+1 on John's examples. These are great! On Tue, Jun 6, 2017 at 2:51 AM, Nilkanth Patel <[email protected]> wrote:
> Hi Parin, > > Sometime back i have faced the similar. mailing list reference. [ > https://mail.google.com/mail/u/0/#search/shiro/15c0c3337b41e34e] > > Following worked for me when started a locator with shiro.ini, Have a look > if it helps in your case. > Note: This is with starting a locator from gfsh. You have to keep your > config file under resources folder. > > 1. //created a jar named shiro-config.jar containing shiro.ini > bin/resources $ jar -cf shiro-config.jar shiro.ini > > 2. gfsh>start locator --name=l1 > --classpath=./bin/resources/shiro-config.jar:../lib/* > --security-properties-file=/work/geode/locator.properties > > It seems, by default required CLASSPATH is not getting set and hence > throwing the exception. > > Though This is not a clean way, but worked for me! > > @John, thanks a lot for putting a security related examples, really > helpful. > > Regards, > Nilkanth Patel. > > On Mon, Jun 5, 2017 at 4:07 PM, Parin dazz <[email protected]> wrote: > >> Thank you so much John for detailed updates & upcoming magic :) >> >> Regarding apache-shiro, I can see various ways for geode server using >> @EnableSecurity(INI/Realm) annotation but how I can include the same in >> locator. >> >> I tried below one, >> >> File: locator.properties >> security-shiro-init=/home/parin/Downloads/apache-geode/shiro.properties >> >> But it says me, >> Exception in thread "main" org.apache.shiro.config.ConfigurationException: >> java.io.IOException: Resource [classpath:/home/parin/Downloa >> ds/apache-geode/shiro.properties] could not be found. >> >> Same as if I provide my custom SecurityManager implementation, how can I >> refer that in locator properties? >> >> Thanks, >> Parin >> >> On Sun, Jun 4, 2017 at 12:19 AM, John Blum <[email protected]> wrote: >> >>> Hi Parin- >>> >>> Thank you for the kind words; means a lot to me and I definitely >>> appreciate it. >>> >>> So, good news! I do have an example (several, actually) of using the >>> new Apache Geode Security Model (e.g. SecurityManager) with *Spring >>> Data Geode*. In fact that was the central theme in the last release of >>> SDG 1.0.0.INCUBATING-RELEASE. See my blog post here >>> <https://spring.io/blog/2016/11/10/spring-data-geode-1-0-0-incubating-release-released> >>> [1] >>> (the "*Security*" piece starts a couple of sections down after "*What's >>> New*"). >>> >>> The actual code I built >>> <https://github.com/jxblum/contacts-application/blob/apache-geode/security-example/src/test/java/example/app/geode/security/GeodeSecurityIntegrationTests.java> >>> [2] >>> when writing the blog post is part of (what will eventually become) the >>> *Reference >>> Implementation* (RI) of *Spring Data GemFire/Geode*. Unfortunately, I >>> have not had a lot of time to document this yet either in SDG Ref Guide or >>> in READMEs associated with the RI repo. >>> But, hopefully, the blog post helps and the code is self-explanatory; >>> docs are coming, I promise. However, I have since then added automated >>> tests >>> <https://github.com/spring-projects/spring-data-geode/tree/master/src/test/java/org/springframework/data/gemfire/config/annotation> >>> [3] >>> for the Security bits based on this example, since it is important to have >>> both the client as well as the server-side of the Security equation. In >>> the example, I think I setup a secure server manually where as the tests >>> actually configure and fork one. Anyway, if you questions, please do let >>> me know. >>> >>> >>> As for the new release.... >>> >>> Great question and one that seems to be of most interests to the >>> community right now where *Spring* and Geode intersect. This was >>> recently asked on *StackOverflow* >>> <https://stackoverflow.com/questions/44204043/spring-support-for-apache-geode-spring-data-geode> >>> [4] >>> as well. My answer to the SO post was somewhat verbose, so let me recap >>> here for everyones benefit... >>> >>> I am planning a *Spring Data Geode* *1.1.0.RELEASE* that builds on >>> Apache Geode *1.1.1*. The 2 central themes in this are... >>> >>> 1. Early *Lucene* support. >>> >>> As you may know, Apache Geode now integrates with Apache Lucene to >>> create Lucene Indexes for textual based searches on data in GemFire >>> Regions. I added first class support in SDG >>> <http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/reference/html/#bootstrap:lucene> >>> [5] >>> above and beyond what even Apache Geode is capable of (e.g. >>> projections/mapping based on *Spring Data Commons* infrastructure) for >>> this new API/integration. This is *done*. >>> >>> 2. *Annotation config* model extensions. >>> >>> Some people are already familiar and even using with the new, *Spring >>> Boot* style Annotation support I added in SDG. However, 1 of the >>> initial limitations of the Annotation config was having the ability to >>> "dynamically" configure aspects of Geode (e.g. port numbers >>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/EnableCacheServer.java#L134> >>> [6]) >>> when the Annotations are used. My goal was to preserve the "type-safe" >>> nature of the Annotation attributes while still allowing those attributes >>> to be dynamically configured. >>> >>> Of course, I could have used Spring property placeholders and SpEL >>> expressions, but that would have required me to give up type safety and >>> make all the Annotation attributes Strings... blah, no! So, instead, I am >>> introducing Configurers and well-known, document properties that users can >>> set in an application.properties file that correspond to Annotation >>> attributes where the precedence is... *Annotation attribute* -> >>> *Property* -> *XYZConfigurer* (e.g. CacheServerConfigurer >>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/main/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurer.java> >>> [7]). >>> >>> Since the Annotations create *Spring* beans for Geode components for >>> you, with very little effort (i.e. using OOTB defaults when attributes are >>> not customized), the Configurers give you a way to access the >>> "configuration" (on the appropriate Spring FactoryBean) before the Geode >>> component is created. To use a Configurer, you register it like any other >>> Spring bean, which then gives you the ability to also use Spring property >>> placeholder and SpEL expressions in those JavaConfig bean definitions, >>> therefore kill 2 birds with 1 stone (sorry, that sounds cruel; figure of >>> speech). Here is an example >>> <https://github.com/spring-projects/spring-data-geode/blob/master/src/test/java/org/springframework/data/gemfire/config/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114> >>> [8]. >>> >>> So, the Configurers are *done*, the Well-Known/Documented Properties >>> are a *WIP*, as well as the Ref Guide documentation, phew. >>> >>> This dynamic configuration support using Annotations was requested and >>> needed by several members of the Geode community that use *Spring*, >>> like *Roger Vandusen* from *Mastercard*. I have not forgotten about >>> you my friend. >>> >>> I *sincerely apologize to the community* that this new feature support >>> and the next release of SDG for Apache Geode 1.1.1 has taken so long. >>> >>> Anyway, once I get the last bit done, I will push 1 *final* *Spring >>> Data Geode* *1.1.0.RELEASE* based on Apache Geode 1.1.1. >>> >>> I say "*final*" because *Spring Data Geode* is becoming a new, >>> *top-level* *Spring Data* module in the *Spring Data* portfolio >>> <http://projects.spring.io/spring-data/> [9] (like *Spring Data GemFire*, >>> but separate now, yay). I am super excited about this and I hope the >>> community will be too. It already has a new GitHub Repo home, here >>> <https://github.com/spring-projects/spring-data-geode> [10]. >>> >>> So, *Spring Data Geode* will be part of the *Spring Data Release Train >>> <https://github.com/spring-projects/spring-data-commons/wiki>* [11] >>> (from *Kay* onward; see right-side nav bar on Wiki page), which means >>> SD Geode will have predictable and regular releases, and will be based on >>> Apache Geode *1.2.0*. However, it also means that Apache Geode 1.2.0 >>> needs to be released before SD Geode can be added to the train. And, it >>> also means several other important things... >>> >>> 1. I will *not* be doing individual releases of SD Geode going forward >>> after SD Geode is added to the train. >>> >>> 2. SD Geode will be at version 2.0.0 (based on Apache Geode 1.2.0); so >>> the version numbers between Apache Geode and SD Geode will not longer align >>> (which is actually the same as *Spring Data GemFire* for Pivotal >>> GemFire, too), partly because... >>> >>> 3. SDG also builds on *Spring* *5*, with the major themes being *Java 8*, >>> *Reactive* and *Functional programming* support, so we are bumping the >>> major version for all SD modules. >>> >>> Anyway, I hope this helps and clears up the muddy waters on what has >>> been happening on *Spring Data Geode*. I am also involved in several >>> other things, like... >>> >>> 1. Moving the *Spring Boot* auto-configuration support for Apache >>> Geode/Pivotal GemFire I built into *Spring Boot* to a new home >>> <https://github.com/spring-projects/spring-boot-data-gemfire> [12], a >>> major WIP. >>> >>> 2. Moving the *Spring Session Data Geode/GemFire* support to its new >>> home <https://github.com/spring-projects/spring-session-data-geode> [13], >>> as of *Spring Session* 2.0, also a major WIP. >>> >>> 3. And, building *Spring* support in PCF for Pivotal GemFire/Apache >>> Geode. >>> >>> Let me know if you have other questions. >>> >>> Cheers my friend, >>> John >>> >>> >>> [1] https://spring.io/blog/2016/11/10/spring-data-geode-1-0- >>> 0-incubating-release-released >>> [2] https://github.com/jxblum/contacts-application/blob/apac >>> he-geode/security-example/src/test/java/example/app/geode/se >>> curity/GeodeSecurityIntegrationTests.java >>> [3] https://github.com/spring-projects/spring-data-geode/tre >>> e/master/src/test/java/org/springframework/data/gemfire/conf >>> ig/annotation >>> [4] https://stackoverflow.com/questions/44204043/spring-supp >>> ort-for-apache-geode-spring-data-geode >>> [5] http://docs.spring.io/spring-data-gemfire/docs/2.0.0.M3/ >>> reference/html/#bootstrap:lucene >>> [6] https://github.com/spring-projects/spring-data-geode/blo >>> b/master/src/main/java/org/springframework/data/gemfire/conf >>> ig/annotation/EnableCacheServer.java#L134 >>> [7] https://github.com/spring-projects/spring-data-geode/blo >>> b/master/src/main/java/org/springframework/data/gemfire/conf >>> ig/annotation/CacheServerConfigurer.java >>> [8] https://github.com/spring-projects/spring-data-geode/blo >>> b/master/src/test/java/org/springframework/data/gemfire/conf >>> ig/annotation/CacheServerConfigurerIntegrationTests.java#L87-L114 >>> [9] http://projects.spring.io/spring-data/ >>> [10] https://github.com/spring-projects/spring-data-geode >>> [11] https://github.com/spring-projects/spring-data-commons/wiki >>> [12] https://github.com/spring-projects/spring-boot-data-gemfire >>> [13] https://github.com/spring-projects/spring-session-data-geode >>> >>> >>> On Sat, Jun 3, 2017 at 12:12 AM, Parin dazz <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> Do we have any example on how to use/implement security manager with >>>> spring-data-geode? >>>> >>>> More, haven't heard anything for new release of spring-data-geode :) >>>> Very much excited for the new features and hard work john is doing. Any >>>> news on release date? >>>> >>>> >>>> Regards, >>>> Parin >>>> >>> >>> >>> >>> -- >>> -John >>> john.blum10101 (skype) >>> >> >> > -- Luke Shannon | Platform Engineering | Pivotal ------------------------------------------------------------------------- Mobile:416-571-9495 Join the Toronto Pivotal Usergroup: http://www.meetup.com/Toronto-Pivotal-User-Group/
