with starting a locator from gfsh. You have to keep your
> config file under resources folder.
>
> 1. //created a jar named shiro-config.jar containing shiro.ini
> bin/resources $ jar -cf shiro-config.jar shiro.ini
>
> 2. gfsh>start locator --name=l1 --classpath=./bin/resources/shiro-config.jar:../lib/*
> --security-properties-file=/work/geode/locator.properties
>
> It seems, by default required CLASSPATH is not getting set and hence
> throwing the exception.
>
> Though This is not a clean way, but worked for me!
>
> @John, thanks a lot for putting a security related examples, really
> helpful.
>
> Regards,
> Nilkanth Patel.
>
> On Mon, Jun 5, 2017 at 4:07 PM, Parin dazz <pa...@gmail.com> wrote:
>
>> Thank you so much John for detailed updates & upcoming magic :)
>>
>> Regarding apache-shiro, I can see various ways for geode server using
>> @EnableSecurity(INI/Realm) annotation but how I can include the same in
>> locator.
>>
>> I tried below one,
>>
>> File: locator.properties
>> security-shiro-init=/home/parin/Downloads/apache-geode/shiro.properties
>>
>> But it says me,
>> Exception in thread "main" org.apache.shiro.config.ConfigurationException:
>> java.io.IOException: Resource [classpath:/home/parin/Downloa
>> ds/apache-geode/shiro.properties] could not be found.
>>
>> Same as if I provide my custom SecurityManager implementation, how can I
>> refer that in locator properties?
>>
>> Thanks,
>> Parin
>>
>> On Sun, Jun 4, 2017 at 12:19 AM, John Blum <jb...@pivotal.io> wrote:
>>
>>> Hi Parin-
>>>
>>> Thank you for the kind words; means a lot to me and I definitely
>>> appreciate it.
>>>
>>> So, good news! I do have an example (several, actually) of using the
>>> new Apache Geode Security Model (e.g. SecurityManager) with *Spring
>>> Data Geode*. In fact that was the central theme in the last release of
>>> SDG 1.0.0.INCUBATING-RELEASE. See my blog post here
>>> <https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released> [1]
>>> (the "*Security*" piece starts a couple of sections down after "*What's
>>> New*").
>>>
>>> The actual code I built
>>> <https://github.com/jxblum/contacts-application/blob/apache-geode/security-example/src/test/java/example/app/geode/security/GeodeSecurityIntegrationTests.java> [2]
>>> when writing the blog post is part of (what will eventually become) the *Reference
>>> Implementation* (RI) of *Spring Data GemFire/Geode*. Unfortunately, I
>>> have not had a lot of time to document this yet either in SDG Ref Guide or
>>> in READMEs associated with the RI repo.
>>> But, hopefully, the blog post helps and the code is self-explanatory;
>>> docs are coming, I promise. However, I have since then added automated
>>> tests
>>> <https://github.com/spring-projects/spring-data-geode/tree/master/src/test/java/org/springframework/data/gemfire/config/annotation> [3]
>>> for the Security bits based on this example, since it is important to have
>>> both the client as well as the server-side of the Security equation. In
>>> the example, I think I setup a secure server manually where as the tests
>>> actually configure and fork one. Anyway, if you questions, please do let
>>> me know.
>>>
>>>
>>> As for the new release....
>>>
>>> Great question and one that seems to be of most interests to the
>>> community right now where *Spring* and Geode intersect. This was
>>> recently asked on *StackOverflow*
>>> <https://stackoverflow.com/questions/44204043/spring-support-for-apache-geode-spring-data-geode> [4]
>>> as well. My answer to the SO post was somewhat verbose, so let me recap
>>> here for everyones benefit...
>>>
>>> I am planning a *Spring Data Geode* *1.1.0.RELEASE* that builds on
>>> Apache Geode *1.1.1*. The 2 central themes in this are...
>>>
>>> 1. Early *Lucene* support.
>>>
>>> As you may know, Apache Geode now integrates with Apache Lucene to
>>> create Lucene Indexes for textual based searches on data in GemFire
>>> Regions. I added first class support in SDG
>>> <http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/reference/html/#bootstrap:lucene> [5]
>>> above and beyond what even Apache Geode is capable of (e.g.
>>> projections/mapping based on *Spring Data Commons* infrastructure) for
>>> this new API/integration. This is *done*.
>>>
>>> 2. *Annotation config* model extensions.
>>>
>>> Some people are already familiar and even using with the new, *Spring
>>> Boot* style Annotation support I added in SDG. However, 1 of the
>>> initial limitations of the Annotation config was having the ability to
>>> "dynamically" configure aspects of Geode (e.g. port numbers
>>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableCacheServer.java#L134> [6])
>>> when the Annotations are used. My goal was to preserve the "type-safe"
>>> nature of the Annotation attributes while still allowing those attributes
>>> to be dynamically configured.
