Implementation is designed in the context of integrated security approach where user/customer needs to install/configure single Authentication and Authorization plugin and that should work for all channels that communicate with server. FYI, we have not changed anything to existing geode C/S security, rather planned to incorporate it into the other channels like developer REST APIs, GFSH and M&M REST.
In the design phase, We had a lot of brain storming regarding the approach including Spring security for developer REST and others, some of the findings that we had come across are. - Currently geode C/S security does not support the spring security, In-fact we believed not preferable to add an extra layer of spring security that can degrades ops performance. - If i would have adopted spring security for REST APIs, REST APIs security might not work with customer's existing security plugins. - I believe, pulse has already used a spring security, We kept pulse out of integrated security as required a lot of changes to align towards integrated security. *Integrity of a security token* : REST APIs are recommend to use with HTTPS, so tokens will be secured in transit. If any one choose not to use https, he can use encrypted token (using tokenservice impl). Token service has a capabilities like generating, validating and refreshing tokens. User can plug their choice of implementation, standard (including JWT) or custom if they have. *Easy to use and flexible* With this desing, We have agreed to provide default implementation for TokenService, that will be used by default if user has not configured "security-rest-token-service" system property. User needs to hook its own (non-default) Tokenservice implementation using configuring "security-rest-token-service" property. This will make sure that user does not need to more work. Nilkanth Patel. On Fri, Aug 7, 2015 at 9:05 PM, Tushar Khairnar <[email protected]> wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/37209/ > ----------------------------------------------------------- > > (Updated Aug. 7, 2015, 3:35 p.m.) > > > Review request for geode, Amogh Shetkar and Jens Deppe. > > > Summary (updated) > ----------------- > > GEODE-17 : Integrated Security Code Merge > > > Repository: geode > > > Description > ------- > > GEODE-77 : Integrated Security Code Merge > > This is manual merge of code from int_security branch. > > Testing done : JMX RMI-connector testing done from JConsole, Gfsh > interactive testing with different roles. DUnits are not yet integrated > into open. > > > Diffs > ----- > > > gemfire-core/src/main/java/com/gemstone/gemfire/cache/operations/OperationContext.java > d25063c > > gemfire-core/src/main/java/com/gemstone/gemfire/distributed/DistributedSystem.java > b7b2cd8 > > gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/AbstractDistributionConfig.java > 472959d > > gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfig.java > 10094a9 > > gemfire-core/src/main/java/com/gemstone/gemfire/distributed/internal/DistributionConfigImpl.java > b8dfeb3 > > gemfire-core/src/main/java/com/gemstone/gemfire/internal/i18n/LocalizedStrings.java > f5ae3e5 > > gemfire-core/src/main/java/com/gemstone/gemfire/internal/security/AuthorizeRequest.java > 8ba07a2 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/CacheServerMXBean.java > 59f6537 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/DiskStoreMXBean.java > f14d16c > > gemfire-core/src/main/java/com/gemstone/gemfire/management/DistributedSystemMXBean.java > f0a0a79 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewayReceiverMXBean.java > 3e5ba1a > > gemfire-core/src/main/java/com/gemstone/gemfire/management/GatewaySenderMXBean.java > b6c5219 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/LockServiceMXBean.java > e53d50a > > gemfire-core/src/main/java/com/gemstone/gemfire/management/ManagerMXBean.java > 04fda7e > > gemfire-core/src/main/java/com/gemstone/gemfire/management/MemberMXBean.java > e935fcd > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/ManagementAgent.java > 43bfe73 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/RestAgent.java > 74695ee > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/SystemManagementService.java > d8f6983 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ClientCommands.java > 2eb1318 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ConfigCommands.java > 279fb45 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/CreateAlterDestroyRegionCommands.java > 919d6fe > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DataCommands.java > 9e60839 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DeployCommands.java > 4591b53 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DiskStoreCommands.java > 4614ce7 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/DurableClientCommands.java > 01910d6 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ExportImportSharedConfigurationCommands.java > d4134ad > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/FunctionCommands.java > 0d8c54a > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/GfshHelpCommands.java > d9d4bea > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/IndexCommands.java > c978381 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/LauncherLifecycleCommands.java > 302d7bb > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MemberCommands.java > 797f654 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/MiscellaneousCommands.java > da8f11d > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/PDXCommands.java > d236d81 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/QueueCommands.java > 7b298d6 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/RegionCommands.java > 80ba89e > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/ShellCommands.java > 4bdab90 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/StatusCommands.java > 5abd08a > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/commands/WanCommands.java > a6d9abf > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/cli/shell/JmxOperationInvoker.java > 864907b > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControl.java > 58040cd > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlContext.java > 1926db5 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/AccessControlMXBean.java > e217045 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/CLIOperationContext.java > b0198e4 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JMXOperationContext.java > 375cc27 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/JSONAuthorization.java > d85ce65 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/MBeanServerWrapper.java > 50942c1 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ManagementInterceptor.java > 1851977 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/Resource.java > 4dc27e1 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceConstants.java > 3f4d7cb > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperation.java > f149479 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/security/ResourceOperationContext.java > aa1c38c > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/AbstractCommandsController.java > 73ce926 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/ConfigCommandsController.java > 517d942 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DataCommandsController.java > 6767ec1 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/DiskStoreCommandsController.java > 2df3432 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/FunctionCommandsController.java > de81543 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/MiscellaneousCommandsController.java > 66d344f > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/WanCommandsController.java > 1e22bd9 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/controllers/support/EnvironmentVariablesHandlerInterceptor.java > 8ebed02 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/http/support/SimpleHttpRequester.java > 8bd9d37 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/AbstractHttpOperationInvoker.java > dac1271 > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/RestHttpOperationInvoker.java > 0dfbdbd > > gemfire-core/src/main/java/com/gemstone/gemfire/management/internal/web/shell/SimpleHttpOperationInvoker.java > a122339 > > gemfire-core/src/test/java/com/gemstone/gemfire/internal/cache/extension/mock/MockExtensionCommands.java > 89644f0 > > gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/CommandManagerJUnitTest.java > ab9333d > > gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/cli/shell/GfshExecutionStrategyJUnitTest.java > 44aef44 > > gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/JSONAuthCodeTest.java > 384493b > > gemfire-core/src/test/java/com/gemstone/gemfire/management/internal/security/ResourceOperationJUnit.java > f061240 > > gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/AbstractBaseController.java > feed8c7 > > gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/BaseControllerAdvice.java > 5ae88bc > > gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/CommonCrudController.java > ef52347 > > gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/FunctionAccessController.java > 45d6f66 > > gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/PdxBasedCrudController.java > 96551c6 > > gemfire-web-api/src/main/java/com/gemstone/gemfire/rest/internal/web/controllers/QueryAccessController.java > b20c849 > gemfire-web-api/src/main/webapp/WEB-INF/web.xml 554ef4b > > Diff: https://reviews.apache.org/r/37209/diff/ > > > Testing > ------- > > > Thanks, > > Tushar Khairnar > >
