Usually, source artifacts placed under src/main/resources and src/main/java
get compiled to a target folder or into a JAR file. My best guess is your
security.json file would end up at the top level folder of either the
target folder or the JAR file.
Regardless, here's how I have this working for our lab exercise for the
GemFire Admin course.
1. Create a security folder and place security.json in that folder
2. Starting gfsh in the parent folder, start locator as:
start locator --name=locator1 --classpath=../security
--properties-file=locator.properties
where: locator.properties contains the reference to the
ExampleSecurityManager class
Note, in my start example above, I used a relative path and that required
going up a level. That's because the above example uses the name as the
working directory of the locator, hence the need to use '../security'. A
much better way to do this is to use an absolute path in the classpath or
put into a JAR file.
Mark
On Mon, Jun 12, 2017 at 12:38 AM, Thacker, Dharam <
[email protected]> wrote:
> Hi Team,
>
>
>
> Any update on this?
>
>
>
> I tried hard with both of options but no luck! Appreciate if you can
> verify at your end and suggest some alternative.
>
>
>
> *Option1: security.json along with ExampleSecurityManager*
>
>
>
> This works fine from gfsh to start secure locator as expected. But it
> fails from spring-data-geode with below exception to bootstrap server using
> spring data geode!
>
>
>
> I tried every possible way to inform that security.json is in classpath
> [src/main/resources/security.json] ! J [-Dloader.path or
> -Dspring.config.location or –Dsecurity-json=security.json or java -cp
> option]
>
>
>
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'CacheServer': Cannot resolve reference to bean 'geodeCache'
> while setting bean property 'cache'; nested exception is
> org.springframework.beans
>
> .factory.BeanCreationException: Error creating bean with name
> 'geodeCache': FactoryBean threw exception on object creation; nested
> exception is org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unabl
>
> e to find json resource "security.json" as specified by [security-json].
>
> at org.springframework.beans.factory.support.
> BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> BeanDefinitionValueResolver.resolveValueIfNecessary(
> BeanDefinitionValueResolver.java:108) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.applyPropertyValues(
> AbstractAutowireCapableBeanFactory.java:1531)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.populateBean(
> AbstractAutowireCapableBeanFactory.java:1276)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.doCreateBean(
> AbstractAutowireCapableBeanFactory.java:553) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractAutowireCapableBeanFactory.createBean(
> AbstractAutowireCapableBeanFactory.java:483) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> DefaultListableBeanFactory.preInstantiateSingletons(
> DefaultListableBeanFactory.java:742) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.context.support.AbstractApplicationContext.
> finishBeanFactoryInitialization(AbstractApplicationContext.java:866)
> ~[spring-context-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.context.support.AbstractApplicationContext.
> refresh(AbstractApplicationContext.java:542) ~[spring-context-4.3.7.
> RELEASE.jar!/:4.3.7.RELEASE]
>
> at
> org.springframework.boot.SpringApplication.refresh(SpringApplication.java:737)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at
> org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:370)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at
> org.springframework.boot.SpringApplication.run(SpringApplication.java:314)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1162)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1151)
> [spring-boot-1.5.2.RELEASE.jar!/:1.5.2.RELEASE]
>
> at com.example.MyServer.main(MyServer.java:11)
> [classes!/:0.0.1-SNAPSHOT]
>
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> ~[na:1.8.0_102]
>
> at sun.reflect.NativeMethodAccessorImpl.invoke(
> NativeMethodAccessorImpl.java:62) ~[na:1.8.0_102]
>
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(
> DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_102]
>
> at java.lang.reflect.Method.invoke(Method.java:498)
> ~[na:1.8.0_102]
>
> at
> org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>
> at org.springframework.boot.loader.Launcher.launch(Launcher.java:87)
> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>
> at org.springframework.boot.loader.Launcher.launch(Launcher.java:50)
> [adminserver-0.0.1-SNAPSHOT.jar:0.0.1-SNAPSHOT]
>
> at org.springframework.boot.loader.PropertiesLauncher.
> main(PropertiesLauncher.java:557) [adminserver-0.0.1-SNAPSHOT.
> jar:0.0.1-SNAPSHOT]
>
> Caused by: org.springframework.beans.factory.BeanCreationException: Error
> creating bean with name 'geodeCache': FactoryBean threw exception on object
> creation; nested exception is org.apache.geode.security.
> AuthenticationFailedExce
>
> ption: ExampleSecurityManager: unable to find json resource
> "security.json" as specified by [security-json].
>
> at org.springframework.beans.factory.support.
> FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(
> FactoryBeanRegistrySupport.java:175) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> FactoryBeanRegistrySupport.getObjectFromFactoryBean(
> FactoryBeanRegistrySupport.java:103) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.AbstractBeanFactory.
> getObjectForBeanInstance(AbstractBeanFactory.java:1634)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:254)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> at org.springframework.beans.factory.support.
> BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
> ~[spring-beans-4.3.7.RELEASE.jar!/:4.3.7.RELEASE]
>
> ... 26 common frames omitted
>
> Caused by: org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.init(
> ExampleSecurityManager.java:132) ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208) ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798) ~[geode-core-1.1.1.jar!/:na]
>
> at
> org.apache.geode.internal.cache.GemFireCacheImpl.create(GemFireCacheImpl.java:783)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> ~[geode-core-1.1.1.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> createCache(CacheFactoryBean.java:354) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> resolveCache(CacheFactoryBean.java:248) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at
> org.springframework.data.gemfire.CacheFactoryBean.init(CacheFactoryBean.java:189)
> ~[spring-data-geode-1.0.0.INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> getObject(CacheFactoryBean.java:175) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.data.gemfire.CacheFactoryBean.
> getObject(CacheFactoryBean.java:87) ~[spring-data-geode-1.0.0.
> INCUBATING-RELEASE.jar!/:na]
>
> at org.springframework.beans.factory.support.
> FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(
> FactoryBeanRegistrySupport.java:168) ~[spring-beans-4.3.7.RELEASE.
> jar!/:4.3.7.RELEASE]
>
> ... 31 common frames omitted
>
>
>
>
>
> *Option2: shiro.ini*
>
>
>
> As mentioned in below thread, it works fine with *spring-data-geode* but
> fails from gfsh for secure locator
>
>
>
> Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart
> INFO: locator is exiting due to an exception
> java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil
> at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(
> ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException:
> org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
> Exception in thread "main" java.lang.NoClassDefFoundError:
> org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.
> ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException:
> org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Friday, June 09, 2017 9:51 AM
> *To:* [email protected]
> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>
>
>
> Hi,
>
>
>
> Thanks John for reference links! I gave a try using security-shiro-init
> property in locator.properties.
>
> But it's not able to find out Apache commons library even after giving all
> classpath references.
>
>
>
> Am I missing anything?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator1.properties
> --classpath=/home/dharam/Downloads/apache-geode/locator1:lib
>
>
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator1.properties
> --classpath=/home/dharam/Downloads/apache-geode/locator1:./lib/*
>
>
>
>
>
> Exception :
>
>
> Starting a Geode Locator in /home/dharam/Downloads/apache-
> geode/locator1...
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in /home/dharam/Downloads/apache-geode/locator1 for
> full details.
>
> Jun 09, 2017 8:42:10 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart
> INFO: locator is exiting due to an exception
> java.lang.NoClassDefFoundError: org/apache/commons/beanutils/PropertyUtil
> at org.apache.shiro.config.ReflectionBuilder.isTypedProperty(
> ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException:
> org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
> Exception in thread "main" java.lang.NoClassDefFoundError:
> org/apache/commons/beanutils/PropertyUtil at org.apache.shiro.config.
> ReflectionBuilder.isTypedProperty(ReflectionBuilder.java:409)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:702)
> at org.apache.shiro.config.ReflectionBuilder.applySingleProperty(
> ReflectionBuilder.java:364)
> at org.apache.shiro.config.ReflectionBuilder.applyProperty(
> ReflectionBuilder.java:325)
> at org.apache.shiro.config.ReflectionBuilder$
> AssignmentStatement.doExecute(ReflectionBuilder.java:955)
> at org.apache.shiro.config.ReflectionBuilder$Statement.
> execute(ReflectionBuilder.java:887)
> at org.apache.shiro.config.ReflectionBuilder$
> BeanConfigurationProcessor.execute(ReflectionBuilder.java:765)
> at org.apache.shiro.config.ReflectionBuilder.buildObjects(
> ReflectionBuilder.java:260)
> at org.apache.shiro.config.IniSecurityManagerFactory.buildInstances(
> IniSecurityManagerFactory.java:167)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:130)
> at org.apache.shiro.config.IniSecurityManagerFactory.
