Security Quick Start — In-Memory Security

This document shows how to set up GigaSpaces security using an in-memory security model. It is suggested that you understand this basic technique before studying the other supported security methods.

What is Quick Start Security?

As implemented out of the box, GigaSpaces runs without a default security model — user logins are not required. Setting a single environmental variable (see below) implements our Quick Start security model.

The Quick Start security model defines three levels of user — administrator, manager or viewer – and requires a login to use the GUI, command line or REST API. Users, passwords and permissions are defined in an XML file in clear text.

What are the Supported Security Models?

GigaSpaces supports three security providers or models: in-memory, LDAP and JDBC. We will start with the simplest security model, in-memory, and then explain the more complex models of LDAP and JDBC in later topics.

In additon to in-memory, LDAP and JDBC, any other Authentication provider compatible with Spring Security is supported.

Enable Security - Set the GS_OPTIONS_EXT Environmental Variable

This example of in-memory security uses a flat file with clear text for the user and password. This is for learning purposes only, and is not a secure method for production use.

To set up security, we set the GS_OPTIONS_EXT environmental variable. This informs the system that security of some kind will be required.

Add the environmental variable definition to the setenv-overrides.sh/batfile, as shown below.

export GS_OPTIONS_EXT='-Dcom.gs.security.enabled=true  -Dcom.gs.manager.rest.ssl.enabled=false'

SET GS_OPTIONS_EXT=-Dcom.gs.security.enabled=true  -Dcom.gs.manager.rest.ssl.enabled=false

SSL encryption is a separate feature that can be configured independently of GigaSpaces security. In this example, we are enabling GS security and disabling SSL encryption.

That's it! Basic in-memory security is now enabled in GigaSpaces.

What Users are Defined in Quick Start Security?

Quick Start Security uses the default settings in the ../config/security/security-config.xml file. These default users are as follows:

User/Password User Type Available functions
gs-admin/gs-admin Administrator — has access to all system functions Connect to data source, deploy/undeploy processing units (pu's) and services, monitor, start and stop the system, vertical and horizontal scaling, object analysis
gs-mngr/gs-mngr Manager — has access to monitoring and deployment functions, except those related to starting, stopping or configuring the system.

Functionality includes monitoring, deployment, and querying the system.

Functionality excludes those related to defining and controlling the system — cannot connect to data source, deploy processing units and services, start and stop the system, perform vertical and horizontal scaling

gs-viewer/gs-viewer Viewer — has access to querying and monitoring functions. Includes functionality related to data querying, system performance and monitoring

Testing Quick Start Security

In order to do a basic test of Quick Start security, proceed as follows:

  1. Run the following script:

    ...bin/gs.sh demo

    ...bin/gs.bat demo

    This will start a demo environment.

  2. Log into the Ops Manager at localhost:8090. The system should accept the users defined above.

Next Topic: Understanding the Default Security Configuration File