Custom Security
This section assumes that you are familiar with basic security concepts, and with GigaSpaces-specific security configurations. Before implementing custom security from scratch, consider the following alternatives:
- Extending the default file-based security implementation that is already provided with GigaSpaces, which supports replacing the encoding, referencing a security file on an HTTP server, and more.
- Using or extending the Spring Security Bridge.
GigaSpaces security was designed with customization in mind. There are numerous security standards and practices, so users can implement the built-in security features out of the box, or customize them to suit the needs of the industry and environment.
You can customize the security protocols for the following:
- Authentication - How servers authenticate the clients that access them.
- User/Role Management - Creation and management of users and roles.
Packaging and Classpath
The most common scenario is for all services to share the same custom security. This is easily accomplished by placing the custom implementation classes in the lib/optional/security
directory.
You can use a different directory by configuring the com.gigaspaces.lib.opt.security
system property.
$GS_HOME/lib/optional/security/my-custom-security.jar
Processing Units This is the unit of packaging and deployment in the GigaSpaces Data Grid, and is essentially the main GigaSpaces service. The Processing Unit (PU) itself is typically deployed onto the Service Grid. When a Processing Unit is deployed, a Processing Unit instance is the actual runtime entity. can share a custom security implementation that may differ from that of the GSM Grid Service Manager.
This is is a service grid component that manages a set of Grid Service Containers (GSCs). A GSM has an API for deploying/undeploying Processing Units. When a GSM is instructed to deploy a Processing Unit, it finds an appropriate, available GSC and tells that GSC to run an instance of that Processing Unit. It then continuously monitors that Processing Unit instance to verify that it is alive, and that the SLA is not breached. and GSCs. In this case, the custom security JAR can be placed under pu-common
.
$GS_HOME/lib/optional/pu-common/my-pu-custom-security.jar
If each Processing Unit has its own custom security implementation, the custom security JAR can be part of the Processing Unit distribution.
$GS_HOME/deploy/hello-processor/lib/my-processor-custom-security.jar
We recommend that the custom security JAR contain only security-related classes.