ApacheCon 2014. Infinite Session Clustering with Apache Shiro & Cassandra

Similar documents
Apache Shiro - Executive Summary

Apache Cassandra Query Language (CQL)

Apache Ki (formerly JSecurity) DevNexus

HDB++: HIGH AVAILABILITY WITH. l TANGO Meeting l 20 May 2015 l Reynald Bourtembourg

Docker Java Application with Solr, Mongo, & Cassandra: Design, Deployment, Service Discovery, and Management in Production

Web Frameworks and WebWork

Services. Relational. Databases & JDBC. Today. Relational. Databases SQL JDBC. Next Time. Services. Relational. Databases & JDBC. Today.

Time series IoT data ingestion into Cassandra using Kaa

Copyright 2014 Jaspersoft Corporation. All rights reserved. Printed in the U.S.A. Jaspersoft, the Jaspersoft

Model-View-Controller. and. Struts 2

MariaDB Cassandra interoperability

Introduction to Cassandra

Data Modeling in the New World with Apache Cassandra TM. Jonathan Ellis CTO, DataStax Project chair, Apache Cassandra

IBM WebSphere Server Administration

Apache Traffic Server Extensible Host Resolution

CQL for Cassandra 2.0 & 2.1

Web Service Caching Using Command Cache

Going Native With Apache Cassandra. NoSQL Matters, Cologne, 2014

The Compatible One Application and Platform Service 1 (COAPS) API User Guide

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 5

WebSphere Server Administration Course

Working With Virtual Hosts on Pramati Server

Manage Workflows. Workflows and Workflow Actions

Apache Zeppelin, the missing component for your BigData ecosystem

Spring Data JDBC Extensions Reference Documentation

Apache Karaf in real life ApacheCon NA 2014

Case study: CASSANDRA

Spring Security 3.

Using SQL Server Management Studio

Japan Communication India Skill Development Center

Big Data Development CASSANDRA NoSQL Training - Workshop. March 13 to am to 5 pm HOTEL DUBAI GRAND DUBAI

multiple placeholders bound to one definition, 158 page approval not match author/editor rights, 157 problems with, 156 troubleshooting,

Bidirectional replication for InterBase and Firebird

Japan Communication India Skill Development Center

Apache Cassandra Present and Future. Jonathan Ellis

Retrofi8ng OAuth 2.0 Security into Exis?ng REST Service [CON1765]

Python Driver 1.0 for Apache Cassandra

Informatica Cloud Connector for SharePoint 2010/2013 User Guide

Data Pipeline with Kafka

Apache Sling A REST-based Web Application Framework Carsten Ziegeler cziegeler@apache.org ApacheCon NA 2014

Oracle Fusion Middleware

Going Native With Apache Cassandra. QCon London, 2014

Oracle9i Application Server: Options for Running Active Server Pages. An Oracle White Paper July 2001

Drupal CMS for marketing sites

Course Name: Course in JSP Course Code: P5

Easy-Cassandra User Guide

ADOBE AIR. Working with Data in AIR. David Tucker

Drools Complex Event Processing with Twitter4J. Toshiya Kobayashi Red Hat Senior Software Maintenance Engineer

Rakam: Distributed Analytics API

SPARROW Gateway. Developer API. Version 2.00

3 Techniques for Database Scalability with Hibernate. Geert Bevin - SpringOne 2009

rpafi/tl enterprise Microsoft Enterprise Library 5.0 Develop Enterprise applications using reusable software

Spring Security 3. rpafktl Pen source. intruders with this easy to follow practical guide. Secure your web applications against malicious

JobScheduler Security

Managing Data on the World Wide-Web

Web Applications and Struts 2

Kofax Export Connector for Microsoft SharePoint

Media Upload and Sharing Website using HBASE

Advanced OpenEdge REST/Mobile Security

Advanced Java Client API

WIRIS quizzes web services Getting started with PHP and Java

SpringCM Troubleshooting Guide for Salesforce

E*TRADE Developer Platform. Developer Guide and API Reference. October 24, 2012 API Version: v0

About the VM-Series Firewall

Passcreator API Documentation

McAfee Cloud Identity Manager

Talend Component tgoogleanalyticsmanagement

Web Container Components Servlet JSP Tag Libraries

Practical Cassandra. Vitalii

Web Same-Origin-Policy Exploration Lab

HBase Schema Design. NoSQL Ma4ers, Cologne, April Lars George Director EMEA Services

McAfee Cloud Identity Manager

SharePoint 2013 for Business Process Automation

YouTube Vitess. Cloud-Native MySQL. Oracle OpenWorld Conference October 26, Anthony Yeh, Software Engineer, YouTube.

This three-day instructor-led course provides students with the tools to extend Microsoft Dynamics CRM 4.0.