> createSecurityManager(IniSecurityManagerFactory.java:108)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:94)
> at org.apache.shiro.config.IniSecurityManagerFactory.createInstance(
> IniSecurityManagerFactory.java:46)
> at org.apache.shiro.config.IniFactorySupport.createInstance(
> IniFactorySupport.java:123)
> at org.apache.shiro.util.AbstractFactory.getInstance(
> AbstractFactory.java:47)
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:322)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
> Caused by: java.lang.ClassNotFoundException:
> org.apache.commons.beanutils.PropertyUtil
> at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
> at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335)
> at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
> ... 28 more
>
> Thanks,
> - Dharam Thacker
>
>
> Sent with BlackBerry Work (www.blackberry.com)
> ------------------------------
>
> *From: *John Blum <[email protected]>
> *Sent: *Jun 8, 2017 10:55 PM
> *To: *[email protected]
> *Subject: *Re: FW: ExampleSecurityManager in Apache geode
>
> Hi Dharam-
>
>
>
> I admit, I have not actually used Apache Shiro to secure a Locator yet. I
> cannot think of any reason off the top of my head why this would not work.
>
>
>
> Apache Geode has a security property to specify an Apache Shiro INI file...
>
>
>
> security-shiro-init
>
>
>
> The support in *Spring Data Geode* makes this brain dead simple to do [1].
>
>
>
> Most of the decision making about which Security Provider will be used in
> Apache Geode's Integrated Security Framework is done here [2]. SDG is
> aware of this, and using the Annotations, makes the appropriate decision
> based on the configuration.
>
>
>
> Also +1 to *Udo's* comment.
>
>
>
> -John
>
>
>
>
>
> [1] https://github.com/spring-projects/spring-data-geode/
> blob/master/src/main/java/org/springframework/data/gemfire/
> config/annotation/EnableSecurity.java#L107-L113
>
> [2] https://github.com/apache/geode/blob/develop/geode-core/
> src/main/java/org/apache/geode/internal/security/
> IntegratedSecurityService.java#L286-L334
>
>
>
>
>
> On Thu, Jun 8, 2017 at 10:12 AM, Udo Kohlmeyer <[email protected]>
> wrote:
>
> In addition to this, Jinmei's #2 can be easily achieved using a KMIP like
> HashiCorp Vault. https://www.vaultproject.io/
>
>
>
> On 6/8/17 09:51, John Blum wrote:
>
> Dharam-
>
>
>
> ... or use *Apache Shiro*, which provides tooling [1] to handle securing
> credentials [2]. Shiro also handles encryption [3]. Although it is not
> well spelled in the Apache Geode documentation [4], Apache Geode does
> integrate with Apache Shiro for security as well.
>
>
>
> As any FYI, in *Spring Data Geode*, I provided first-class support for
> Apache Geode when using Apache Shiro. I blogged about this [5] (see
> section starting with "Security!").
>
>
>
> So, my recommendation, in addition to Jinmei's option #1 below, is to use
> Apache Shiro over implementing your own Apache Geode SecurityManager
> interface.
>
>
>
> Hope this helps!
>
>
>
> -John
>
>
>
>
>
> [1] https://shiro.apache.org/command-line-hasher.html
>
> [2] https://shiro.apache.org/command-line-hasher.html#common-scenarios
>
> [3] https://shiro.apache.org/cryptography-features.html
>
> [4] http://geode.apache.org/docs/guide/11/managing/
> security/chapter_overview.html
>
> [5] https://spring.io/blog/2016/11/10/spring-data-geode-
> 1-0-0-incubating-release-released
>
>
>
>
>
> On Thu, Jun 8, 2017 at 6:37 AM, Jinmei Liao <[email protected]> wrote:
>
> SampleSecurityManager doesn't do encryption/decryption. It's meant only as
> an example.
>
>
>
> There are multiple ways to protect your password:
>
> 1) read-protect your security.json so that only a certain user can read it.
>
> 2) implement your own security-manager to decrypt the password using a
> secret key. (but here again you will need to find a way to protect this key
> in your corporation. In my opinion, it's simply changing the subject, but
> the problem is still there).
>
>
>
> We usually recommend the first approach, but in some situations, 2nd one
> might be an option too.
>
>
>
>
>
> On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <
> [email protected]> wrote:
>
> Hi Jinmei,
>
>
>
> Is there any way to encrypt password in security.json file with Geode
> 1.1.1? I tried below but it did not work for me,
>
>
>
> "users": [
>
> {
>
> "name": "admin",
>
> "password": "encrypted(0859A0F6C68B9785)",
>
> "roles": ["ADMIN"]
>
> …
>
> },
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Wednesday, June 07, 2017 11:26 AM
> *To:* '[email protected]'; '[email protected]'
> *Subject:* RE: FW: ExampleSecurityManager in Apache geode
>
>
>
> Thanks Jinmei for quick reply!
