Summary: What's New, and migration steps

What's New

GigaSpaces XAP 7.0.1 security allows complete application security and finer grained manageability.

  • Space Data permissions - finer access control with "allow" and "deny" by classname
  • Grid Service permissions - not just "full control" and "read-only"
  • Secured Session between proxy and server
  • GigaSpaces Management Center (UI) visibility of secured Spaces and Clusters in all views, login/logout and authentication view
  • User and Role management are directly manageable from the UI

Migration Steps

Default Security Filter

The most comprehensive change is the deprecation of the DefaultSecurityFilter. The 7.0.1 Security is no longer based on a Space Filter, and has been extracted to its own layer. This alone serves the basis for a simpler security model, that can be extended and integrated with other security providers.

If you have the DefaultSecurityFilter declared in pu.xml or in your Space schemas it should be removed. In general we print out a warning and ignore it.

Old Security File

If you have an old "users" security file (<GigaSpaces root>/security/default-users), we suggest to throw it and start from scratch!
XAP 7.0.1 security has finer grained permissions, specifically the removal of the "admin" permission.

If you insist, we provide a migration tool.

Note that in the new security model there is no support for field-value attribute permissions.

Usage - command line
com.gigaspaces.security.tool.migration.SecurityFileMigrationTool <source-file-path> <destination-file-path>

Code
com.gigaspaces.security.tool.migration.SecurityFileMigrationTool..migrate(new File("source"), new File("dest");

The <GigaSpaces root>/security/default-users file created by the old security is now replaced by <GigaSpaces root>/security/gs-directory.fsm. This is the default security file a secured service will access.

Security configuration

The old security configurations no longer apply. All configurations are done using properties declared in a properties file.
There is one system property for enabling security and one optional system property for defining the path to the properties file.

-Dcom.gs.security.enabled = true
-Dcom.gs.security.properties-file = /opt/head/security/my-properties.properties

Authentication API

API used to pass credentials from a remote process like below is no longer supported,

scontext = new SecurityContext("gsuser", "gspassword");
space.setSecurityContext( scontext );

In the new Security model, credentials are passed to the proxy using the following API,

IJSpace space = new UrlSpaceConfigurer(url).userDetails("gsadmin", "gsadmin").space();
GigaSpace gigaSpace = new GigaSpaceConfigurer(space).gigaSpace();
GigaSpaces.com - Legal Notice - 3rd Party Licenses - Site Map - API Docs - Forum - Downloads - Blog - White Papers - Contact Tech Writing - Gen. by Atlassian Confluence