Upload
planet-cassandra
View
1.424
Download
2
Tags:
Embed Size (px)
DESCRIPTION
In this session Les Hazlewood, the Apache Shiro PMC Chair, will cover Shiro's enterprise session management capabilities, how it can be used across any application (not just web or JEE applications) and how to use Cassandra as Shiro's session store, enabling a distributed session cluster supporting hundreds of thousands or even millions of concurrent sessions. As a working example, Les will show how to set up a session cluster in under 10 minutes using Cassandra. If you need to scale user session load, you won't want to miss this!
Citation preview
#Cassandra13
Infinite Session Clustering with Apache Shiro & Cassandra
Les Hazlewood @lhazlewood Apache Shiro Project Chair
CTO, Stormpath stormpath.com
Cassandra Summit 2013
#Cassandra13
.com • User Management and Authen?ca?on API • Security for your applica?ons • User security workflows • Security best prac?ces • Developer tools, SDKs, libraries
#Cassandra13
• Applica?on security framework
• ASF TLP hMp://shiro.apache.org
• Quick and Easy • Simplifies Security
What is Apache Shiro?
#Cassandra13
Web Session Management
Auxiliary Features
Authoriza?on Authen?ca?on
Cryptography Session
Management
Web Support
#Cassandra13
Quick Concepts
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(...) currentUser.isPermitted(...)
#Cassandra13
Session Management Defined Managing the lifecycle of Subject-‐specific temporal data context
#Cassandra13
Session Management Features • Heterogeneous client access • POJO/J2SE based (IoC friendly) • Event listeners • Host address reten?on • Inac?vity/expira?on support (touch()) • Transparent web use -‐ HMpSession • Container-‐Independent Clustering!
#Cassandra13
Acquiring and CreaKng Sessions Subject subject = SecurityUtils.getSubject() //guarantee a session Session session = subject.getSession(); //get a session if it exists subject.getSession(false);
#Cassandra13
Session API getStartTimestamp()
getLastAccessTime()
getAttribute(key)
setAttribute(key, value)
get/setTimeout(long)
touch()
...
#Cassandra13
Session Management Architecture Subject .getSession() à Session
#Cassandra13
Session Management Architecture Subject
SessionManager
.getSession() à Session
#Cassandra13
Session Management Architecture Subject
SessionManager
.getSession() à
Session Factory
Session
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session Factory
Session
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Factory
Session
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Session
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Session
Data store
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Valida?on Scheduler
Session
Data store
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Valida?on Scheduler Session
Listeners
Session
Data store
#Cassandra13
Session Clustering: Clustered Data Store of Choice
SessionDAO
Session ID Generator
Session Cache
Valida?on Scheduler
Data store
#Cassandra13
Web ConfiguraKon • web.xml elements
• Protects all URLs
• Innova?ve Filtering (URL-‐specific chains)
• JSP Tag support
• Transparent HMpSession support
#Cassandra13
web.xml <listener> <listener-class> org.apache.shiro.web.env.EnvironmentLoaderListener </listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class> org.apache.shiro.web.servlet.ShiroFilter </filter-class> </filter>
#Cassandra13
web.xml cont’d <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
#Cassandra13
shiro.ini overview [main] # bean config here [users] # optional static user accounts (and their roles) here [roles] # optional static roles (and their permissions) here [urls] # filter chains here
#Cassandra13
Session Clustering
#Cassandra13
Two Approaches • Write a SessionDAO
• Use EnterpriseCacheSessionDAO and
write a CacheManager
#Cassandra13
Cassandra SessionDAO
#Cassandra13
SessionDAO Concerns SessionManager
SessionDAO
Session ID Generator
Session Cache
Data store
#Cassandra13
Custom SessionDAO public class MySessionDAO extends AbstractSessionDAO { protected void doCreate(Session s){...} protected void doReadSession(Serializable id){...} protected void delete(Session s){...} protected void update(Session s){...}
Collection<Session> getActiveSessions(){...} } Or public class MySessionDAO extends CachingSessionDAO { ... //enables write-through caching }
#Cassandra13
NaKve Web Session Manager [main] sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager
#Cassandra13
Cassandra SessionDAO [main] ... cassandraCluster = com.leshazlewood.samples.shiro.cassandra.ClusterFactory
sessionDAO = com.leshazlewood.samples.shiro.cassandra.CassandraSessionDAO sessionDAO.cluster = $cassandraCluster sessionDAO.keyspaceName = shirosessions sessionDAO.tableName = sessions ...
#Cassandra13
Plug in the SessionDAO [main] ... sessionManager.sessionDAO = $sessionDAO
#Cassandra13
Sessions Table (CQL 3) CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob )
#Cassandra13
No ValidaKon Scheduler?
#Cassandra13
No ValidaKon Scheduler? Use Cassandra’s TTL
#Cassandra13
TTL for session Kmeout [main] # Cassandra can enforce a TTL. # No need for Shiro to invalidate! sessionManager.sessionValidationSchedulerEnabled = false
#Cassandra13
Session Upsert (CQL 3) UPDATE sessions USING TTL $timeout SET start_ts = ?, stop_ts = ?, last_access_ts = ?, timeout = ?,
expired = ?, host = ?, serialized_value = ? WHERE id = ?
#Cassandra13
But what about tombstones!?!?
#Cassandra13
Sessions Table (revised) CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob ) WITH gc_grace_seconds = 86400 AND compacation = {‘class’:’LeveledCompactionStrategy’}
#Cassandra13
But what about row caching?
#Cassandra13
Row Cache? Probably don’t need it (but maybe in some cases it would be useful)
• SSTable likely in Opera?ng System page cache (off heap)
• DO use Key Cache (very important, enabled by default in 1.2)
#Cassandra13
Code $ git clone https://github.com/lhazlewood/shiro-cassandra-sample.git $ cd shiro-cassandra-sample $ $CASSANDRA_HOME/bin/cassandra $ mvn jetty:run Open a browser to http://localhost:8080
#Cassandra13
Thank You! • [email protected] • TwiMer: @lhazlewood • hMp://www.stormpath.com