Configuration

The security components (GSAClosed Grid Service Agent. This is a process manager that can spawn and manage Service Grid processes (Operating System level processes) such as The Grid Service Manager, The Grid Service Container, and The Lookup Service. Typically, the GSA is started with the hosting machine's startup. Using the agent, you can bootstrap the entire cluster very easily, and start and stop additional GSCs, GSMs and lookup services at will., GSMClosed Grid Service Manager. This is is a service grid component that manages a set of Grid Service Containers (GSCs). A GSM has an API for deploying/undeploying Processing Units. When a GSM is instructed to deploy a Processing Unit, it finds an appropriate, available GSC and tells that GSC to run an instance of that Processing Unit. It then continuously monitors that Processing Unit instance to verify that it is alive, and that the SLA is not breached., GSCClosed Grid Service Container. This provides an isolated runtime for one (or more) processing unit (PU) instance and exposes its state to the GSM. and Processing UnitClosed This is the unit of packaging and deployment in the GigaSpaces Data Grid, and is essentially the main GigaSpaces service. The Processing Unit (PU) itself is typically deployed onto the Service Grid. When a Processing Unit is deployed, a Processing Unit instance is the actual runtime entity.) can each have their own security configuration. As such, you can have different security behaviors even between Processing Units. But, all have one common concept: all configurations are declared using properties (either located in a properties file or part of the components properties).

The security implementation dictates the properties needed for configuration. For example, if you consider the out-of-the-box file-based security implementation, you can either rely on the defaults or configure the file location, password encoders, etc.

When a secured component is started, it looks for the security configuration properties in order to instantiate the security implementation.

Enabling Security

Security can be enabled separately for the Data layer and the Grid layer.

Logging

Any configurations that are applied can be seen by setting the logging level to CONFIG (see xap_logging.properties):

com.gigaspaces.security.level = CONFIG

Security Properties File

The security properties file is used to configure the SecurityManager, that is responsible for the authentication and authorization process. The security.properties file is common to all components and is usually located under $GS_HOME/config/security/security.properties.

To only affect the Web Management Console, use the webui-security.properties instead.

The configuration file can be located anywhere in the classpath or in the classpath under config/security.

Alternatively, a system property can be set to indicate the location of the properties file:

-Dcom.gs.security.properties-file = my-security.properties

By setting -Dcom.gs.security.properties-file the property file will be located as a direct path (e.g. ~/home/user/my-security.properties), a resource (e.g. "my-security.properties") in the classpath or in the classpath under config/security.

Configuration Options

Space

For a standalone SpaceClosed Where GigaSpaces data is stored. It is the logical cache that holds data objects in memory and might also hold them in layered in tiering. Data is hosted from multiple SoRs, consolidated as a unified data model., the default Space security configuration file is <space-name>-security.properties. Just like the pu.properties, you can include the security properties as part of the custom properties being passed to the space /./space?properties=myCustomProps.

Processing Unit

The default Processing Unit (Space) security configuration file is /META-INF/spring/pu.properties. This is equivalent to custom properties being passed to the Space. This allows you to configure different configurations for different Processing Units. Thus, having a Processing Unit Cluster point to a specific security directory.

It is possible to separate the security configurations from the Processing Unit configurations, by placing the configurations in /META-INF/spring/<Space name>-security.properties file.

Service Grid Components

The default Grid components security configuration file is grid-security.properties.
Here you can declare different configurations that will affect all the Grid components (such as GSA, GSM, GSC) together.

Web Management Console

The default Web Management Console component security configuration file is webui-security.properties. The configuration file affects only the Web Management Console.