Authentication and Security Filter - Space Schema

Added by Uri Cohen, last edited by Aleia Hutcherson on May 25, 2008 (view change)

GigaSpaces 5.X

Documentation Home
Quick Start Guide
Release Notes

_{Previous release}

Search Here

Other Versions

6.6 Documentation
6.0 Documentation

General Resources

Screencasts
Examples
API Docs
Forum
Downloads
White Papers
gigaspaces.com

Summary: Configuring and implementing authentication and authorization using the default security filter.

Overview | Default Security Filter Authentication

Overview

The configuration required to set up the default security filter is located in the space configuration schema file. The relevant tags are:

<space-config>
    <filters>
       <!-- List of available filter operation codes: -->
                     <!--The operation codes defines the operations in which this filter will be called.-->
                     <!-- 0 - Before write;-->
                     <!-- 1 - After write;-->
                     <!-- 2 - Before read;-->
                     <!-- 3 - Before take;-->
                     <!-- 4 - Before notify;-->
                     <!-- 5 - Before getadmin;-->
                     <!-- 6 - Set security context;-->
                     <!-- 7 - Before get collection;-->
                     <!-- 8 - Before Clean space;-->
                     <!-- 9 - Before update;-->
                     <!-- 10 - After update;-->
                     <!-- 11 - Before read multiple;-->
                     <!-- 12 - After read multiple;-->
                     <!-- 13 - Before take multiple;-->
                     <!-- 14 - After take multiple;-->
                     <!-- the following operation codes can be used ONLY in non-security filters -->
                     <!-- 51 - On init;-->
                     <!-- 52 - Before remove;-->
                     <!-- 53 - After remove;-->
                 <!--The user account driver implementation definition. This driver provides access-->
                <!--to the users account information such as the user name,password and roles-->
                <!--The driver can be any class that-->
                 <!--implements the com.j_spaces.core.filters.ISpaceUserAccountDriver.-->
                <!--The default driver is com.j_spaces.core.filters.MemoryRealm which uses the default-users-->
                <!--for maintaining the users account information-->
                <userAccountDriver>com.j_spaces.core.filters.MemoryRealm</userAccountDriver>
                <!--Use this filter to enforce authentication and operation based authorization-->
       <DefaultSecurityFilter>
           <enabled>false</enabled>
           <security>true</security>
           <class>com.j_spaces.core.filters.DefaultSecurityFilter</class>
           <operation-code>0, 2, 3, 4, 6, 8, 9, 11, 13</operation-code>
           <url>default-users</url>
           <priority>1</priority>
       </DefaultSecurityFilter>
    </filters>
<space-config>

The <security> element indicates that this filter is a security filter and therefore should maintain a security context.
The <class> attribute points to the default implementation of the security filter.
The <url> attribute points to the location of the users encrypted file. This file stores the users lists and their roles.

For more details on the filters setup, refer to the Space Filter Options section.

Default Security Filter Authentication

GigaSpaces uses the Account driver to access the user accounts file. The default driver uses the default-users encrypted file. Each accounts file contains the username, password system roles, and user-defined customer roles. The roles are discussed later in the space authorization process.

Space Authentication (Login) Process

Implicit login – when the space proxy is loaded into the application VM, it automatically performs an initialization process with the space. This invokes the server security filter setContext API, that sets up an initial permission to the space.

By default, a secured space is assigned with "anonymous" user roles. The anonymous user must be defined in the user's accounts file.

Explicit Login – the login operation can be performed in one of two ways:
- Using system properties to define the user name and password:

GigaSpaces security system properties:

User Name	`com.gs.security.userid`
Password	`com.gs.security.password`

- Using a call to the IJSpace.setContext method.
  The IJSpace interface provides security methods. The IJSpace.setSecurityContext() method. For more details, see Javadoc (refer to the setSecurityContext(com.j_spaces.core.SecurityContext) method).

Wiki Content Tree

Your Feedback Needed!

We need your help to improve this wiki site. If you have any suggestions or corrections, write to us at techw@gigaspaces.com. Please provide a link to the wiki page you are referring to.

Labels

(None)

Add Comment

Add Labels
Enter labels to add to this page: Looking for a label? Just start typing.