>>>
>>> Of course, I could have used Spring property placeholders and SpEL
>>> expressions, but that would have required me to give up type safety and
>>> make all the Annotation attributes Strings... blah, no! So, instead, I am
>>> introducing Configurers and well-known, document properties that users can
>>> set in an application.properties file that correspond to Annotation
>>> attributes where the precedence is... *Annotation attribute* ->
>>> *Property* -> *XYZConfigurer* (e.g. CacheServerConfigurer
>>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurer.java>
>>> [7]).
>>>
>>> Since the Annotations create *Spring* beans for Geode components for
>>> you, with very little effort (i.e. using OOTB defaults when attributes are
>>> not customized), the Configurers give you a way to access the
>>> "configuration" (on the appropriate Spring FactoryBean) before the Geode
>>> component is created. To use a Configurer, you register it like any other
>>> Spring bean, which then gives you the ability to also use Spring property
>>> placeholder and SpEL expressions in those JavaConfig bean definitions,
>>> therefore kill 2 birds with 1 stone (sorry, that sounds cruel; figure of
>>> speech). Here is an example
>>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/test/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114>
>>> [8].
>>>
>>> So, the Configurers are *done*, the Well-Known/Documented Properties
>>> are a *WIP*, as well as the Ref Guide documentation, phew.
>>>
>>> This dynamic configuration support using Annotations was requested and
>>> needed by several members of the Geode community that use *Spring*,
>>> like *Roger Vandusen* from *Mastercard*. I have not forgotten about
>>> you my friend.
>>>
>>> I *sincerely apologize to the community* that this new feature support
>>> and the next release of SDG for Apache Geode 1.1.1 has taken so long.
>>>
>>> Anyway, once I get the last bit done, I will push 1 *final* *Spring
>>> Data Geode* *1.1.0.RELEASE* based on Apache Geode 1.1.1.
>>>
>>> I say "*final*" because *Spring Data Geode* is becoming a new,
>>> *top-level* *Spring Data* module in the *Spring Data* portfolio
>>> <http://projects.spring.io/spring-data/> [9] (like *Spring Data GemFire*,
>>> but separate now, yay). I am super excited about this and I hope the
>>> community will be too. It already has a new GitHub Repo home, here
>>> <https://github.com/spring-projects/spring-data-geode> [10].
>>>
>>> So, *Spring Data Geode* will be part of the *Spring Data Release Train
>>> <https://github.com/spring-projects/spring-data-commons/wiki>* [11]
>>> (from *Kay* onward; see right-side nav bar on Wiki page), which means
>>> SD Geode will have predictable and regular releases, and will be based on
>>> Apache Geode *1.2.0*. However, it also means that Apache Geode 1.2.0
>>> needs to be released before SD Geode can be added to the train. And, it
>>> also means several other important things...
>>>
>>> 1. I will *not* be doing individual releases of SD Geode going forward
>>> after SD Geode is added to the train.
>>>
>>> 2. SD Geode will be at version 2.0.0 (based on Apache Geode 1.2.0); so
>>> the version numbers between Apache Geode and SD Geode will not longer align
>>> (which is actually the same as *Spring Data GemFire* for Pivotal
>>> GemFire, too), partly because...
>>>
>>> 3. SDG also builds on *Spring* *5*, with the major themes being *Java 8*,
>>> *Reactive* and *Functional programming* support, so we are bumping the
>>> major version for all SD modules.
>>>
>>> Anyway, I hope this helps and clears up the muddy waters on what has
>>> been happening on *Spring Data Geode*. I am also involved in several
>>> other things, like...
>>>
>>> 1. Moving the *Spring Boot* auto-configuration support for Apache
>>> Geode/Pivotal GemFire I built into *Spring Boot* to a new home
>>> <https://github.com/spring-projects/spring-boot-data-gemfire> [12], a
>>> major WIP.
>>>
>>> 2. Moving the *Spring Session Data Geode/GemFire* support to its new
>>> home <https://github.com/spring-projects/spring-session-data-geode> [13],
>>> as of *Spring Session* 2.0, also a major WIP.
>>>
>>> 3. And, building *Spring* support in PCF for Pivotal GemFire/Apache
>>> Geode.
>>>
>>> Let me know if you have other questions.
>>>
>>> Cheers my friend,
>>> John
>>>
>>>
>>> [1] https://spring.io/blog/2016/11/10/spring-data-geode-1-0-
>>> 0-incubating-release-released
>>> [2] https://github.com/jxblum/contacts-application/blob/apac
>>> he-geode/security-example/src/test/java/example/app/geode/se
>>> curity/GeodeSecurityIntegrationTests.java
>>> [3] https://github.com/spring-projects/spring-data-geode/tre
>>> e/master/src/test/java/org/springframework/data/gemfire/conf
>>> ig/annotation
>>> [4] https://stackoverflow.com/questions/44204043/spring-supp
>>> ort-for-apache-geode-spring-data-geode
>>> [5] http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/
>>> reference/html/#bootstrap:lucene
>>> [6] https://github.com/spring-projects/spring-data-geode/blo
>>> b/master/src/main/java/org/springframework/data/gemfire/conf
>>> ig/annotation/EnableCacheServer.java#L134
>>> [7] https://github.com/spring-projects/spring-data-geode/blo
>>> b/master/src/main/java/org/springframework/data/gemfire/conf
>>> ig/annotation/CacheServerConfigurer.java
>>> [8] https://github.com/spring-projects/spring-data-geode/blo
>>> b/master/src/test/java/org/springframework/data/gemfire/conf
>>> ig/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114
>>> [9] http://projects.spring.io/spring-data/
>>> [10] https://github.com/spring-projects/spring-data-geode
>>> [11] https://github.com/spring-projects/spring-data-commons/wiki
>>> [12] https://github.com/spring-projects/spring-boot-data-gemfire
>>> [13] https://github.com/spring-projects/spring-session-data-geode
>>>
>>>
>>> On Sat, Jun 3, 2017 at 12:12 AM, Parin dazz <pa...@gmail.com>
>>> wrote:
>>>
>>>> Hi,
>>>>
>>>> Do we have any example on how to use/implement security manager with
>>>> spring-data-geode?
