Security

This section provides an understanding of GigaSpaces Security features, where they fit in the GigaSpaces architecture, which components can be secured, and how to configure and customize the security depending on your application security requirements. GigaSpaces Security provides comprehensive support for securing your data, services, or both. GigaSpaces provides a set of authorities granting privileged access to data, and for performing operations on services.

Some security features are part of the open source edition, while others are only available with the commercial (licensed) editions.

Security Infrastructure for Open Source Editions

GigaSpaces applications come with a basic security infrastructure that can be configured to suit the needs of your organization. You can secure the data layer, which includes the Spaces and Processing Units, by defining the following elements for user authorities and roles:

  • Data access privileges

  • Operation privileges

  • Monitoring privileges

  • System administration privileges

You can also configure auditing for operations on the data grid, and secure the SSL transport layer.

The open source editions do not include a security implementation. A reference implementation is provided instead.

Security Implementations for Commercial Editions

The commercial editions of GigaSpaces and GigaSpaces come with an Admin API that can be used for administration and monitoring. Additionally, the following interfaces can also be used:

  • GigaSpaces Management Center

  • Command Line Interface

  • Web Management Console

  • Rest Manager API

The administration and monitoring tools interact with the application layers as follows.

layers-of-security.png

Refer to Administration Tools for details about the configuration options.

Securable Layers

GigaSpaces security can be applied in three separate layers. You can enable security for any of the layers individually, or you can enable all of them for maximum security.

  • The data layer - You can declare a secured Space or Processing Unit.

  • The grid layer - You can declare the data grid as secured. Includes the grid components (GSA, GSM, GSC, GigaSpaces Manager).

  • The transport layer - Provides a generic network filter with SSL support.

Configuring Security

Security is configured via a property file that includes required and custom properties. For more information, refer to the following parts of the Security section in this Administration guide:

When no property file is configured, there is a fallback implementation mainly used for testing or to get you started. This implementation stores the user credentials in a local file and can be used to demonstrate that security has been applied.

Refer to the following sections for more information about the GigaSpaces security implementations:

Dependencies

In order to use the security implementation, include the $GS_HOME/lib/optional/security/xap-security.jar file on your classpath or use Maven dependencies:

<dependency>
    <groupId>com.gigaspaces</groupId>
    <artifactId>xap-security</artifactId>
    <version>14.5.0</version>
</dependency>

For more information on dependencies, refer to Maven Artifacts.

Hello World Example

The Hello World example provides a step-by-step guide to deploying a Processing Unit with a secured Space, accessing it from a remote proxy, and declaring principals using the administration tools.

Spring Security

Spring Security is one of the most mature and widely used Spring projects. GigaSpaces provides a Spring-based security bridge to enable an extensible implementation to LDAP (Lightweight Directory Access Protocol) or database authentication.

For more information, refer to Spring Security Bridge.

spring-based-security.png