[GEODE-9494] HTTP Session State Module - Security Properties - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.15.0
Component/s: http session
Labels:
- pull-request-available

Description

In order to configure authentication and authorization, the geode cache must be configured with either the security-client-auth-init or security-peer-auth-init properties.
The implementation of the AuthInitialize interface is supposed to obtain credentials for a client or peer and, in practice, it should be able to connect to an external data source or use some extra configuration as to know where to retrieve the actual credentials from. The AuthInitialize.getCredentials() method receives all gemfire properties configured with the prefix security- and its expected to use them in order to configure itself.
The AbstractCache class, however, prevents the user from configuring any property not returned by the AbstractDistributionConfig._getAttNames() method, and this does not include those properties starting with security-:

  public void setProperty(String name, String value) {
    // TODO Look at fake attributes
    if (name.equals("className")) {
      return;
    }

    // Determine the validity of the input property
    boolean validProperty = false;
    // TODO: AbstractDistributionConfig is internal and _getAttNames is designed for testing.
    for (String gemfireProperty : AbstractDistributionConfig._getAttNames()) {
      if (name.equals(gemfireProperty)) {
        validProperty = true;
        break;
      }
    }
...
}

The above, in turn, makes almost impossible for users to correctly implement AuthInitialize without leveraging system properties or hardcoded paths for external configuration.

—

As a side note, security-username and security-password are not "formal" distributed system properties, so they also can't be used when configuring the HTTP session state module:

  <Listener className="org.apache.geode.modules.session.catalina.ClientServerCacheLifecycleListener"
    security-username="myUser"
    security-password="myPassword"/>

10-Aug-2021 12:15:57.118 WARNING [main] org.apache.geode.modules.session.bootstrap.AbstractCache.setProperty The input property named security-username is not a valid GemFire property. It is being ignored.
10-Aug-2021 12:15:57.123 WARNING [main] org.apache.geode.modules.session.bootstrap.AbstractCache.setProperty The input property named security-password is not a valid GemFire property. It is being ignored.

Attachments

Issue Links

links to

GitHub Pull Request #6754

Activity

People

Assignee:: Juan Ramos

Reporter:: Juan Ramos

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 10/Aug/21 11:41

Updated:: 22/Jun/22 20:46

Resolved:: 11/Aug/21 19:37