>>>>
>>>> More, haven't heard anything for new release of spring-data-geode :)
>>>> Very much excited for the new features and hard work john is doing. Any
>>>> news on release date?
>>>>
>>>>
>>>> Regards,
>>>> Parin
>>>>
>>>
>>>
>>>
>>> --
>>> -John
>>> john.blum10101 (skype)
>>>
>>
>>
>
--
Luke Shannon | Platform Engineering | Pivotal
-------------------------------------------------------------------------
Mobile:416-571-9495
Join the Toronto Pivotal Usergroup:
http://www.meetup.com/Toronto-Pivotal-User-Group/
Re: Spring data geode security example
Posted by Nilkanth Patel <ni...@gmail.com>.
Hi Parin,
Sometime back i have faced the similar. mailing list reference. [
https://mail.google.com/mail/u/0/#search/shiro/15c0c3337b41e34e]
Following worked for me when started a locator with shiro.ini, Have a look
if it helps in your case.
Note: This is with starting a locator from gfsh. You have to keep your
config file under resources folder.
1. //created a jar named shiro-config.jar containing shiro.ini
bin/resources $ jar -cf shiro-config.jar shiro.ini
2. gfsh>start locator --name=l1
--classpath=./bin/resources/shiro-config.jar:../lib/*
--security-properties-file=/work/geode/locator.properties
It seems, by default required CLASSPATH is not getting set and hence
throwing the exception.
Though This is not a clean way, but worked for me!
@John, thanks a lot for putting a security related examples, really helpful.
Regards,
Nilkanth Patel.
On Mon, Jun 5, 2017 at 4:07 PM, Parin dazz <pa...@gmail.com> wrote:
> Thank you so much John for detailed updates & upcoming magic :)
>
> Regarding apache-shiro, I can see various ways for geode server using
> @EnableSecurity(INI/Realm) annotation but how I can include the same in
> locator.
>
> I tried below one,
>
> File: locator.properties
> security-shiro-init=/home/parin/Downloads/apache-geode/shiro.properties
>
> But it says me,
> Exception in thread "main" org.apache.shiro.config.ConfigurationException:
> java.io.IOException: Resource [classpath:/home/parin/
> Downloads/apache-geode/shiro.properties] could not be found.
>
> Same as if I provide my custom SecurityManager implementation, how can I
> refer that in locator properties?
>
> Thanks,
> Parin
>
> On Sun, Jun 4, 2017 at 12:19 AM, John Blum <jb...@pivotal.io> wrote:
>
>> Hi Parin-
>>
>> Thank you for the kind words; means a lot to me and I definitely
>> appreciate it.
>>
>> So, good news! I do have an example (several, actually) of using the new
>> Apache Geode Security Model (e.g. SecurityManager) with *Spring Data
>> Geode*. In fact that was the central theme in the last release of SDG
>> 1.0.0.INCUBATING-RELEASE. See my blog post here
>> <https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released> [1]
>> (the "*Security*" piece starts a couple of sections down after "*What's
>> New*").
>>
>> The actual code I built
>> <https://github.com/jxblum/contacts-application/blob/apache-geode/security-example/src/test/java/example/app/geode/security/GeodeSecurityIntegrationTests.java> [2]
>> when writing the blog post is part of (what will eventually become) the *Reference
>> Implementation* (RI) of *Spring Data GemFire/Geode*. Unfortunately, I
>> have not had a lot of time to document this yet either in SDG Ref Guide or
>> in READMEs associated with the RI repo.
>> But, hopefully, the blog post helps and the code is self-explanatory;
>> docs are coming, I promise. However, I have since then added automated
>> tests
>> <https://github.com/spring-projects/spring-data-geode/tree/master/src/test/java/org/springframework/data/gemfire/config/annotation> [3]
>> for the Security bits based on this example, since it is important to have
>> both the client as well as the server-side of the Security equation. In
>> the example, I think I setup a secure server manually where as the tests
>> actually configure and fork one. Anyway, if you questions, please do let
>> me know.
>>
>>
>> As for the new release....