>
>
>
> >> It did not work for me when I used [*--classpath]* and
> >> [*--security-properties-file]
> *even though my classpath contains security.json file* [**That’s strange*
> *]*
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --*security-properties-file*=gfsecurity.properties --*classpath*=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
> >> It worked for me when I used --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin [*SUCCESS*]
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --J=-*Dgemfire.security-username*=admin
> --J=-*Dgemfire.security-password*=admin
> --*classpath*=C:\Users\GeodeWorkDir\locator2
>
> SUCCESS
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Jinmei Liao [mailto:[email protected] <[email protected]>]
> *Sent:* Wednesday, June 07, 2017 11:12 AM
> *To:* [email protected]
> *Subject:* Re: FW: ExampleSecurityManager in Apache geode
>
>
>
> I tried using the SampleSecurityManager, and either one of the following
> command to start the 2nd locator is working: (I executed these commands
> while connected to the first locator, so I don't need to provide the
> --locators option, it knows which locator to join)
>
>
>
> 1> start locator --name=locator2 --port=10335
> --classpath=/Users/jiliao/my_geode/security
> --security-properties-file=locator2.properties
>
> // locator2.properties only contains "security-username" and
> "security-password" properties.
>
>
>
> 2> start locator --name=locator2 --port=10335
> --locators=jiliao-mbpro.lan[10334]
> --classpath=/Users/jiliao/my_geode/security/
> --J=-Dgemfire.security-username=admin
> --J=-Dgemfire.security-password=admin
>
>
>
>
>
> I suspect that the reason one of your commands did not work is because of
> the locator2 can't find a security.json in its classpath, not because you
> did not provide the username/password. One of the complication of using our
> SampleSecurityManager is that it will need a security.json in it's
> classpath which complicates the issue. We should have a simpler security
> manager in the sample that's easier for users to experiment with.
>
>
>
>
>
>
>
> On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam <
> [email protected]> wrote:
>
> I am able to start server with –user and –password to join existing secure
> locator. But I am not able to start another locator to join the existing
> secure locator. Could someone guide me here?
>
>
>
> start locator --name=locator1 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator1
>
>
> SUCCESS
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --properties-file=locator.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties
> [gfsecurity.properties ---- security-username=clusteruser
> security-password=****]
>
> FAILED
>
>
>
> start locator –name=locator2 --locators=localhost[10334],localhost[10335]
> --security-properties-file=gfsecurity.properties --classpath=C:\Users\
> GeodeWorkDir\locator2
>
> FAILED
>
>
>
>
>
> *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher
> failOnStart*
>
> *INFO: locator is exiting due to an exception*
>
>
>
> *org.apache.geode.security.AuthenticationRequiredException: Failed to find
> credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)*
>
> * at
> org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)*
>
>
>
> *Thanks & Regards,*
>
> *Dharam*
>
>
>
> *From:* Thacker, Dharam
> *Sent:* Tuesday, June 06, 2017 3:41 PM
> *To:* [email protected]
> *Cc:* [email protected]
> *Subject:* RE: ExampleSecurityManager in Apache geode
>
>
>
> Thank you Nilkanth!
>
>
>
> Classpath worked!
>
>
>
> start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\locator1
>
> *security-json file location:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> Thanks & Regards,
>
> Dharam
>
>
>
> *From:* Nilkanth Patel [mailto:[email protected]
> <[email protected]>]
> *Sent:* Tuesday, June 06, 2017 3:35 PM
> *To:* [email protected]
> *Cc:* [email protected]
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> Try out something like bellow, "security.json" is kept into
> /work/code/oss/geode/locator1 dir.
>
>
>
> gfsh>start locator --name=/work/code/oss/geode/locator1
> --security-properties-file=/work/code/oss/geode/locator1/locator.properties
> --classpath=/work/code/oss/geode/locator1
>
>
>
> Additional checks,
>
> 1. specify classpath while starting locator as shown in above command.
>
> 2. check the file permission for security.json.
>
>
>
> Nilkanth.
>
>
>
> On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam <
> [email protected]> wrote:
>
> Hi Nilkanth,
>
>
>
> Thanks for the reply! I tried below one but it’s still not taking
> security.json file. Do you suggest anything different?
