SampleSecurityManager doesn't do encryption/decryption. It's meant only as an example.
There are multiple ways to protect your password: 1) read-protect your security.json so that only a certain user can read it. 2) implement your own security-manager to decrypt the password using a secret key. (but here again you will need to find a way to protect this key in your corporation. In my opinion, it's simply changing the subject, but the problem is still there). We usually recommend the first approach, but in some situations, 2nd one might be an option too. On Thu, Jun 8, 2017 at 1:11 AM, Thacker, Dharam <[email protected] > wrote: > Hi Jinmei, > > > > Is there any way to encrypt password in security.json file with Geode > 1.1.1? I tried below but it did not work for me, > > > > "users": [ > > { > > "name": "admin", > > "password": "encrypted(0859A0F6C68B9785)", > > "roles": ["ADMIN"] > > … > > }, > > > > Thanks & Regards, > > Dharam > > > > *From:* Thacker, Dharam > *Sent:* Wednesday, June 07, 2017 11:26 AM > *To:* '[email protected]'; '[email protected]' > *Subject:* RE: FW: ExampleSecurityManager in Apache geode > > > > Thanks Jinmei for quick reply! > > > > >> It did not work for me when I used [*--classpath]* and > >> [*--security-properties-file] > *even though my classpath contains security.json file* [**That’s strange* > *]* > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --*security-properties-file*=gfsecurity.properties --*classpath*=C:\Users\ > GeodeWorkDir\locator2 > > FAILED > > > > >> It worked for me when I used --J=-Dgemfire.security-username=admin > --J=-Dgemfire.security-password=admin [*SUCCESS*] > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --J=-*Dgemfire.security-username*=admin > --J=-*Dgemfire.security-password*=admin > --*classpath*=C:\Users\GeodeWorkDir\locator2 > > SUCCESS > > > > Thanks & Regards, > > Dharam > > > > *From:* Jinmei Liao [mailto:[email protected] <[email protected]>] > *Sent:* Wednesday, June 07, 2017 11:12 AM > *To:* [email protected] > *Subject:* Re: FW: ExampleSecurityManager in Apache geode > > > > I tried using the SampleSecurityManager, and either one of the following > command to start the 2nd locator is working: (I executed these commands > while connected to the first locator, so I don't need to provide the > --locators option, it knows which locator to join) > > > > 1> start locator --name=locator2 --port=10335 > --classpath=/Users/jiliao/my_geode/security > --security-properties-file=locator2.properties > > // locator2.properties only contains "security-username" and > "security-password" properties. > > > > 2> start locator --name=locator2 --port=10335 > --locators=jiliao-mbpro.lan[10334] > --classpath=/Users/jiliao/my_geode/security/ > --J=-Dgemfire.security-username=admin > --J=-Dgemfire.security-password=admin > > > > > > I suspect that the reason one of your commands did not work is because of > the locator2 can't find a security.json in its classpath, not because you > did not provide the username/password. One of the complication of using our > SampleSecurityManager is that it will need a security.json in it's > classpath which complicates the issue. We should have a simpler security > manager in the sample that's easier for users to experiment with. > > > > > > > > On Tue, Jun 6, 2017 at 10:03 PM, Thacker, Dharam < > [email protected]> wrote: > > I am able to start server with –user and –password to join existing secure > locator. But I am not able to start another locator to join the existing > secure locator. Could someone guide me here? > > > > start locator --name=locator1 --locators=localhost[10334],localhost[10335] > --properties-file=locator.properties > --classpath=C:\Users\GeodeWorkDir\locator1 > > > SUCCESS > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --properties-file=locator.properties --classpath=C:\Users\ > GeodeWorkDir\locator2 > > FAILED > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --security-properties-file=gfsecurity.properties > [gfsecurity.properties ---- security-username=clusteruser > security-password=****] > > FAILED > > > > start locator –name=locator2 --locators=localhost[10334],localhost[10335] > --security-properties-file=gfsecurity.properties --classpath=C:\Users\ > GeodeWorkDir\locator2 > > FAILED > > > > > > *Jun 07, 2017 10:27:06 AM org.apache.geode.distributed.LocatorLauncher > failOnStart* > > *INFO: locator is exiting due to an exception* > > > > *org.apache.geode.security.AuthenticationRequiredException: Failed to find > credentials from [X.X.X.X(locator2:19416:locator)<ec>:1025]* > > * at > org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.attemptToJoin(GMSJoinLeave.java:424)* > > * at > org.apache.geode.distributed.internal.membership.gms.membership.GMSJoinLeave.join(GMSJoinLeave.java:318)* > > * at > org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.join(GMSMembershipManager.java:656)* > > * at > org.apache.geode.distributed.internal.membership.gms.mgr.GMSMembershipManager.joinDistributedSystem(GMSMembershipManager.java:745)* > > * at > org.apache.geode.distributed.internal.membership.gms.Services.start(Services.java:181)* > > > > *Thanks & Regards,* > > *Dharam* > > > > *From:* Thacker, Dharam > *Sent:* Tuesday, June 06, 2017 3:41 PM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* RE: ExampleSecurityManager in Apache geode > > > > Thank you Nilkanth! > > > > Classpath worked! > > > > start locator --name=locator1 --properties-file=locator.properties > --classpath=C:\Users\GeodeWorkDir\locator1 > > *security-json file location:* > > C:\Users\GeodeWorkDir\locator1\security.json > > Thanks & Regards, > > Dharam > > > > *From:* Nilkanth Patel [mailto:[email protected] > <[email protected]>] > *Sent:* Tuesday, June 06, 2017 3:35 PM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: ExampleSecurityManager in Apache geode > > > > Dharam, > > > > Try out something like bellow, "security.json" is kept into > /work/code/oss/geode/locator1 dir. > > > > gfsh>start locator --name=/work/code/oss/geode/locator1 > --security-properties-file=/work/code/oss/geode/locator1/locator.properties > --classpath=/work/code/oss/geode/locator1 > > > > Additional checks, > > 1. specify classpath while starting locator as shown in above command. > > 2. check the file permission for security.json. > > > > Nilkanth. > > > > On Tue, Jun 6, 2017 at 3:21 PM, Thacker, Dharam < > [email protected]> wrote: > > Hi Nilkanth, > > > > Thanks for the reply! I tried below one but it’s still not taking > security.json file. Do you suggest anything different? > > > > *My Current Directory:* > > C:\Users\GeodeWorkDir > > > > *Locator Directory:* > > C:\Users\GeodeWorkDir\locator1 > > > > *security-json file location [Tried both locations]:* > > C:\Users\GeodeWorkDir\locator1\security.json > > C:\Users\GeodeWorkDir\security.json > > > > Thanks & Regards, > > Dharam > > > > > > *From:* Nilkanth Patel [mailto:[email protected]] > *Sent:* Tuesday, June 06, 2017 3:07 PM > *To:* [email protected] > *Cc:* [email protected] > *Subject:* Re: ExampleSecurityManager in Apache geode > > > > Dharam, > > > > I believe following will be helpful to you. > > > > IMO with the existing implementation, "security.json" file has to be kept > in a locator/server directory. In your case you need to be keep it in a > locator director (l1) and should work. > > > > Hope this helps. > > > > Nilkanth Patel. > > > > On Tue, Jun 6, 2017 at 2:40 PM, Thacker, Dharam < > [email protected]> wrote: > > Hi Jinmei & Team, > > > > I was going through “New Security In Apache Geode” video. I also tried to > start locator with ExampleSecurityManager and ExamplePostProcessor as shown > below, > > > > *locator.proprties* > > > > mcast-port=0 > > security-manager=org.apache.geode.examples.security.ExampleSecurityManager > > security-post-processor=org.apache.geode.examples. > security.ExamplePostProcessor > > > > > dir > > locator.properties > > security.json > > security-config.jar > > > > My security-config.jar has following