07 March 2024

Security Quick Start — In-Memory Security

This document shows how to set up GigaSpaces security using an in-memory security model. It is suggested that you understand this basic technique before studying the other supported security methods.

What is Quick Start Security?

As implemented out of the box, GigaSpaces runs without a default security model — user logins are not required. Setting a single environmental variable (see below) implements our Quick Start security model.

The Quick Start security model defines three levels of user — administrator, manager or viewer – and requires a login to use the GUI, command line or REST API REpresentational State Transfer. Application Programming Interface An API, or application programming interface, is a set of rules that define how applications or devices can connect to and communicate with each other. A REST API is an API that conforms to the design principles of the REST, or representational state transfer architectural style.. Users, passwords and permissions are defined in an XML file in clear text.

What are the Supported Security Models?

GigaSpaces supports three security providers or models: in-memory, LDAP Lightweight Directory Access Protocol. An open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network. and JDBC Java DataBase Connectivity. This is an application programming interface (API) for the Java programming language, which defines how a client may access a database.. We will start with the simplest security model, in-memory, and then explain the more complex models of LDAP and JDBC in later topics.

In additon to in-memory, LDAP and JDBC, any other Authentication provider compatible with Spring Security is supported.

Enable Security - Set the GS_OPTIONS_EXT Environmental Variable

This example of in-memory security uses a flat file with clear text for the user and password. This is for learning purposes only, and is not a secure method for production use.

To set up security, we set the GS_OPTIONS_EXT environmental variable. This informs the system that security of some kind will be required.

Add the environmental variable definition to the setenv-overrides.sh/batfile, as shown below.

export GS_OPTIONS_EXT='-Dcom.gs.security.enabled=true  -Dcom.gs.manager.rest REpresentational State Transfer. Application Programming Interface
An API, or application programming interface, is a set of rules that define how applications or devices can connect to and communicate with each other. A REST API is an API that conforms to the design principles of the REST, or representational state transfer architectural style..ssl.enabled=false'

SET GS_OPTIONS_EXT=-Dcom.gs.security.enabled=true  -Dcom.gs.manager.rest.ssl.enabled=false

SSL encryption is a separate feature that can be configured independently of GigaSpaces security. In this example, we are enabling GS security and disabling SSL encryption.

That's it! Basic in-memory security is now enabled in GigaSpaces.

What Users are Defined in Quick Start Security?

Quick Start Security uses the default settings in the ../config/security/security-config.xml file. These default users are as follows:

User/Password	User Type	Available functions
gs-admin/gs-admin	Administrator — has access to all system functions	Connect to data source, deploy/undeploy processing units This is the unit of packaging and deployment in the GigaSpaces Data Grid, and is essentially the main GigaSpaces service. The Processing Unit (PU) itself is typically deployed onto the Service Grid. When a Processing Unit is deployed, a Processing Unit instance is the actual runtime entity. (pu This is the unit of packaging and deployment in the GigaSpaces Data Grid, and is essentially the main GigaSpaces service. The Processing Unit (PU) itself is typically deployed onto the Service Grid. When a Processing Unit is deployed, a Processing Unit instance is the actual runtime entity.'s) and services, monitor, start and stop the system, vertical and horizontal scaling, object analysis
gs-mngr/gs-mngr	Manager — has access to monitoring and deployment functions, except those related to starting, stopping or configuring the system.	Functionality includes monitoring, deployment, and querying the system. Functionality excludes those related to defining and controlling the system — cannot connect to data source, deploy processing units and services, start and stop the system, perform vertical and horizontal scaling
gs-viewer/gs-viewer	Viewer — has access to querying and monitoring functions.	Includes functionality related to data querying, system performance and monitoring

User/Password

User Type

Available functions

gs-admin/gs-admin

Administrator — has access to all system functions

Connect to data source, deploy/undeploy processing units

This is the unit of packaging and deployment in the GigaSpaces Data Grid, and is essentially the main GigaSpaces service. The Processing Unit (PU) itself is typically deployed onto the Service Grid. When a Processing Unit is deployed, a Processing Unit instance is the actual runtime entity. (pu

gs-mngr/gs-mngr

Manager — has access to monitoring and deployment functions, except those related to starting, stopping or configuring the system.

Functionality includes monitoring, deployment, and querying the system.

Functionality excludes those related to defining and controlling the system — cannot connect to data source, deploy processing units and services, start and stop the system, perform vertical and horizontal scaling

gs-viewer/gs-viewer

Viewer — has access to querying and monitoring functions.

Includes functionality related to data querying, system performance and monitoring

Testing Quick Start Security

In order to do a basic test of Quick Start security, proceed as follows: