This page describes an older version of the product. The latest stable version is 12.3.

Security


This section provides an understanding of GigaSpaces Security features, where they fit in the GigaSpaces architecture, which components can be secured, and how to configure and customize the security depending on your application security requirements. XAP Security provides comprehensive support for securing your data, services, or both. GigaSpaces provides a set of authorities granting privileged access to data, and for performing operations on services.

Note

Some security features are part of the open source edition, while others are only available with the commercial (licensed) editions.

Dependencies

In order to use this feature, include the ${XAP_HOME}/lib/optional/security/xap-security.jar file on your classpath or use maven dependencies:

<dependency>
    <groupId>com.gigaspaces</groupId>
    <artifactId>xap-security</artifactId>
    <version>12.2.1</version>
</dependency>
See also:

For more information on dependencies, refer to Maven Artifacts.

Main Security Features

The features listed below are available with the open-source editions of GigaSpaces products.

  • Authority and Roles

    • Data access privileges
    • Operation privileges
    • Monitoring privileges
    • System administration privileges
  • Data-Grid operations Auditing

  • SSL Transport Layer security

Extensions

The features listed below are available with the commercial licensed editions of GigaSpaces products.

  • Spring Based Security support

    • LDAP Authenticating
    • Database Authenticating
  • Administration tools

    • User intefaces: gs-ui, web-ui, gs CLI
    • Admin API

Layers of Security

XAP security can be applied in three separate layers:

  • Data layer - Includes Spaces and Processing Units.
  • Grid layer- Includes grid components (GSA, GSM, GSC, XAP Manager + REST Manager API).
  • Transport layer - Provides a generic network filter with SSL support.

You can secure any of these, or all of them for maximum security.

Configuring Security

Security is configured via a property file that includes required and custom properties. For more information, refer to the following parts of the Security section in this Administration guide:

Enabling Security

Security can be enabled separately for the data layer and the grid layer.

  • The data layer has options to declare a secured Space or Processing Unit.
  • The grid layer has options to declare the Grid as secured.

Security Implementations for Licensed GigaSpaces Products

Note

The Open Source editions do not include a security implementation. A reference implementation is provided instead.

When no property file is configured, there is a fallback implementation mainly used for testing or to get you started. This implementation stores the user credentials in a local file and can be used to demonstrate that security has been applied.

Refer to the following sections for more information about XAP security implementation:

Hello World Example

The Hello World example provides a step-by-step guide to deploying a Processing Unit with a secured Space, accessing it from a remote proxy, and declaring principals using the administration tools.

Spring Security

Spring Security is one of the most mature and widely used Spring projects. GigaSpaces provides a Spring-based security bridge to enable an extensible implementation to various authentication sources. One such example is with LDAP (Lightweight Directory Access Protocol).

For more information, refer to Spring Security Bridge.