Custom Security
This section assumes that you are familiar with basic security concepts, and with GigaSpaces-specific security configurations. Before implementing custom security from scratch, consider the following alternatives:
- Extending the default file-based security implementation that is already provided with GigaSpaces, which supports replacing the encoding, referencing a security file on an HTTP server, and more.
- Using or extending the Spring Security Bridge.
GigaSpaces security was designed with customization in mind. There are numerous security standards and practices, so users can implement the built-in security features out of the box, or customize them to suit the needs of the industry and environment.
You can customize the security protocols for the following:
- Authentication - How servers authenticate the clients that access them.
- User/Role Management - Creation and management of users and roles.
Packaging and Classpath
The most common scenario is for all services to share the same custom security. This is easily accomplished by placing the custom implementation classes in the lib/optional/security directory.
You can use a different directory by configuring the com.gigaspaces.lib.opt.security system property.
$GS_HOME/lib/optional/security/my-custom-security.jar
Processing Units can share a custom security implementation that may differ from that of the GSM and GSCs. In this case, the custom security JAR can be placed under pu-common.
$GS_HOME/lib/optional/pu-common/my-pu-custom-security.jar
If each Processing Unit has its own custom security implementation, the custom security JAR can be part of the Processing Unit distribution.
$GS_HOME/deploy/hello-processor/lib/my-processor-custom-security.jar
We recommend that the custom security JAR contain only security-related classes.