structure, > > --- resources -> security.json > > --- META-INF -> MANIFEST.MF > > > > Could you guide me with below error? > > > > gfsh>start locator --name=locator1 --properties-file=locator.properties > --classpath=C:\Users\GeodeWorkDir\security-config.jar > > Starting a Geode Locator in C:\Users\GeodeWorkDir\locator1... > > The Locator process terminated unexpectedly with exit status 1. Please > refer to the log file in C:\Users\GeodeWorkDir\locator1 for full details. > > > > Jun 06, 2017 2:19:50 PM org.apache.geode.distributed.LocatorLauncher > failOnStart > > INFO: locator is exiting due to an exception > > org.apache.geode.security.AuthenticationFailedException: > ExampleSecurityManager: unable to find json resource "security.json" as > specified by [security-json]. > > at org.apache.geode.examples.security.ExampleSecurityManager.init( > ExampleSecurityManager.java:132) > > at org.apache.geode.internal.security.IntegratedSecurityService. > initSecurity(IntegratedSecurityService.java:332) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > initialize(GemFireCacheImpl.java:1208) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > basicCreate(GemFireCacheImpl.java:798) > > at org.apache.geode.internal.cache.GemFireCacheImpl.create( > GemFireCacheImpl.java:783) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218) > > at org.apache.geode.distributed.internal.InternalLocator. > startCache(InternalLocator.java:767) > > at org.apache.geode.distributed.internal.InternalLocator. > startDistributedSystem(InternalLocator.java:752) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:357) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:315) > > at org.apache.geode.distributed.LocatorLauncher.start( > LocatorLauncher.java:630) > > at org.apache.geode.distributed.LocatorLauncher.run( > LocatorLauncher.java:532) > > at org.apache.geode.distributed.LocatorLauncher.main( > LocatorLauncher.java:174) > > > > Exception in thread "main" > org.apache.geode.security.AuthenticationFailedException: > ExampleSecurityManager: unable to find json resource "security.json" as > specified by [security-json]. > > at org.apache.geode.examples.security.ExampleSecurityManager.init( > ExampleSecurityManager.java:132) > > at org.apache.geode.internal.security.IntegratedSecurityService. > initSecurity(IntegratedSecurityService.java:332) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > initialize(GemFireCacheImpl.java:1208) > > at org.apache.geode.internal.cache.GemFireCacheImpl. > basicCreate(GemFireCacheImpl.java:798) > > at org.apache.geode.internal.cache.GemFireCacheImpl.create( > GemFireCacheImpl.java:783) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:178) > > at org.apache.geode.cache.CacheFactory.create(CacheFactory.java:218) > > at org.apache.geode.distributed.internal.InternalLocator. > startCache(InternalLocator.java:767) > > at org.apache.geode.distributed.internal.InternalLocator. > startDistributedSystem(InternalLocator.java:752) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:357) > > at org.apache.geode.distributed.internal.InternalLocator. > startLocator(InternalLocator.java:315) > > at org.apache.geode.distributed.LocatorLauncher.start( > LocatorLauncher.java:630) > > at org.apache.geode.distributed.LocatorLauncher.run( > LocatorLauncher.java:532) > > at org.apache.geode.distributed.LocatorLauncher.main( > LocatorLauncher.java:174) > > > > Thanks & Regards, > > Dharam > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > > > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > > > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > > > > > > -- > > Cheers > > > > Jinmei > > This message is confidential and subject to terms at: http:// > www.jpmorgan.com/emaildisclaimer including on confidentiality, legal > privilege, viruses and monitoring of electronic messages. If you are not > the intended recipient, please delete this message and notify the sender > immediately. Any unauthorized use is strictly prohibited. > -- Cheers Jinmei
