This is an automated email from the ASF dual-hosted git repository.
sai_boorlagadda pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-examples.git
The following commit(s) were added to refs/heads/develop by this push:
new eef628b GEODE-3868: Client security example should use SSL
eef628b is described below
commit eef628b6a133f6f650dc3eb249782c6cffc20d81
Author: Sai Boorlagadda <[email protected]>
AuthorDate: Mon Jan 29 09:56:00 2018 -0800
GEODE-3868: Client security example should use SSL
---
README.md | 4 ++++
clientSecurity/README.md | 3 ++-
clientSecurity/example_security.properties | 6 ++++++
clientSecurity/keystore.jks | Bin 0 -> 515 bytes
clientSecurity/scripts/start.gfsh | 7 +++++--
clientSecurity/scripts/stop.gfsh | 4 +++-
.../org/apache/geode_examples/clientSecurity/Example.java | 5 +++++
clientSecurity/truststore.jks | Bin 0 -> 515 bytes
8 files changed, 25 insertions(+), 4 deletions(-)
diff --git a/README.md b/README.md
index e817424..543036d 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,10 @@ Contributions<sup>[2]</sup> and corrections are welcome.
Please talk to us
about your suggestions at [[email protected]](mailto:[email protected])
or submit a [pull request](https://github.com/apache/geode/pull/new/develop).
+# Apache Geode Version
+
+Check out the master branch to run examples against the latest geode release.
+
## Running an example
The gradle build will automatically download and install a Geode release in the
diff --git a/clientSecurity/README.md b/clientSecurity/README.md
index 8626c3d..ff03b9a 100644
--- a/clientSecurity/README.md
+++ b/clientSecurity/README.md
@@ -18,7 +18,8 @@ limitations under the License.
# Geode security example - Client
This example demonstrates basic command security and user authentication in a
client application
-backed by a secured Geode cluster. This example assumes that Java and Geode
are installed.
+backed by a secured Geode cluster. It also demonstrates use of secure sockets
(SSL) between all
+members and between a client and a server. This example assumes that Java is
installed.
## Security Basics
diff --git a/clientSecurity/example_security.properties
b/clientSecurity/example_security.properties
index d661639..53e3c44 100644
--- a/clientSecurity/example_security.properties
+++ b/clientSecurity/example_security.properties
@@ -13,3 +13,9 @@
security-manager = org.apache.geode.examples.security.ExampleSecurityManager
security-json = example_security.json
+
+ssl-enabled-components=all
+ssl-keystore=./../keystore.jks
+ssl-keystore-password=password
+ssl-truststore=./../truststore.jks
+ssl-truststore-password=password
\ No newline at end of file
diff --git a/clientSecurity/keystore.jks b/clientSecurity/keystore.jks
new file mode 100644
index 0000000..6b6e713
Binary files /dev/null and b/clientSecurity/keystore.jks differ
diff --git a/clientSecurity/scripts/start.gfsh
b/clientSecurity/scripts/start.gfsh
index 313d035..080d5b4 100644
--- a/clientSecurity/scripts/start.gfsh
+++ b/clientSecurity/scripts/start.gfsh
@@ -20,7 +20,7 @@
# This requires that the example_security.json be on the classpath.
# Recall that the --classpath option is specified relative to the locator's
working directory.
-start locator --name=locator --bind-address=127.0.0.1\
+start locator --name=locator --bind-address=127.0.0.1 --connect=false\
--security-properties-file=example_security.properties
--classpath=../build/resources/main/
# Now we may start our cluster.
@@ -41,6 +41,9 @@ start server --name=server2 --locators=127.0.0.1[10334]\
# To execute any online commands, we need to connect to the locator
# To create a region, we can connect as any user with CLUSTER:MANAGE
-connect --user=superUser --password=123
+connect --user=superUser --password=123 --use-ssl=true \
+ --key-store=keystore.jks --key-store-password=password \
+ --trust-store=truststore.jks --trust-store-password=password
+
create region --name=region1 --type=REPLICATE
create region --name=region2 --type=PARTITION
diff --git a/clientSecurity/scripts/stop.gfsh b/clientSecurity/scripts/stop.gfsh
index ad068e3..6f83ea8 100644
--- a/clientSecurity/scripts/stop.gfsh
+++ b/clientSecurity/scripts/stop.gfsh
@@ -14,5 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
-connect --locator=127.0.0.1[10334] --user=superUser --password=123
+connect --locator=127.0.0.1[10334] --user=superUser --password=123
--use-ssl=true \
+ --key-store=./keystore.jks --key-store-password=password \
+ --trust-store=./truststore.jks --trust-store-password=password
shutdown --include-locators=true
diff --git
a/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
b/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
index cb72786..f6762af 100644
---
a/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
+++
b/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
@@ -59,6 +59,11 @@ public class Example implements AutoCloseable {
Properties props = new Properties();
props.setProperty("security-username", username);
props.setProperty("security-client-auth-init",
ExampleAuthInit.class.getName());
+ props.setProperty("ssl-enabled-components", "all");
+ props.setProperty("ssl-keystore", "keystore.jks");
+ props.setProperty("ssl-keystore-password", "password");
+ props.setProperty("ssl-truststore", "truststore.jks");
+ props.setProperty("ssl-truststore-password", "password");
// connect to the locator using default port 10334
cache = new ClientCacheFactory(props).setPoolSubscriptionEnabled(true)
diff --git a/clientSecurity/truststore.jks b/clientSecurity/truststore.jks
new file mode 100644
index 0000000..6b6e713
Binary files /dev/null and b/clientSecurity/truststore.jks differ
--
To stop receiving notification emails like this one, please contact
[email protected].
