I tried using the SampleSecurityManager, and either one of the following command to start the 2nd locator is working: (I executed these commands while connected to the first locator, so I don't need to provide the --locators option, it knows which locator to join)
1> start locator --name=locator2 --port=10335 --classpath=/Users/jiliao/my_geode/security --security-properties-file=locator2.properties // locator2.properties only contains "security-username" and "security-password" properties. 2> start locator --name=locator2 --port=10335 --locators=jiliao-mbpro.lan[10334] --classpath=/Users/jiliao/my_geode/security/ --J=-Dgemfire.security-username=admin --J=-Dgemfire.security-password=admin I suspect that the reason one of your commands did not work is because of the locator2 can't find a security.json in its classpath, not because you did not provide the username/password. One of the complication of using our SampleSecurityManager is that it will need a security.json in it's classpath which complicates the issue. We should have a simpler security manager in the sample that's easier for users to experiment with. On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam < [email protected]> wrote: > I am able to start server with –user and –password to join existing secure > locator. But I am not able to start another locator to join the existing > secure locator. Could someone guide me here? > > > > start locator --name=locator1 --locators=localhost[10334],localhost[10335] > --properties-file=locator.properties > --classpath=C:\Users\GeodeWorkDir\locator1 > > > SUCCESS > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --properties-file=locator.properties --classpath=C:\Users\ > GeodeWorkDir\locator2 > > FAILED > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --security-properties-file=gfsecurity.properties > [gfsecurity.properties ---- security-username=clusteruser > security-password=****] > > FAILED > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --security-properties-file=gfsecurity.properties --classpath=C:\Users\ > GeodeWorkDir\locator2 > > FAILED > > > > > > *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher > failOnStart* > > *INFO: locator is exiting due to an exception* > > > > *org.apache.geode.security.AuthenticationRequiredException: Failed to find > credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]* > > * at > org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)* > > * at > org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)* > > * at > org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)* > > * at > org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)* > > * at > org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)* > > > > *Thanks & Regards,* > > *Dharam* > > > > *From:* Thacker, Dharam > *Sent:* Tuesday, June 06, 2017 3:41 PM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* RE: ExampleSecurityManager in Apache geode > > > > Thank you Nilkanth! > > > > Classpath worked! > > > > start locator --name=locator1 --properties-file=locator.properties > --classpath=C:\Users\GeodeWorkDir\locator1 > > *security-json file location:* > > C:\Users\GeodeWorkDir\locator1\security.json > > Thanks & Regards, > > Dharam > > > > *From:* Nilkanth Patel [mailto:[email protected] > <[email protected]>] > *Sent:* Tuesday, June 06, 2017 3:35 PM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: ExampleSecurityManager in Apache geode > > > > Dharam, > > > > Try out something like bellow, "security.json" is kept into > /work/code/oss/geode/locator1 dir. > > > > gfsh>start locator --name=/work/code/oss/geode/locator1 > --security-properties-file=/work/code/oss/geode/locator1/locator.properties > --classpath=/work/code/oss/geode/locator1 > > > > Additional checks, > > 1. specify classpath while starting locator as shown in above command. > > 2. check the file permission for security.json. > > > > Nilkanth. > > > > On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam < > [email protected]> wrote: > > Hi Nilkanth, > > > > Thanks for the reply! I tried below one but it’s still not taking > security.json file. Do you suggest anything different? > > > > *My Current Directory:* > > C:\Users\GeodeWorkDir > > > > *Locator Directory:* > > C:\Users\GeodeWorkDir\locator1 > > > > *security-json file location [Tried both locations]:* > > C:\Users\GeodeWorkDir\locator1\security.json > > C:\Users\GeodeWorkDir\security.json > > > > Thanks & Regards, > > Dharam > > > > > > *From:* Nilkanth Patel [mailto:[email protected]] > *Sent:* Tuesday, June 06, 2017 3:07 PM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: ExampleSecurityManager in Apache geode > > > > Dharam, > > > > I believe following will be helpful to you. > > > > IMO with the existing implementation, "security.json" file has to be kept > in a locator/server directory. In your case you need to be keep it in a > locator director (l1) and should work. > > > > Hope this helps. > > > > Nilkanth Patel. > > > > On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam < > [email protected]> wrote: > > Hi Jinmei & Team, > > > > I was going through “New Security In Apache Geode” video. I also tried to > start locator with ExampleSecurityManager and ExamplePostProcessor as shown > below, > > > > *locator.proprties* > > > > mcast-port=0 > > security-manager=org.apache.geode.examples.security.ExampleSecurityManager > > security-post-processor=org.apache.geode.examples. > security.ExamplePostProcessor > > > > > dir > > locator.properties > > security.json > > security-config.jar > > > > My security-config.jar has following structure, > > --- resources -> security.json > > --- META-INF -> MANIFEST.MF > > > > Could you guide me with below error? > > > > gfsh>start locator --name=locator1 --properties-file=locator.properties > --classpath=C:\Users\GeodeWorkDir\security-config.jar > > Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1... > > The Locator process terminated unexpectedly with exit status 1. Please > refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details. > > > > Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher > failOnStart > > INFO: locator is exiting due to an exception > > org.apache.geode.security.AuthenticationFailedException: > ExampleSecurityManager: unable to find json resource "security.json" as > specified by [security-json]. > > at org.apache.geode.examples.security.ExampleSecurityManager.init( > ExampleSecurityManager.java:132) > > at org.apache.geode.internal.security.IntegratedSecurityService. > initSecurity(IntegratedSecurityService.java:332) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > initialize(GemFireCacheImpl.java:1208) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > basicCreate(GemFireCacheImpl.java:798) > > at org.apache.geode.internal.cache.GemFireCacheImpl.create( > GemFireCacheImpl.java:783) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218) > > at org.apache.geode.distributed.internal.InternalLocator. > startCache(InternalLocator.java:767) > > at org.apache.geode.distributed.internal.InternalLocator. > startDistributedSystem(InternalLocator.java:752) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:357) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:315) > > at org.apache.geode.distributed.LocatorLauncher.start( > LocatorLauncher.java:630) > > at org.apache.geode.distributed.LocatorLauncher.run( > LocatorLauncher.java:532) > > at org.apache.geode.distributed.LocatorLauncher.main( > LocatorLauncher.java:174) > > > > Exception in thread "main" > org.apache.geode.security.AuthenticationFailedException: > ExampleSecurityManager: unable to find json resource "security.json" as > specified by [security-json]. > > at org.apache.geode.examples.security.ExampleSecurityManager.init( > ExampleSecurityManager.java:132) > > at org.apache.geode.internal.security.IntegratedSecurityService. > initSecurity(IntegratedSecurityService.java:332) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > initialize(GemFireCacheImpl.java:1208) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > basicCreate(GemFireCacheImpl.java:798) > > at org.apache.geode.internal.cache.GemFireCacheImpl.create( > GemFireCacheImpl.java:783) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218) > > at org.apache.geode.distributed.internal.InternalLocator. > startCache(InternalLocator.java:767) > > at org.apache.geode.distributed.internal.InternalLocator. > startDistributedSystem(InternalLocator.java:752) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:357) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:315) > > at org.apache.geode.distributed.LocatorLauncher.start( > LocatorLauncher.java:630) > > at org.apache.geode.distributed.LocatorLauncher.run( > LocatorLauncher.java:532) > > at org.apache.geode.distributed.LocatorLauncher.main( > LocatorLauncher.java:174) > > > > Thanks & Regards, > > Dharam > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > > > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > > > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > -- Cheers Jinmei
