geode-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sai_boorlaga...@apache.org
Subject [geode-examples] branch develop updated: GEODE-3868: Client security example should use SSL
Date Mon, 29 Jan 2018 17:56:02 GMT
This is an automated email from the ASF dual-hosted git repository.

sai_boorlagadda pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/geode-examples.git


The following commit(s) were added to refs/heads/develop by this push:
     new eef628b  GEODE-3868: Client security example should use SSL
eef628b is described below

commit eef628b6a133f6f650dc3eb249782c6cffc20d81
Author: Sai Boorlagadda <sai.boorlagadda@gmail.com>
AuthorDate: Mon Jan 29 09:56:00 2018 -0800

    GEODE-3868: Client security example should use SSL
---
 README.md                                                 |   4 ++++
 clientSecurity/README.md                                  |   3 ++-
 clientSecurity/example_security.properties                |   6 ++++++
 clientSecurity/keystore.jks                               | Bin 0 -> 515 bytes
 clientSecurity/scripts/start.gfsh                         |   7 +++++--
 clientSecurity/scripts/stop.gfsh                          |   4 +++-
 .../org/apache/geode_examples/clientSecurity/Example.java |   5 +++++
 clientSecurity/truststore.jks                             | Bin 0 -> 515 bytes
 8 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index e817424..543036d 100644
--- a/README.md
+++ b/README.md
@@ -26,6 +26,10 @@ Contributions<sup>[2]</sup> and corrections are welcome. Please
talk to us
 about your suggestions at [dev@geode.apache.org](mailto:dev@geode.apache.org)
 or submit a [pull request](https://github.com/apache/geode/pull/new/develop).
 
+# Apache Geode Version
+
+Check out the master branch to run examples against the latest geode release.
+
 ## Running an example
 
 The gradle build will automatically download and install a Geode release in the
diff --git a/clientSecurity/README.md b/clientSecurity/README.md
index 8626c3d..ff03b9a 100644
--- a/clientSecurity/README.md
+++ b/clientSecurity/README.md
@@ -18,7 +18,8 @@ limitations under the License.
 # Geode security example - Client
 
 This example demonstrates basic command security and user authentication in a client application
-backed by a secured Geode cluster.  This example assumes that Java and Geode are installed.
+backed by a secured Geode cluster. It also demonstrates use of secure sockets (SSL) between
all
+members and between a client and a server.  This example assumes that Java is installed.
 
 ## Security Basics
 
diff --git a/clientSecurity/example_security.properties b/clientSecurity/example_security.properties
index d661639..53e3c44 100644
--- a/clientSecurity/example_security.properties
+++ b/clientSecurity/example_security.properties
@@ -13,3 +13,9 @@
 
 security-manager = org.apache.geode.examples.security.ExampleSecurityManager
 security-json = example_security.json
+
+ssl-enabled-components=all
+ssl-keystore=./../keystore.jks
+ssl-keystore-password=password
+ssl-truststore=./../truststore.jks
+ssl-truststore-password=password
\ No newline at end of file
diff --git a/clientSecurity/keystore.jks b/clientSecurity/keystore.jks
new file mode 100644
index 0000000..6b6e713
Binary files /dev/null and b/clientSecurity/keystore.jks differ
diff --git a/clientSecurity/scripts/start.gfsh b/clientSecurity/scripts/start.gfsh
index 313d035..080d5b4 100644
--- a/clientSecurity/scripts/start.gfsh
+++ b/clientSecurity/scripts/start.gfsh
@@ -20,7 +20,7 @@
 # This requires that the example_security.json be on the classpath.
 # Recall that the --classpath option is specified relative to the locator's working directory.
 
-start locator --name=locator --bind-address=127.0.0.1\
+start locator --name=locator --bind-address=127.0.0.1 --connect=false\
  --security-properties-file=example_security.properties --classpath=../build/resources/main/
 
 # Now we may start our cluster.
@@ -41,6 +41,9 @@ start server --name=server2 --locators=127.0.0.1[10334]\
 # To execute any online commands, we need to connect to the locator
 # To create a region, we can connect as any user with CLUSTER:MANAGE
 
-connect --user=superUser --password=123
+connect --user=superUser --password=123 --use-ssl=true \
+  --key-store=keystore.jks --key-store-password=password \
+  --trust-store=truststore.jks --trust-store-password=password
+
 create region --name=region1 --type=REPLICATE
 create region --name=region2 --type=PARTITION
diff --git a/clientSecurity/scripts/stop.gfsh b/clientSecurity/scripts/stop.gfsh
index ad068e3..6f83ea8 100644
--- a/clientSecurity/scripts/stop.gfsh
+++ b/clientSecurity/scripts/stop.gfsh
@@ -14,5 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-connect --locator=127.0.0.1[10334] --user=superUser --password=123
+connect --locator=127.0.0.1[10334] --user=superUser --password=123 --use-ssl=true \
+   --key-store=./keystore.jks --key-store-password=password \
+   --trust-store=./truststore.jks --trust-store-password=password
 shutdown --include-locators=true
diff --git a/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
b/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
index cb72786..f6762af 100644
--- a/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
+++ b/clientSecurity/src/main/java/org/apache/geode_examples/clientSecurity/Example.java
@@ -59,6 +59,11 @@ public class Example implements AutoCloseable {
     Properties props = new Properties();
     props.setProperty("security-username", username);
     props.setProperty("security-client-auth-init", ExampleAuthInit.class.getName());
+    props.setProperty("ssl-enabled-components", "all");
+    props.setProperty("ssl-keystore", "keystore.jks");
+    props.setProperty("ssl-keystore-password", "password");
+    props.setProperty("ssl-truststore", "truststore.jks");
+    props.setProperty("ssl-truststore-password", "password");
 
     // connect to the locator using default port 10334
     cache = new ClientCacheFactory(props).setPoolSubscriptionEnabled(true)
diff --git a/clientSecurity/truststore.jks b/clientSecurity/truststore.jks
new file mode 100644
index 0000000..6b6e713
Binary files /dev/null and b/clientSecurity/truststore.jks differ

-- 
To stop receiving notification emails like this one, please contact
sai_boorlagadda@apache.org.

Mime
View raw message