Defeating XSS and XSRF with JSF Frameworks

CHAPTER 1 - JAVA EE OVERVIEW FOR ADMINISTRATORS

Framework Adoption for Java Enterprise Application Development

Crawl Proxy Installation and Configuration Guide

Pierce County IT Department GIS Division Xuejin Ruan Dan King

Cache Configuration Reference

Service Integration course. Cassandra

Lecture 8a: WWW Proxy Servers and Cookies

Using Oracle Cloud to Power Your Application Development Lifecycle

Apache Cassandra for Big Data Applications

Pervasive Data Integrator. Oracle CRM On Demand Connector Guide

Mastering Tomcat Development

Introduction to Hbase Gkavresis Giorgos 1470

Copyright 2013 Consona Corporation. All rights reserved

Japan Communication India Skill Development Center

Transcription:

ApacheCon 2014 Infinite Clustering with Apache Shiro & Cassandra Les Hazlewood @lhazlewood Apache Shiro Project Chair CTO, Stormpath stormpath.com

.com User Management and Authen=ca=on API Security for your applica=ons User security workflows Security best prac=ces Developer tools, SDKs, libraries

What is Apache Shiro? Applica=on security framework ASF TLP hkp://shiro.apache.org Quick and Easy Simplifies Security

Web Management Authen=ca=on Management Authoriza=on Cryptography Web Support Auxiliary Features

Quick Concepts Subject currentuser = SecurityUtils.getSubject(); currentuser.login(...) currentuser.ispermitted(...)

Management Defined Managing the lifecycle of Subject- specific temporal data context

Management Features Heterogeneous client access POJO/J2SE based (IoC friendly) Event listeners Host address reten=on Inac=vity/expira=on support (touch()) Transparent web use - HKp Container- Independent Clustering!

Acquiring and CreaKng s Subject subject = SecurityUtils.getSubject() //guarantee a session session = subject.get(); //get a session if it exists subject.get(false);

API getstarttimestamp() getlastaccesstime() getattribute(key) setattribute(key, value) get/settimeout(long) touch()...

Management Architecture Subject.get() à

Management Architecture Subject.get() à Manager

Management Architecture Subject.get() à Manager Factory

Management Architecture Subject.get() à Manager Factory DAO

Management Architecture Subject.get() à Manager Factory ID Generator DAO

Management Architecture Subject.get() à Manager Factory ID Generator DAO Cache

Management Architecture Subject.get() à Manager Factory ID Generator DAO Cache Data store

Management Architecture Subject.get() à Manager Factory ID Generator DAO Cache Data store Valida=on Scheduler

Management Architecture Subject.get() à Manager Factory ID Generator DAO Cache Valida=on Scheduler Listeners Data store

Clustering: Clustered Data Store of Choice DAO Valida=on Scheduler ID Generator Cache Data store

Web ConfiguraKon web.xml elements Protects all URLs Innova=ve Filtering (URL- specific chains) JSP Tag support Transparent HKp support

web.xml <listener> <listener-class> org.apache.shiro.web.env.environmentloaderlistener </listener-class> </listener> <filter> <filter-name>shirofilter</filter-name> <filter-class> org.apache.shiro.web.servlet.shirofilter </filter-class> </filter>

web.xml cont d <filter-mapping> <filter-name>shirofilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>request</dispatcher> <dispatcher>forward</dispatcher> <dispatcher>include</dispatcher> <dispatcher>error</dispatcher> </filter-mapping>

shiro.ini overview [main] # bean config here [users] # optional static user accounts (and their roles) here [roles] # optional static roles (and their permissions) here [urls] # filter chains here

Clustering

Two Approaches Write a DAO Use EnterpriseCacheDAO and write a CacheManager

Cassandra DAO

DAO Concerns Manager DAO ID Generator Cache Data store

Custom DAO public class MyDAO extends AbstractDAO { protected void docreate( s){...} protected void doread(serializable id){...} protected void delete( s){...} protected void update( s){...} } Collection<> getactives(){...} Or public class MyDAO extends CachingDAO {... //enables write-through caching }

NaKve Web Manager [main] sessionmanager = org.apache.shiro.web.session.mgt.defaultwebmanager securitymanager.sessionmanager = $sessionmanager

Cassandra DAO [main]... cassandracluster = com.leshazlewood.samples.shiro.cassandra.clusterfactory sessiondao = com.leshazlewood.samples.shiro.cassandra.cassandradao sessiondao.cluster = $cassandracluster sessiondao.keyspacename = shirosessions sessiondao.tablename = sessions...

Plug in the DAO [main]... sessionmanager.sessiondao = $sessiondao

s Table (CQL 3) CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob )

No ValidaKon Scheduler?

No ValidaKon Scheduler? Use Cassandra s TTL

TTL for session Kmeout [main] # Cassandra can enforce a TTL. # No need for Shiro to invalidate! sessionmanager.sessionvalidationschedulerenabled = false

Upsert (CQL 3) UPDATE sessions USING TTL $timeout SET start_ts =?, stop_ts =?, last_access_ts =?, timeout =?, expired =?, host =?, serialized_value =? WHERE id =?

But what about tombstones!?!?

s Table (revised) CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob ) WITH gc_grace_seconds = 86400 AND compacation = { class : LeveledCompactionStrategy }

But what about row caching?

Row Cache? Probably don t need it (but maybe in some cases it would be useful) SSTable likely in Opera=ng System page cache (off heap) DO use Key Cache (very important, enabled by default in 1.2)

Code $ git clone https://github.com/lhazlewood/shirocassandra-sample.git $ cd shiro-cassandra-sample $ $CASSANDRA_HOME/bin/cassandra $ mvn jetty:run Open a browser to http://localhost:8080

Thank You! les@stormpath.com TwiKer: @lhazlewood hkp://www.stormpath.com