Summary: This section describes how to secure GigaSpaces management tools

Overview

GigaSpaces has two management tools: the GigaSpaces Management Center (GMC) and the CLI. This section describes the ability to secure them and restrict access to them.

GigaSpaces Management Center (GMC)

The GigaSpaces Management Center (GMC) has several indications for secured Grid Service Manager (GSM) and Grid Service Container (GSC) services.

These indications exist in several places in the GMC:

In the Services Tree

Within each GSC component

In the Deployment Wizard

Authentication Process

There are two options to authenticate to the secured service:

  • Passing two system properties with username and password to the GMC
  • Using the Login dialog

Passing two system properties with a username and password to the GMC

-Dcom.gs.security.userid
-Dcom.gs.security.password

Using the Login dialog

This dialog can be opened from several places:

File>Login

GSC Tree Table component

Popup menu that opened for the GSM or GSC

When a service is secure, but not authenticated, it is not possible to perform deployment. Authentication must take place first.
The Login dialog can be opened and used more than one time for entering user login details. All the details are saved for the current UI session.
Each set of user/password login details, is authenticated against all the services. The UI will display the highest credentials acquired from within this set.

Outcome of the Authentication Process

The authentication process can have three possible outcomes:

  • The authentication did not succeed
  • The user has read-only credentials (indicated by READ)
  • The user has full administrative credentials (indicated by ADMIN)
If the authentication did not succeed, or the user has read-only credentials, then the user can only view services, and all destructive operations are prohibited.
If the user acquired full administrative credentials, then the user can perform any operation, as in a regular (i.e. unsecured) service e.g. deployment, undeployment, relocation etc.

The indications in each of these cases are:

Authentication did not succeed

User has read-only credentials

User has full administrative credentials

Managing Users for Secured Services

There is also an option to manage users for secured services. This can be done by using the Manage Users dialog from the popup menu. In this dialog, users can be added, edited or removed.

CLI

The following operations in the CLI are prohibited for secured services that were not authenticated, since they are destructive operations:

  • deploy
  • pudeploy
  • undeploy
  • jconsole
  • destroy
  • all space operations

These operations are permitted only for users with Admin credentials, and there is only one place for secured services authentication: login CLI command.

All required login details must be entered by using that operation before using the required CLI operation for a secured service.

GigaSpaces.com - Legal Notice - 3rd Party Licenses - Site Map - API Docs - Forum - Downloads - Blog - White Papers - Contact Tech Writing - Gen. by Atlassian Confluence