Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra

920 views
600 views

Published on

In this session Les Hazlewood, the Apache Shiro PMC Chair, will cover Shiro's enterprise session management capabilities, how it can be used across any application (not just web or JEE applications) and how to use Cassandra as Shiro's session store, enabling a distributed session cluster supporting hundreds of thousands or even millions of concurrent sessions. As a working example, Les will show how to set up a session cluster in under 10 minutes using Cassandra. If you need to scale user session load, you won't want to miss this!

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
920
On SlideShare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
18
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra

  1. 1. @lhazlewood  |  @goStormpath   Infinite  Session  Clustering  with     Apache  Shiro  &  Cassandra   Les  Hazlewood  @lhazlewood   Apache  Shiro  Project  Chair   CTO,  Stormpath  stormpath.com   Silicon  Valley  C*  Day  2014  
  2. 2. @lhazlewood  |  @goStormpath    .com   •  User  Management  and  AuthenAcaAon   API   •  Security  for  your  applicaAons   •  User  security  workflows   •  Security  best  pracAces   •  Developer  tools,  SDKs,  libraries  
  3. 3. @lhazlewood  |  @goStormpath   •  ApplicaAon  security  framework   •  ASF  TLP  hMp://shiro.apache.org   •  Quick  and  Easy   •  Simplifies  Security   What  is  Apache  Shiro?  
  4. 4. @lhazlewood  |  @goStormpath   Web  Session  Management   Auxiliary  Features   AuthorizaAon  AuthenAcaAon   Cryptography   Session   Management   Web  Support  
  5. 5. @lhazlewood  |  @goStormpath   Quick  Concepts   Subject currentUser = SecurityUtils.getSubject(); currentUser.login(...) currentUser.isPermitted(...)
  6. 6. @lhazlewood  |  @goStormpath   Session  Management  Defined   Managing  the  lifecycle  of  Subject-­‐specific   temporal  data  context  
  7. 7. @lhazlewood  |  @goStormpath   Session  Management  Features   •  Heterogeneous  client  access   •  POJO/J2SE  based  (IoC  friendly)   •  Event  listeners   •  Host  address  retenAon   •  InacAvity/expiraAon  support  (touch())   •  Transparent  web  use  -­‐  HMpSession   •  Container-­‐Independent  Clustering!  
  8. 8. @lhazlewood  |  @goStormpath   Acquiring  and  CreaNng  Sessions   Subject subject = SecurityUtils.getSubject() //guarantee a session Session session = subject.getSession(); //get a session if it exists subject.getSession(false);
  9. 9. @lhazlewood  |  @goStormpath   Session  API   getStartTimestamp() getLastAccessTime() getAttribute(key) setAttribute(key, value) get/setTimeout(long) touch() ...
  10. 10. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   .getSession()  à   Session  
  11. 11. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   .getSession()  à   Session  
  12. 12. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   .getSession()  à   Session   Factory   Session  
  13. 13. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session   Factory   Session  
  14. 14. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Factory   Session  
  15. 15. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   Session  
  16. 16. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   Session   Data   store  
  17. 17. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   ValidaAon   Scheduler   Session   Data   store  
  18. 18. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   ValidaAon   Scheduler   Session   Listeners   Session   Data   store  
  19. 19. @lhazlewood  |  @goStormpath   Session  Clustering:   Clustered  Data  Store  of  Choice   SessionDAO   Session  ID   Generator   Session   Cache   ValidaAon   Scheduler   Data   store  
  20. 20. @lhazlewood  |  @goStormpath   Web  ConfiguraNon   •  web.xml  elements   •  Protects  all  URLs   •  InnovaAve  Filtering  (URL-­‐specific  chains)   •  JSP  Tag  support   •  Transparent  HMpSession  support  