>>
>> Great question and one that seems to be of most interests to the
>> community right now where *Spring* and Geode intersect. This was
>> recently asked on *StackOverflow*
>> <https://stackoverflow.com/questions/44204043/spring-support-for-apache-geode-spring-data-geode> [4]
>> as well. My answer to the SO post was somewhat verbose, so let me recap
>> here for everyones benefit...
>>
>> I am planning a *Spring Data Geode* *1.1.0.RELEASE* that builds on
>> Apache Geode *1.1.1*. The 2 central themes in this are...
>>
>> 1. Early *Lucene* support.
>>
>> As you may know, Apache Geode now integrates with Apache Lucene to create
>> Lucene Indexes for textual based searches on data in GemFire Regions. I added
>> first class support in SDG
>> <http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/reference/html/#bootstrap:lucene> [5]
>> above and beyond what even Apache Geode is capable of (e.g.
>> projections/mapping based on *Spring Data Commons* infrastructure) for
>> this new API/integration. This is *done*.
>>
>> 2. *Annotation config* model extensions.
>>
>> Some people are already familiar and even using with the new, *Spring
>> Boot* style Annotation support I added in SDG. However, 1 of the
>> initial limitations of the Annotation config was having the ability to
>> "dynamically" configure aspects of Geode (e.g. port numbers
>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableCacheServer.java#L134> [6])
>> when the Annotations are used. My goal was to preserve the "type-safe"
>> nature of the Annotation attributes while still allowing those attributes
>> to be dynamically configured.
>>
>> Of course, I could have used Spring property placeholders and SpEL
>> expressions, but that would have required me to give up type safety and
>> make all the Annotation attributes Strings... blah, no! So, instead, I am
>> introducing Configurers and well-known, document properties that users can
>> set in an application.properties file that correspond to Annotation
>> attributes where the precedence is... *Annotation attribute* ->
>> *Property* -> *XYZConfigurer* (e.g. CacheServerConfigurer
>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurer.java>
>> [7]).
>>
>> Since the Annotations create *Spring* beans for Geode components for
>> you, with very little effort (i.e. using OOTB defaults when attributes are
>> not customized), the Configurers give you a way to access the
>> "configuration" (on the appropriate Spring FactoryBean) before the Geode
>> component is created. To use a Configurer, you register it like any other
>> Spring bean, which then gives you the ability to also use Spring property
>> placeholder and SpEL expressions in those JavaConfig bean definitions,
>> therefore kill 2 birds with 1 stone (sorry, that sounds cruel; figure of
>> speech). Here is an example
>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/test/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114>
>> [8].
>>
>> So, the Configurers are *done*, the Well-Known/Documented Properties are
>> a *WIP*, as well as the Ref Guide documentation, phew.
>>
>> This dynamic configuration support using Annotations was requested and
>> needed by several members of the Geode community that use *Spring*, like *Roger
>> Vandusen* from *Mastercard*. I have not forgotten about you my friend.
>>
>> I *sincerely apologize to the community* that this new feature support
>> and the next release of SDG for Apache Geode 1.1.1 has taken so long.
>>
>> Anyway, once I get the last bit done, I will push 1 *final* *Spring Data
>> Geode* *1.1.0.RELEASE* based on Apache Geode 1.1.1.
>>
>> I say "*final*" because *Spring Data Geode* is becoming a new,
>> *top-level* *Spring Data* module in the *Spring Data* portfolio
>> <http://projects.spring.io/spring-data/> [9] (like *Spring Data GemFire*,
>> but separate now, yay). I am super excited about this and I hope the
>> community will be too. It already has a new GitHub Repo home, here
>> <https://github.com/spring-projects/spring-data-geode> [10].
>>
>> So, *Spring Data Geode* will be part of the *Spring Data Release Train
>> <https://github.com/spring-projects/spring-data-commons/wiki>* [11]
>> (from *Kay* onward; see right-side nav bar on Wiki page), which means SD
>> Geode will have predictable and regular releases, and will be based on
>> Apache Geode *1.2.0*. However, it also means that Apache Geode 1.2.0
>> needs to be released before SD Geode can be added to the train. And, it
>> also means several other important things...
>>
>> 1. I will *not* be doing individual releases of SD Geode going forward
>> after SD Geode is added to the train.
>>
>> 2. SD Geode will be at version 2.0.0 (based on Apache Geode 1.2.0); so
>> the version numbers between Apache Geode and SD Geode will not longer align
>> (which is actually the same as *Spring Data GemFire* for Pivotal
>> GemFire, too), partly because...
>>
>> 3. SDG also builds on *Spring* *5*, with the major themes being *Java 8*,
>> *Reactive* and *Functional programming* support, so we are bumping the
>> major version for all SD modules.
>>
>> Anyway, I hope this helps and clears up the muddy waters on what has been
>> happening on *Spring Data Geode*. I am also involved in several other
>> things, like...
>>
>> 1. Moving the *Spring Boot* auto-configuration support for Apache
>> Geode/Pivotal GemFire I built into *Spring Boot* to a new home
>> <https://github.com/spring-projects/spring-boot-data-gemfire> [12], a
>> major WIP.
