Geode is introducing additional a security features which allow finer grained control for JMX operations as well as GFSH commands. This page describes those changes and new functionality which has been introducedyou to control authentication/authorization on all aspects of Geode in one implementation. When Integrated Security is turned on, all client/server communications, jmx operations, gfsh commands and Pulse are all protected with this security mechanism.
1. No changes for existing implementations of Authenticator and AccessControl for client-server security
The API for authentication and authorization has not changed. However, in order to authorize and secure JMX and GFSH operations, existing implementations will need to be modified.
...
Your implementation of Authenticator and AccessControll are still honored in client/server communication if you choose not to implement the new security interface. However, these two are deprecated now and will be removed in the future.
2. Introduction of security-manager configuration and SecurityManager interface for the new Integrated Security
3. Introduction of GeodePermission
The notion of a permission in the form of a noun (Resource) and verb (OperationCodeOperation) is being introduced.
This will typically be represented as a colon-separated tuple in the form of RESOURCE:OPERATION_CODE. In some cases, permissions are also applicable to regions; in such cases the permission would be in the form RESOURCE:OPERATION_CODE:REGION. Currently the following have been defined:
Resource
- CLUSTER
- DATA
Operation
- MANAGE
- READ
- WRITE
- CLOSE_CQ
- CONTAINS_KEY
- DESTROY
- EXECUTE_CQ
- EXECUTE_FUNCTION
GET
- GET_DURABLE_CQS
- INVALIDATE
- KEY_SET
PUT
PUTALL
- QUERY
REGION_CLEAR
REGION_CREATE
REGION_DESTROY
REGISTER_INTEREST
REMOVEALL
- STOP_CQ
UNREGISTER_INTEREST
...
The Reference section, at the end of this page, details all permissions for Client-Server as well as JMX and CLI operations.
3. Expanded functionality for OperationContext
All Resources are enumerated via the enum OperationContext.Resource.
...
All client-server operations are associated with a Resource of DATA.
Reference
Client-Server
Client-server permissions are associated with their respective OperationContexts as follows. Permissions appear as Resource:OperationCode
tuples.
OperationContext | Permission |
---|---|
CloseCQOperationContext | DATA:CLOSE_CQ |
ContainsKeyOperationContext | DATA:CONTAINS_KEY |
DestroyOperationContext | DATA:DESTROY |
ExecuteCQOperationContext | DATA:EXECUTE_CQ |
ExecuteFunctionOperationContext | DATA:EXECUTE_FUNCTION |
GetDurableCQsOperationContext | DATA:GET_DURABLE_CQS |
GetOperationContext | DATA:GET |
InvalidateOperationContext | DATA:INVALIDATE |
KeySetOperationContext | DATA:KEY_SET |
PutAllOperationContext | DATA:PUTALL |
PutOperationContext | DATA:PUT |
QueryOperationContext | DATA:QUERY |
RegionClearOperationContext | DATA:REGION_CLEAR |
RegionCreateOperationContext | DATA:REGION_CREATE |
RegionDestroyOperationContext | DATA:REGION_DESTROY |
RegisterInterestOperationContext | DATA:REGISTER_INTEREST |
RemoveAllOperationContext | DATA:REMOVEALL |
StopCQOperationContext | DATA:STOP_CQ |
UnregisterInterestOperationContext | DATA:UNREGISTER_INTEREST |
Pulse
Pulse access is divided into two main categories, namely access to the Data Browser page and everything else.
The Data Browser page requires the permissions CLUSTER:READ and DATA:READ. Access to all other pages requires only CLUSTER:READ permission.
GFSH and JMX
Following are lists for gfsh commands, (highlighted in green), and JMX operations with their corresponding permissions. Permissions appear as Resource:OperationCode
tuples.
...