>
>
>
> *My Current Directory:*
>
> C:\Users\GeodeWorkDir
>
>
>
> *Locator Directory:*
>
> C:\Users\GeodeWorkDir\locator1
>
>
>
> *security-json file location [Tried both locations]:*
>
> C:\Users\GeodeWorkDir\locator1\security.json
>
> C:\Users\GeodeWorkDir\security.json
>
>
>
> Thanks & Regards,
>
> Dharam
>
>
>
>
>
> *From:* Nilkanth Patel [mailto:[email protected]]
> *Sent:* Tuesday, June 06, 2017 3:07 PM
> *To:* [email protected]
> *Cc:* [email protected]
> *Subject:* Re: ExampleSecurityManager in Apache geode
>
>
>
> Dharam,
>
>
>
> I believe following will be helpful to you.
>
>
>
> IMO with the existing implementation, "security.json" file has to be kept
> in a locator/server directory. In your case you need to be keep it in a
> locator director (l1) and should work.
>
>
>
> Hope this helps.
>
>
>
> Nilkanth Patel.
>
>
>
> On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam <
> [email protected]> wrote:
>
> Hi Jinmei & Team,
>
>
>
> I was going through “New Security In Apache Geode” video. I also tried to
> start locator with ExampleSecurityManager and ExamplePostProcessor as shown
> below,
>
>
>
> *locator.proprties*
>
>
>
> mcast-port=0
>
> security-manager=org.apache.geode.examples.security.ExampleSecurityManager
>
> security-post-processor=org.apache.geode.examples.
> security.ExamplePostProcessor
>
>
>
> > dir
>
> locator.properties
>
> security.json
>
> security-config.jar
>
>
>
> My security-config.jar has following structure,
>
> --- resources -> security.json
>
> --- META-INF -> MANIFEST.MF
>
>
>
> Could you guide me with below error?
>
>
>
> gfsh>start locator --name=locator1 --properties-file=locator.properties
> --classpath=C:\Users\GeodeWorkDir\security-config.jar
>
> Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1...
>
> The Locator process terminated unexpectedly with exit status 1. Please
> refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details.
>
>
>
> Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher
> failOnStart
>
> INFO: locator is exiting due to an exception
>
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.in
> it(ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Exception in thread "main"
> org.apache.geode.security.AuthenticationFailedException:
> ExampleSecurityManager: unable to find json resource "security.json" as
> specified by [security-json].
>
> at org.apache.geode.examples.security.ExampleSecurityManager.in
> it(ExampleSecurityManager.java:132)
>
> at org.apache.geode.internal.security.IntegratedSecurityService.
> initSecurity(IntegratedSecurityService.java:332)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> initialize(GemFireCacheImpl.java:1208)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.
> basicCreate(GemFireCacheImpl.java:798)
>
> at org.apache.geode.internal.cache.GemFireCacheImpl.create(
> GemFireCacheImpl.java:783)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178)
>
> at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startCache(InternalLocator.java:767)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startDistributedSystem(InternalLocator.java:752)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:357)
>
> at org.apache.geode.distributed.internal.InternalLocator.
> startLocator(InternalLocator.java:315)
>
> at org.apache.geode.distributed.LocatorLauncher.start(
> LocatorLauncher.java:630)
>
> at org.apache.geode.distributed.LocatorLauncher.run(
> LocatorLauncher.java:532)
>
> at org.apache.geode.distributed.LocatorLauncher.main(
> LocatorLauncher.java:174)
>
>
>
> Thanks & Regards,
>
> Dharam
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
>
>
> --
>
> Cheers
>
>
>
> Jinmei
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
>
>
>
>
> --
>
> Cheers
>
>
>
> Jinmei
>
>
>
>
>
> --
>
> -John
>
> john.blum10101 (skype)
>
>
>
>
>
>
>
> --
>
> -John
>
> john.blum10101 (skype)
>
> This message is confidential and subject to terms at: http://
> www.jpmorgan.com/emaildisclaimer including on confidentiality, legal
> privilege, viruses and monitoring of electronic messages. If you are not
> the intended recipient, please delete this message and notify the sender
> immediately. Any unauthorized use is strictly prohibited.
>
--
*Mark Secrist | Sr Manager, **Global Education Delivery*
[email protected]
970.214.4567 Mobile
*pivotal.io <http://www.pivotal.io/>*
Follow Us: Twitter <http://www.twitter.com/pivotal> | LinkedIn
<http://www.linkedin.com/company/pivotalsoftware> | Facebook
<http://www.facebook.com/pivotalsoftware> | YouTube
<http://www.youtube.com/gopivotal> | Google+
<https://plus.google.com/105320112436428794490>