>>
>> 2. Moving the *Spring Session Data Geode/GemFire* support to its new home
>> <https://github.com/spring-projects/spring-session-data-geode> [13], as
>> of *Spring Session* 2.0, also a major WIP.
>>
>> 3. And, building *Spring* support in PCF for Pivotal GemFire/Apache
>> Geode.
>>
>> Let me know if you have other questions.
>>
>> Cheers my friend,
>> John
>>
>>
>> [1] https://spring.io/blog/2016/11/10/spring-data-geode-1-0-
>> 0-incubating-release-released
>> [2] https://github.com/jxblum/contacts-application/blob/apac
>> he-geode/security-example/src/test/java/example/app/geode/
>> security/GeodeSecurityIntegrationTests.java
>> [3] https://github.com/spring-projects/spring-data-geode/tre
>> e/master/src/test/java/org/springframework/data/gemfire/config/annotation
>> [4] https://stackoverflow.com/questions/44204043/spring-supp
>> ort-for-apache-geode-spring-data-geode
>> [5] http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/
>> reference/html/#bootstrap:lucene
>> [6] https://github.com/spring-projects/spring-data-geode/blo
>> b/master/src/main/java/org/springframework/data/gemfire/conf
>> ig/annotation/EnableCacheServer.java#L134
>> [7] https://github.com/spring-projects/spring-data-geode/blo
>> b/master/src/main/java/org/springframework/data/gemfire/conf
>> ig/annotation/CacheServerConfigurer.java
>> [8] https://github.com/spring-projects/spring-data-geode/blo
>> b/master/src/test/java/org/springframework/data/gemfire/conf
>> ig/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114
>> [9] http://projects.spring.io/spring-data/
>> [10] https://github.com/spring-projects/spring-data-geode
>> [11] https://github.com/spring-projects/spring-data-commons/wiki
>> [12] https://github.com/spring-projects/spring-boot-data-gemfire
>> [13] https://github.com/spring-projects/spring-session-data-geode
>>
>>
>> On Sat, Jun 3, 2017 at 12:12 AM, Parin dazz <pa...@gmail.com>
>> wrote:
>>
>>> Hi,
>>>
>>> Do we have any example on how to use/implement security manager with
>>> spring-data-geode?
>>>
>>> More, haven't heard anything for new release of spring-data-geode :)
>>> Very much excited for the new features and hard work john is doing. Any
>>> news on release date?
>>>
>>>
>>> Regards,
>>> Parin
>>>
>>
>>
>>
>> --
>> -John
>> john.blum10101 (skype)
>>
>
>
Re: Spring data geode security example
Posted by Parin dazz <pa...@gmail.com>.
Thank you so much John for detailed updates & upcoming magic :)
Regarding apache-shiro, I can see various ways for geode server using
@EnableSecurity(INI/Realm) annotation but how I can include the same in
locator.
I tried below one,
File: locator.properties
security-shiro-init=/home/parin/Downloads/apache-geode/shiro.properties
But it says me,
Exception in thread "main" org.apache.shiro.config.ConfigurationException:
java.io.IOException: Resource
[classpath:/home/parin/Downloads/apache-geode/shiro.properties] could not
be found.
Same as if I provide my custom SecurityManager implementation, how can I
refer that in locator properties?
Thanks,
Parin
On Sun, Jun 4, 2017 at 12:19 AM, John Blum <jb...@pivotal.io> wrote:
> Hi Parin-
>
> Thank you for the kind words; means a lot to me and I definitely
> appreciate it.
>
> So, good news! I do have an example (several, actually) of using the new
> Apache Geode Security Model (e.g. SecurityManager) with *Spring Data
> Geode*. In fact that was the central theme in the last release of SDG
> 1.0.0.INCUBATING-RELEASE. See my blog post here
> <https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released> [1]
> (the "*Security*" piece starts a couple of sections down after "*What's
> New*").
>
> The actual code I built
> <https://github.com/jxblum/contacts-application/blob/apache-geode/security-example/src/test/java/example/app/geode/security/GeodeSecurityIntegrationTests.java> [2]
> when writing the blog post is part of (what will eventually become) the *Reference
> Implementation* (RI) of *Spring Data GemFire/Geode*. Unfortunately, I
> have not had a lot of time to document this yet either in SDG Ref Guide or
> in READMEs associated with the RI repo.
> But, hopefully, the blog post helps and the code is self-explanatory; docs
> are coming, I promise. However, I have since then added automated tests
> <https://github.com/spring-projects/spring-data-geode/tree/master/src/test/java/org/springframework/data/gemfire/config/annotation> [3]
> for the Security bits based on this example, since it is important to have
> both the client as well as the server-side of the Security equation. In
> the example, I think I setup a secure server manually where as the tests
> actually configure and fork one. Anyway, if you questions, please do let
> me know.
>
>
> As for the new release....
