This section provides an understanding of GigaSpaces Security features, where they fit in the GigaSpaces architecture, which components can be secured, and how to configure and customize the security depending on your application security requirements. GigaSpaces Security provides comprehensive support for securing your data, services, or both. GigaSpaces provides a set of authorities granting privileged access to data, and for performing operations on services.
Some security features are part of the open source edition, while others are only available with the commercial (licensed) editions.
Security Infrastructure for Open Source Editions
GigaSpaces applications come with a basic security infrastructure that can be configured to suit the needs of your organization. You can secure the data layer, which includes the Spaces and Processing Units, by defining the following elements for user authorities and roles:
Data access privileges
System administration privileges
You can also configure auditing for operations on the data grid, and secure the SSL transport layer.
The open source editions do not include a security implementation. A reference implementation is provided instead.
Security Implementations for Commercial Editions
The commercial editions of GigaSpaces and GigaSpaces come with an Admin API that can be used for administration and monitoring. Additionally, the following interfaces can also be used:
GigaSpaces Management Center
Command Line Interface
Web Management Console
Rest Manager API
The administration and monitoring tools interact with the application layers as follows.
Refer to Administration Tools for details about the configuration options.
GigaSpaces security can be applied in three separate layers. You can enable security for any of the layers individually, or you can enable all of them for maximum security.
The data layer - You can declare a secured Space or Processing Unit.
The grid layer - You can declare the data grid as secured. Includes the grid components (GSA, GSM, GSC, GigaSpaces Manager).
The transport layer - Provides a generic network filter with SSL support.
Security is configured via a property file that includes required and custom properties. For more information, refer to the following parts of the Security section in this Administration guide:
Space and Processing Unit - Includes configuration options for the properties file.
Grid components - Includes configuration options for the grid components.
Web Management Console - Includes configurations for authenticating with secure data grid components.
REST Manager API - Includes security and SSL configurations for secured RESTful API support.
When no property file is configured, there is a fallback implementation mainly used for testing or to get you started. This implementation stores the user credentials in a local file and can be used to demonstrate that security has been applied.
Refer to the following sections for more information about the GigaSpaces security implementations:
To read more about the GigaSpaces file-based configuration options, refer to Default File-Based Security.
To write your own implementation, refer to Reference Implementation, which uses MongoDB.
For other custom security implementations, refer to Custom Security. One such custom security implementation is the Spring Security Bridge.
In order to use the security implementation, include the
$GS_HOME/lib/optional/security/xap-security.jar file on your classpath or use Maven dependencies:
<dependency> <groupId>com.gigaspaces</groupId> <artifactId>xap-security</artifactId> <version>16.2.1</version> </dependency>
For more information on dependencies, refer to Maven Artifacts.
Hello World Example
The Hello World example provides a step-by-step guide to deploying a Processing Unit with a secured Space, accessing it from a remote proxy, and declaring principals using the administration tools.
Spring Security is one of the most mature and widely used Spring projects. GigaSpaces provides a Spring-based security bridge to enable an extensible implementation to LDAP (Lightweight Directory Access Protocol) or database authentication.
For more information, refer to Spring Security Bridge.