@LocatorApplication does not work with @EnableSecurity

[janmaslik]

@UseLocators
@SpringBootApplication
@LocatorApplication(name = "Locator")
@EnableSecurity
public class GeodeLocatorApplication  
{
	public static void main(String[] args) 
        {
		new SpringApplicationBuilder(GeodeLocatorApplication.class)
			.web(WebApplicationType.NONE)
			.build()
			.run(args);

		System.err.println("Press <enter> to exit!");

		new Scanner(System.in).nextLine();
	}

}

using

<groupId>org.springframework.geode</groupId>
<artifactId>spring-geode</artifactId>
<version>1.6.9</version>

Error:
A component required a bean named 'gemfireCache' that could not be found.

[janmaslik]

i found workarround. Instead of @EnableSecurity i used Bean LocatorConfigurer

@Bean
	public LocatorConfigurer securityConfigurer() 
	{
		return (beanName, locatorFactoryBean) -> {
			Properties currentProperties = locatorFactoryBean.getGemFireProperties();
			currentProperties.setProperty("security-manager", "com.shirtplatform.cloud.locator.AppSecurityManager");
			locatorFactoryBean.setGemFireProperties(currentProperties);
		};
	}

but Locator app has problem to connect to other locator using security:

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'locatorApplication' defined in org.springframework.data.gemfire.config.annotation.LocatorApplicationConfiguration: Invocation of init method failed; nested exception is org.apache.geode.security.AuthenticationRequiredException: Failed to find credentials from [....]

[jxblum]

@janmaslik - I was able to reproduce your issue.

...
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'gemfireCache' available
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:862)
	at org.springframework.data.gemfire.config.annotation.ApacheShiroSecurityConfiguration.lambda$shiroGemFireBeanFactoryPostProcessor$1(ApacheShiroSecurityConfiguration.java:126)
...
..
.

FYI, the bits for bootstrapping an Apache Geode (or alternatively, VMware Tanzu GemFire) Locator and enabling Apache Geode Security (Auth) technically resides in Spring Data for Apache Geode (SDG), upon which Spring Boot for Apache Geode (SBDG), this project, is based. SBDG does offer a few extensions, but the primary logic is in SDG.

In any case, I will provide a bit of feedback here, but will be addressing this issue in the SDG project (here) across versions 2.6 (SBDG 1.6 is based on SDG 2.6, FYI), 2.7 and (currently) 3.0. After the next SDG patch release (i.e. 2.6.7) is published to Maven Central, SBDG will pick up the changes from SDG in its respective versions (e.g. 1.6.11).

Based on the configuration you shared above, it would appear that you are only trying to configure and use a custom Apache Geode SecurityManager (Javadoc) implementation.

The error you are encountering is caused by the presence of Apache Shiro on your Spring Boot / Spring Data Geode application classpath. The NoSuchBeanDefinitionException is thrown from here, and specifically, here.

If you are not using the Apache Shiro Security integration with Apache Geode, then you can do 1 of the following:

1. Remove Apache Shiro from your Spring Boot/Data application classpath.
2. Or, alternatively set the following property in Spring Boot application.properties to false:

# Spring Boot application.properties.

spring.data.gemfire.security.shiro.enabled=false

You can only use 1 security provider (e.g. either Apache Shiro, or an implementation of Apache Goede's SecurityManager interface) anyway.

It appears you are using a custom SecurityManager implementation, hence: com.shirtplatform.cloud.locator.AppSecurityManager.

Additionally, and though possible, you should never have to set the SecurityManager implementation using the LocatorConfigurer.

You can simply declare:

@UseLocators
@SpringBootApplication
@LocatorApplication(name = "Locator")
@EnableSecurity(securityManagerClassName = "com.shirtplatform.cloud.locator.AppSecurityManager")
public class GeodeLocatorApplication  { 
  // ...
}

Or, better yet:

@UseLocators
@SpringBootApplication
@LocatorApplication(name = "Locator")
@EnableSecurity(securityManagerClass = com.shirtplatform.cloud.locator.AppSecurityManager.class)
public class GeodeLocatorApplication  { 
  // ...
}

See here.

This should allow you to workaround this issue.

The cause of this issue stems from the fact that SDG's @EnableSecurity functionality predates Locator-based application support in SDG, so logic was missing for support of Locators configured and bootstrapped with SDG.

The connection to other secure Locators seems to be a configuration problem. But, it is hard to say for sure without knowing more about your configuration. All "secure" Locators need to be enabled with security and share the credentials required to connect to each other. This is a function of your SecurityManager more than anything else.

[jxblum]

Sorry for the delay. A few updates:

1. First, I had to proceed forward in releasing SBDG 1.6.11 and 1.7.3 based on the current Spring Boot 2.6.x and 2.7.x release schedules, ahead of the required changes (fix) for this issue.

2. Second, I have finally completed the required changes in Spring Data for Apache Geode (SDG) 2.6.x and 2.7.x. The fixes will be included in the upcoming releases of SDG (i.e. SDG 2.6.7 and SDG 2.7.3) scheduled mid next month, tentatively on Friday, September 16th, 2022.

3. Subsequently, this means when Spring Boot 2.6.12 and 2.7.4 are released following Spring Data, ~Thursday, September 22nd, 2022, Spring Boot for Apache Geode 1.6.12 and 1.7.4 will follow suit and release as well, which will include the new versions of SDG (respectively; i.e. 2.6.7 and 2.7.3) which contain the required changes and fixes for this issue.

This turned out to be a rather involved set of changes. However, after careful analysis and testing, I believe this problem has been adequately addressed.

Of course, are free to try the changes in your test environment now. Simply override the SDG dependency (using Maven or Gradle) pulled in by SBDG (e.g. if you are using the starter) to include the org.springframework.data:spring-data-geode:1.6.7-SNAPSHOT, which will contain the changes.

If you have other questions, let me know.

If you encounter other issues, please file a new ticket in SDG, here.

[janmaslik]

Hi jxblum ,
Thank you very much for detailed explanation and support. I try to use the property and later i will try new version.

[jxblum]

You are welcome. Sounds good and if you have any more problems, please respond here or open a new ticket. Also, just a friendly reminder, the fix for this will be available in SBDG 1.6.12, 1.7.4 and 2.0.0-M5.

Cheers!