>
> Great question and one that seems to be of most interests to the community
> right now where *Spring* and Geode intersect. This was recently asked on
> *StackOverflow*
> <https://stackoverflow.com/questions/44204043/spring-support-for-apache-geode-spring-data-geode> [4]
> as well. My answer to the SO post was somewhat verbose, so let me recap
> here for everyones benefit...
>
> I am planning a *Spring Data Geode* *1.1.0.RELEASE* that builds on Apache
> Geode *1.1.1*. The 2 central themes in this are...
>
> 1. Early *Lucene* support.
>
> As you may know, Apache Geode now integrates with Apache Lucene to create
> Lucene Indexes for textual based searches on data in GemFire Regions. I added
> first class support in SDG
> <http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/reference/html/#bootstrap:lucene> [5]
> above and beyond what even Apache Geode is capable of (e.g.
> projections/mapping based on *Spring Data Commons* infrastructure) for
> this new API/integration. This is *done*.
>
> 2. *Annotation config* model extensions.
>
> Some people are already familiar and even using with the new, *Spring
> Boot* style Annotation support I added in SDG. However, 1 of the initial
> limitations of the Annotation config was having the ability to
> "dynamically" configure aspects of Geode (e.g. port numbers
> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableCacheServer.java#L134> [6])
> when the Annotations are used. My goal was to preserve the "type-safe"
> nature of the Annotation attributes while still allowing those attributes
> to be dynamically configured.
>
> Of course, I could have used Spring property placeholders and SpEL
> expressions, but that would have required me to give up type safety and
> make all the Annotation attributes Strings... blah, no! So, instead, I am
> introducing Configurers and well-known, document properties that users can
> set in an application.properties file that correspond to Annotation
> attributes where the precedence is... *Annotation attribute* -> *Property*
> -> *XYZConfigurer* (e.g. CacheServerConfigurer
> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurer.java>
> [7]).
>
> Since the Annotations create *Spring* beans for Geode components for you,
> with very little effort (i.e. using OOTB defaults when attributes are not
> customized), the Configurers give you a way to access the "configuration"
> (on the appropriate Spring FactoryBean) before the Geode component is
> created. To use a Configurer, you register it like any other Spring bean,
> which then gives you the ability to also use Spring property placeholder
> and SpEL expressions in those JavaConfig bean definitions, therefore kill 2
> birds with 1 stone (sorry, that sounds cruel; figure of speech). Here is
> an example
> <https://github.com/spring-projects/spring-data-geode/blob/master/src/test/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114>
> [8].
>
> So, the Configurers are *done*, the Well-Known/Documented Properties are
> a *WIP*, as well as the Ref Guide documentation, phew.
>
> This dynamic configuration support using Annotations was requested and
> needed by several members of the Geode community that use *Spring*, like *Roger
> Vandusen* from *Mastercard*. I have not forgotten about you my friend.
>
> I *sincerely apologize to the community* that this new feature support
> and the next release of SDG for Apache Geode 1.1.1 has taken so long.
>
> Anyway, once I get the last bit done, I will push 1 *final* *Spring Data
> Geode* *1.1.0.RELEASE* based on Apache Geode 1.1.1.
>
> I say "*final*" because *Spring Data Geode* is becoming a new, *top-level* *Spring
> Data* module in the *Spring Data* portfolio
> <http://projects.spring.io/spring-data/> [9] (like *Spring Data GemFire*,
> but separate now, yay). I am super excited about this and I hope the
> community will be too. It already has a new GitHub Repo home, here
> <https://github.com/spring-projects/spring-data-geode> [10].
>
> So, *Spring Data Geode* will be part of the *Spring Data Release Train
> <https://github.com/spring-projects/spring-data-commons/wiki>* [11] (from
> *Kay* onward; see right-side nav bar on Wiki page), which means SD Geode
> will have predictable and regular releases, and will be based on Apache
> Geode *1.2.0*. However, it also means that Apache Geode 1.2.0 needs to
> be released before SD Geode can be added to the train. And, it also means
> several other important things...
>
> 1. I will *not* be doing individual releases of SD Geode going forward
> after SD Geode is added to the train.
>
> 2. SD Geode will be at version 2.0.0 (based on Apache Geode 1.2.0); so the
> version numbers between Apache Geode and SD Geode will not longer align
> (which is actually the same as *Spring Data GemFire* for Pivotal GemFire,
> too), partly because...
>
> 3. SDG also builds on *Spring* *5*, with the major themes being *Java 8*,
> *Reactive* and *Functional programming* support, so we are bumping the
> major version for all SD modules.
>
> Anyway, I hope this helps and clears up the muddy waters on what has been
> happening on *Spring Data Geode*. I am also involved in several other
> things, like...
>
> 1. Moving the *Spring Boot* auto-configuration support for Apache
> Geode/Pivotal GemFire I built into *Spring Boot* to a new home
> <https://github.com/spring-projects/spring-boot-data-gemfire> [12], a
> major WIP.
>
> 2. Moving the *Spring Session Data Geode/GemFire* support to its new home
> <https://github.com/spring-projects/spring-session-data-geode> [13], as
> of *Spring Session* 2.0, also a major WIP.
