Details
-
Sub-task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
1. Hardcoding [1] the "resource path prefix" [2] (i.e. "classpath:") when the user decides to use Apache Shiro [3] to configure security for Apache Geode [4] is well, again, rather limiting.
If a user specifies the Geode (System) property, "security-shiro-init", referencing an Apache Shiro INI configuration file, why not let the user decide the resource path source (i.e. classpath:, file:, or url
of the INI file. For example...
-Dgeode.security-shiro-init=file:/absolute/file/system/path/to/users/application/shiro.ini
I would not arbitrarily restrict users to only the classapth for locating resources. It is unlikely the INI file will contain "sensitive" data (e.g. usernames/passwords, or even permission meta-data) in a production environment. It is more likely, that the users will be configuring 1 or more Shiro Realms declared in the [main] section of the INI file to load the security configuration meta-data from an external repository.
Additionally, Apache Shiro has the ability to detect file changes, and dynamically reload the INI security configuration file [5] when the file: resource path (i.e. file system) is used.