Page History

Geode is introducing additional security features which allow finer grained control for JMX operations as well as GFSH commands. Additional information can be found here: Integrated Security Developer GuideSecurity changes for authentication and authorization.

To quickly get started using permissions for JMX and GFSH a sample implementation of com.gemstone.gemfire.security.Authenticator and com.gemstone.gemfire.security.AccessControl is provided by the class com.gemstone.gemfire.security.templates.SampleJsonAuthorization. This implementation requires a JSON file which defines the allowed users and their corresponding permissions. For example:

...

1. Using gfsh, start a locator with security activated.

   Code Block
   language bash
   gfsh> start locator --name=locator1 \ --J=-Dgemfire.security-client-authenticator=com.gemstone.gemfire.security.templates.SampleJsonAuthorization.create \ --J=-Dgemfire.security-client-accessor=com.gemstone.gemfire.security.templates.SampleJsonAuthorization.create

2. Similarly, start a server

   Code Block
   gfsh> start server --name=server1 --locators=localhost[10334]

3. Start a new instance of gfsh and connect with one of the users defined in your JSON file. The super-user should be allowed to do everything in gfsh.

   Code Block
   gfsh> connect --locators=localhost[10334] --user=super-user --password=1234567

4. Disconnect and reconnect with a user with lesser privileges:

   Code Block
   gfsh> disconnect gfsh> connect --locators=localhost[10334] --user=joebloggs --password=1234567 gfsh> stop server --name=server1 An error occurred while attempting to stop a Cache Server: Subject does not have permission [CLUSTER:READ]

5. Currently, changes to the security.json file require the locator to be restarted.

...