>
> 3. And, building *Spring* support in PCF for Pivotal GemFire/Apache Geode.
>
> Let me know if you have other questions.
>
> Cheers my friend,
> John
>
>
> [1] https://spring.io/blog/2016/11/10/spring-data-geode-
> 1-0-0-incubating-release-released
> [2] https://github.com/jxblum/contacts-application/blob/
> apache-geode/security-example/src/test/java/example/app/geode/security/
> GeodeSecurityIntegrationTests.java
> [3] https://github.com/spring-projects/spring-data-geode/
> tree/master/src/test/java/org/springframework/data/gemfire/
> config/annotation
> [4] https://stackoverflow.com/questions/44204043/spring-
> support-for-apache-geode-spring-data-geode
> [5] http://docs.spring.io/spring-data-gemfire/docs/2.0.
> 0.M3/reference/html/#bootstrap:lucene
> [6] https://github.com/spring-projects/spring-data-geode/
> blob/master/src/main/java/org/springframework/data/gemfire/
> config/annotation/EnableCacheServer.java#L134
> [7] https://github.com/spring-projects/spring-data-geode/
> blob/master/src/main/java/org/springframework/data/gemfire/
> config/annotation/CacheServerConfigurer.java
> [8] https://github.com/spring-projects/spring-data-geode/
> blob/master/src/test/java/org/springframework/data/gemfire/
> config/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114
> [9] http://projects.spring.io/spring-data/
> [10] https://github.com/spring-projects/spring-data-geode
> [11] https://github.com/spring-projects/spring-data-commons/wiki
> [12] https://github.com/spring-projects/spring-boot-data-gemfire
> [13] https://github.com/spring-projects/spring-session-data-geode
>
>
> On Sat, Jun 3, 2017 at 12:12 AM, Parin dazz <pa...@gmail.com>
> wrote:
>
>> Hi,
>>
>> Do we have any example on how to use/implement security manager with
>> spring-data-geode?
>>
>> More, haven't heard anything for new release of spring-data-geode :) Very
>> much excited for the new features and hard work john is doing. Any news on
>> release date?
>>
>>
>> Regards,
>> Parin
>>
>
>
>
> --
> -John
> john.blum10101 (skype)
>
Re: Spring data geode security example
Posted by John Blum <jb...@pivotal.io>.
Hi Parin-
Thank you for the kind words; means a lot to me and I definitely appreciate
it.
So, good news! I do have an example (several, actually) of using the new
Apache Geode Security Model (e.g. SecurityManager) with *Spring Data Geode*.
In fact that was the central theme in the last release of SDG
1.0.0.INCUBATING-RELEASE. See my blog post here
<https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released>
[1]
(the "*Security*" piece starts a couple of sections down after "*What's New*
").
The actual code I built
<https://github.com/jxblum/contacts-application/blob/apache-geode/security-example/src/test/java/example/app/geode/security/GeodeSecurityIntegrationTests.java>
[2]
when writing the blog post is part of (what will eventually become)
the *Reference
Implementation* (RI) of *Spring Data GemFire/Geode*. Unfortunately, I have
not had a lot of time to document this yet either in SDG Ref Guide or in
READMEs associated with the RI repo.
But, hopefully, the blog post helps and the code is self-explanatory; docs
are coming, I promise. However, I have since then added automated tests
<https://github.com/spring-projects/spring-data-geode/tree/master/src/test/java/org/springframework/data/gemfire/config/annotation>
[3]
for the Security bits based on this example, since it is important to have
both the client as well as the server-side of the Security equation. In
the example, I think I setup a secure server manually where as the tests
actually configure and fork one. Anyway, if you questions, please do let
me know.
As for the new release....
Great question and one that seems to be of most interests to the community
right now where *Spring* and Geode intersect. This was recently asked on
*StackOverflow*
<https://stackoverflow.com/questions/44204043/spring-support-for-apache-geode-spring-data-geode>
[4]
as well. My answer to the SO post was somewhat verbose, so let me recap
here for everyones benefit...
I am planning a *Spring Data Geode* *1.1.0.RELEASE* that builds on Apache
Geode *1.1.1*. The 2 central themes in this are...
1. Early *Lucene* support.
As you may know, Apache Geode now integrates with Apache Lucene to create
Lucene Indexes for textual based searches on data in GemFire Regions. I added
first class support in SDG
<http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/reference/html/#bootstrap:lucene>
[5]
above and beyond what even Apache Geode is capable of (e.g.
projections/mapping based on *Spring Data Commons* infrastructure) for this
new API/integration. This is *done*.
2. *Annotation config* model extensions.
Some people are already familiar and even using with the new, *Spring Boot*
style Annotation support I added in SDG. However, 1 of the initial
limitations of the Annotation config was having the ability to
"dynamically" configure aspects of Geode (e.g. port numbers
<https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableCacheServer.java#L134>
[6])
when the Annotations are used. My goal was to preserve the "type-safe"
nature of the Annotation attributes while still allowing those attributes
to be dynamically configured.
