Welcome to the new Gigaspaces XAP forum. To recover your account, please follow these instructions.

Ask Your Question
0

Secured space

Hi,
I try to setup a secured space and I have a hard time doing this.
My questions would be:
1. The only way to edit the the roles is from the Administration GUI? and only after I deployed a processor?
2. What is with the local access? Do I have to define a user and roles and use in the polling container and any @GigaSpaceContext injections?
3. Is there any wildcard for classes when i'm building roles?
Thanks,
Maybe other questions will come too

This thread was imported from the previous forum.
For your reference, the original is available here

asked 2009-07-17 08:00:50 -0600

lukeh gravatar image

updated 2013-08-08 09:52:00 -0600

jaissefsfex gravatar image
edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted
0

Hi,
Can you please paste the full exception thrown? Is your clustered space secured? Do you declare username and password in your pu.xml for the injected GigaSpace?

answered 2009-07-20 09:20:23 -0600

edit flag offensive delete link more
0

Hi, I built an local cache from the space obtained with the annotation @GigaSpaceContext in a context bean. The cache is built on the clustered space: new LocalCacheSpaceConfigurer(space.getClustered().getSpace()) Now while I'm adding the security I get the following exeception at this cache creation: SEVERE [com.gigaspaces.filters]: Failed to initialize filter DefaultSecurityFilter java.lang.RuntimeException at com.j_spaces.core.filters.DefaultSecurityFilter.init(DefaultSecurityFilter.java:201) at com.j_spaces.core.filters.FilterManager.initComponents(FilterManager.java:737) at com.gigaspaces.cluster.activeelection.SpaceComponentManager.init(SpaceComponentManager.ja va:99) at com.gigaspaces.cluster.activeelection.SpaceComponentManager.<init>(SpaceComponentManager. java:77) at com.j_spaces.core.JSpaceImpl.initAndRecoverFromDataStorage(JSpaceImpl.java:3411) at com.j_spaces.core.JSpaceImpl.initAndStartRegularSpace(JSpaceImpl.java:3283) at com.j_spaces.core.JSpaceImpl.start(JSpaceImpl.java:3075) at com.j_spaces.core.JSpaceImpl.<init>(JSpaceImpl.java:289) at com.j_spaces.core.JSpaceImpl.<init>(JSpaceImpl.java:222) at com.j_spaces.core.client.SpaceFinder.initDCacheSpace(SpaceFinder.java:1200) at com.j_spaces.core.client.SpaceFinder.initCacheProperties(SpaceFinder.java:700) at com.j_spaces.core.client.SpaceFinder._find(SpaceFinder.java:636) at com.j_spaces.core.client.SpaceFinder.find(SpaceFinder.java:337) at org.openspaces.core.space.cache.AbstractLocalCacheSpaceFactoryBean.afterPropertiesSet(Abs tractLocalCacheSpaceFactoryBean.java:105) at org.openspaces.core.space.cache.LocalCacheSpaceConfigurer.localCache(LocalCacheSpaceConfi gurer.java:81) I have no hint what may be causing this and I also got it if I tested without clustered. Any suggestions? Thanks

answered 2009-07-20 05:13:06 -0600

lukeh gravatar image
edit flag offensive delete link more

Comments

From the Exception/Code it looks like you got this exception while loading the default-users to MemoryRealm My guess is default-users file got messed up <gigaspace-home>/security/default-users Try recreating that file and then try again 1. Move default-users to some backup folder. 2. Start a sample Space and try creating new users from the space browser 3. This would create default-users file as required.

If you looking for custom Authentication rather then using gigaspace default - look at the following link [ http://www.gigaspaces.com/wiki/displa... ]

I don't think right now gigaspace is supporting wild card class filters. Try extending DefaultSecurityFilter and add your custom logic in for wild card authorization Following is sample code to get starting ...

public void process(SpaceContext spacecontext, ISpaceFilterEntry arg1, int operationCode) throws RuntimeException { System.out.println(arg1); logInfo(spacecontext, operationCode, "noarray"); try { super.process(spacecontext, arg1, operationCode); } catch (Exception e) { e.printStackTrace(); } }

private void logInfo(SpaceContext spacecontext, int operationCode, String from) { int count = counter.getAndIncrement(); System.out.println(count + " -- from :" + from); System.out.println(count + " -- username :" + spacecontext.m_SecurityContext.getUsername()); System.out.println(count + " -- password :" + spacecontext.m_SecurityContext.getPassword()); String s = spacecontext.m_SecurityContext.getUsername(); String s1 = spacecontext.m_SecurityContext.getPassword(); GenericPrincipal genericprincipal = m_realm.authenticate(s, s1); System.out.println(count + " -- generic -" + genericprincipal.getUserName()); for (String role : genericprincipal.getRoles()) { System.out.println(count + " -- role : " + role); } System.out.println(count + " -- userdefined roles :" + genericprincipal.userDefinedRoles); System.out.println(count + " -- operation code -" + operationCode); if ("anonymous".equalsIgnoreCase(spacecontext.m_SecurityContext .getUsername())) { if (FilterOperationCodes.BEFORE_WRITE == operationCode) { // throw new SpaceSecurityException( // "anonymous user has not write permissions"); } } }

public void process(SpaceContext spacecontext, ISpaceFilterEntry[] arg1, int operationCode) throws RuntimeException { logInfo(spacecontext, operationCode, "witharray"); for (ISpaceFilterEntry entry : arg1) { System.out.println(" --- " + entry); } try { super.process(spacecontext, arg1, operationCode); } catch (Exception e) { e.printStackTrace(); } }

venkatg gravatar imagevenkatg ( 2009-07-20 09:48:56 -0600 )edit

Hi Moran, The next line in the stack trace is the line where I call: cachedSpace = new LocalCacheSpaceConfigurer(space.getClustered().getSpace()) .updateMode(LocalCacheSpaceConfigurer.UpdateMode.PULL).localCache(); As you can see from what i posted it crashes at the localCache() call. "space" is the injected space and it has an user name and pass in the pu.xml file, so it's secured, right?. The container is also secured. PS: I use XAP Premium 6.6.3

lukeh gravatar imagelukeh ( 2009-07-20 09:52:48 -0600 )edit

Hi guys, Can someone please answer me if there's a way to bypass security on local operations in the processing unit? Operations like polling from a polling container, writes made from the processor, reads of already existing data from the local partition, etc Thanks

lukeh gravatar imagelukeh ( 2009-07-21 01:45:26 -0600 )edit

Lucian, The processing unit performs operations on the local space using the credentials declared in the pu.xml Can you elaborate on your request to bypass security? What is it that you are trying to achieve?

Meron gravatar imageMeron ( 2009-07-21 02:11:42 -0600 )edit

Hi Moran, Yes, I know that those credentials are used in the pu. What I mostly desire is to avoid performance impact of checking the permissions on local operations. Maybe with an override of the filter if i can distinguish in the process() method if the source of the operation is local or remote, and if is local to shortcut the check. In the situation if this is not possible I want at last to somehow strictly ensure those credentials from pu.xml can't be used by a client to login. The reason is that this user will need to have a lot of operations allowed. Thanks

Edited by: Lucian Hada on Jul 21, 2009 3:01 AM

lukeh gravatar imagelukeh ( 2009-07-21 02:33:05 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2009-07-17 08:00:50 -0600

Seen: 50 times

Last updated: Jul 20 '09