  21. 21. @lhazlewood  |  @goStormpath   web.xml   <listener> <listener-class> org.apache.shiro.web.env.EnvironmentLoaderListener </listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class> org.apache.shiro.web.servlet.ShiroFilter </filter-class> </filter>
  22. 22. @lhazlewood  |  @goStormpath   web.xml  cont’d   <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
  23. 23. @lhazlewood  |  @goStormpath   shiro.ini  overview   [main] # bean config here [users] # optional static user accounts (and their roles) here [roles] # optional static roles (and their permissions) here [urls] # filter chains here
  24. 24. @lhazlewood  |  @goStormpath   Session  Clustering  
  25. 25. @lhazlewood  |  @goStormpath   Two  Approaches   •  Write  a  SessionDAO     •  Use  EnterpriseCacheSessionDAO  and   write  a  CacheManager  
  26. 26. @lhazlewood  |  @goStormpath   Cassandra  SessionDAO  
  27. 27. @lhazlewood  |  @goStormpath   SessionDAO  Concerns   SessionManager   SessionDAO   Session  ID   Generator   Session   Cache   Data   store  
  28. 28. @lhazlewood  |  @goStormpath   Custom  SessionDAO   public class MySessionDAO extends AbstractSessionDAO { protected void doCreate(Session s){...} protected void doReadSession(Serializable id){...} protected void delete(Session s){...} protected void update(Session s){...} Collection<Session> getActiveSessions(){...} } Or public class MySessionDAO extends CachingSessionDAO { ... //enables write-through caching }
  29. 29. @lhazlewood  |  @goStormpath   NaNve  Web  Session  Manager   [main] sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager
  30. 30. @lhazlewood  |  @goStormpath   Cassandra  SessionDAO   [main] ... cassandraCluster = com.leshazlewood.samples.shiro.cassandra.ClusterFactory sessionDAO = com.leshazlewood.samples.shiro.cassandra.CassandraSessionDAO sessionDAO.cluster = $cassandraCluster sessionDAO.keyspaceName = shirosessions sessionDAO.tableName = sessions ...
  31. 31. @lhazlewood  |  @goStormpath   Plug  in  the  SessionDAO   [main] ... sessionManager.sessionDAO = $sessionDAO
  32. 32. @lhazlewood  |  @goStormpath   Sessions  Table  (CQL  3)   CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob )
  33. 33. @lhazlewood  |  @goStormpath   No  ValidaNon  Scheduler?  
  34. 34. @lhazlewood  |  @goStormpath   No  ValidaNon  Scheduler?   Use  Cassandra’s  TTL  
  35. 35. @lhazlewood  |  @goStormpath   TTL  for  session  Nmeout   [main] # Cassandra can enforce a TTL. # No need for Shiro to invalidate! sessionManager.sessionValidationSchedulerEnabled = false
  36. 36. @lhazlewood  |  @goStormpath   Session  Upsert  (CQL  3)   UPDATE sessions USING TTL $timeout SET start_ts = ?, stop_ts = ?, last_access_ts = ?, timeout = ?, expired = ?, host = ?, serialized_value = ? WHERE id = ?
  37. 37. @lhazlewood  |  @goStormpath   But  what  about  tombstones!?!?  
  38. 38. @lhazlewood  |  @goStormpath   Sessions  Table  (revised)   CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob ) WITH gc_grace_seconds = 86400 AND compacation = {‘class’:’LeveledCompactionStrategy’}
  39. 39. @lhazlewood  |  @goStormpath   But  what  about  row  caching?  
  40. 40. @lhazlewood  |  @goStormpath   Row  Cache?   Don’t  need  it!     •  SSTable  likely  in  OperaAng  System  page  cache  (off   heap)   •  DO  use  Key  Cache  (very  important,  enabled  by   default  in  1.2+)  
  41. 41. @lhazlewood  |  @goStormpath   Demo  Time!  
  42. 42. @lhazlewood  |  @goStormpath   Code   $ git clone https://github.com/lhazlewood/ shiro-cassandra-sample.git $ cd shiro-cassandra-sample $ $CASSANDRA_HOME/bin/cassandra $ mvn jetty:run Open a browser to http://localhost:8080
  43. 43. @lhazlewood  |  @goStormpath   Thank  You!   •  les@stormpath.com   •  TwiMer:  @lhazlewood   •  hMp://www.stormpath.com  

×