Space Data permissions - finer access control with "allow" and "deny" by classname
Grid Service permissions - not just "full control" and "read-only"
Secured Session between proxy and server
GigaSpaces Management Center (UI) visibility of secured Spaces and Clusters in all views, login/logout and authentication view
User and Role management are directly manageable from the UI
Migration Steps
Default Security Filter
The most comprehensive change is the deprecation of the DefaultSecurityFilter. The 7.0.1 Security is no longer based on a Space Filter, and has been extracted to its own layer. This alone serves the basis for a simpler security model, that can be extended and integrated with other security providers.
If you have the DefaultSecurityFilter declared in pu.xml or in your Space schemas it should be removed. In general we print out a warning and ignore it.
Old Security File
If you have an old "users" security file (<GigaSpaces root>/security/default-users), we suggest to throw it and start from scratch! XAP 7.0.1 security has finer grained permissions, specifically the removal of the "admin" permission.
If you insist, we provide a migration tool.
Note that in the new security model there is no support for field-value attribute permissions.
com.gigaspaces.security.tool.migration.SecurityFileMigrationTool..migrate(new File("source"), new File("dest");
The <GigaSpaces root>/security/default-users file created by the old security is now replaced by <GigaSpaces root>/security/gs-directory.fsm. This is the default security file a secured service will access.
Security configuration
The old security configurations no longer apply. All configurations are done using properties declared in a properties file. There is one system property for enabling security and one optional system property for defining the path to the properties file.
API used to pass credentials from a remote process like below is no longer supported,
scontext = new SecurityContext("gsuser", "gspassword");
space.setSecurityContext( scontext );
In the new Security model, credentials are passed to the proxy using the following API,
IJSpace space = new UrlSpaceConfigurer(url).userDetails("gsadmin", "gsadmin").space();
GigaSpace gigaSpace = new GigaSpaceConfigurer(space).gigaSpace();