Of course, I could have used Spring property placeholders and SpEL
expressions, but that would have required me to give up type safety and
make all the Annotation attributes Strings... blah, no! So, instead, I am
introducing Configurers and well-known, document properties that users can
set in an application.properties file that correspond to Annotation
attributes where the precedence is... *Annotation attribute* -> *Property*
-> *XYZConfigurer* (e.g. CacheServerConfigurer
<https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurer.java>
[7]).
Since the Annotations create *Spring* beans for Geode components for you,
with very little effort (i.e. using OOTB defaults when attributes are not
customized), the Configurers give you a way to access the "configuration"
(on the appropriate Spring FactoryBean) before the Geode component is
created. To use a Configurer, you register it like any other Spring bean,
which then gives you the ability to also use Spring property placeholder
and SpEL expressions in those JavaConfig bean definitions, therefore kill 2
birds with 1 stone (sorry, that sounds cruel; figure of speech). Here is
an example
<https://github.com/spring-projects/spring-data-geode/blob/master/src/test/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114>
[8].
So, the Configurers are *done*, the Well-Known/Documented Properties are a
*WIP*, as well as the Ref Guide documentation, phew.
This dynamic configuration support using Annotations was requested and
needed by several members of the Geode community that use *Spring*, like *Roger
Vandusen* from *Mastercard*. I have not forgotten about you my friend.
I *sincerely apologize to the community* that this new feature support and
the next release of SDG for Apache Geode 1.1.1 has taken so long.
Anyway, once I get the last bit done, I will push 1 *final* *Spring Data
Geode* *1.1.0.RELEASE* based on Apache Geode 1.1.1.
I say "*final*" because *Spring Data Geode* is becoming a new,
*top-level* *Spring
Data* module in the *Spring Data* portfolio
<http://projects.spring.io/spring-data/> [9] (like *Spring Data GemFire*,
but separate now, yay). I am super excited about this and I hope the
community will be too. It already has a new GitHub Repo home, here
<https://github.com/spring-projects/spring-data-geode> [10].
So, *Spring Data Geode* will be part of the *Spring Data Release Train
<https://github.com/spring-projects/spring-data-commons/wiki>* [11] (from
*Kay* onward; see right-side nav bar on Wiki page), which means SD Geode
will have predictable and regular releases, and will be based on Apache
Geode *1.2.0*. However, it also means that Apache Geode 1.2.0 needs to be
released before SD Geode can be added to the train. And, it also means
several other important things...
1. I will *not* be doing individual releases of SD Geode going forward
after SD Geode is added to the train.
2. SD Geode will be at version 2.0.0 (based on Apache Geode 1.2.0); so the
version numbers between Apache Geode and SD Geode will not longer align
(which is actually the same as *Spring Data GemFire* for Pivotal GemFire,
too), partly because...
3. SDG also builds on *Spring* *5*, with the major themes being *Java 8*,
*Reactive* and *Functional programming* support, so we are bumping the
major version for all SD modules.
Anyway, I hope this helps and clears up the muddy waters on what has been
happening on *Spring Data Geode*. I am also involved in several other
things, like...
1. Moving the *Spring Boot* auto-configuration support for Apache
Geode/Pivotal GemFire I built into *Spring Boot* to a new home
<https://github.com/spring-projects/spring-boot-data-gemfire> [12], a major
WIP.
2. Moving the *Spring Session Data Geode/GemFire* support to its new home
<https://github.com/spring-projects/spring-session-data-geode> [13],
as of *Spring
Session* 2.0, also a major WIP.
3. And, building *Spring* support in PCF for Pivotal GemFire/Apache Geode.
Let me know if you have other questions.
Cheers my friend,
John
[1]
https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released
[2]
https://github.com/jxblum/contacts-application/blob/apache-geode/security-example/src/test/java/example/app/geode/security/GeodeSecurityIntegrationTests.java
[3]
https://github.com/spring-projects/spring-data-geode/tree/master/src/test/java/org/springframework/data/gemfire/config/annotation
[4]
https://stackoverflow.com/questions/44204043/spring-support-for-apache-geode-spring-data-geode
[5]
http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/reference/html/#bootstrap:lucene
[6]
https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableCacheServer.java#L134
[7]
https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurer.java
[8]
https://github.com/spring-projects/spring-data-geode/blob/master/src/test/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114
[9] http://projects.spring.io/spring-data/
[10] https://github.com/spring-projects/spring-data-geode
[11] https://github.com/spring-projects/spring-data-commons/wiki
[12] https://github.com/spring-projects/spring-boot-data-gemfire
[13] https://github.com/spring-projects/spring-session-data-geode
On Sat, Jun 3, 2017 at 12:12 AM, Parin dazz <pa...@gmail.com> wrote:
> Hi,
>
> Do we have any example on how to use/implement security manager with
> spring-data-geode?
>
> More, haven't heard anything for new release of spring-data-geode :) Very
> much excited for the new features and hard work john is doing. Any news on
> release date?
>
>
> Regards,
> Parin
>
--
-John
john.blum10101 (skype)