0
@lhazlewood	
  |	
  @goStormpath	
  
Infinite	
  Session	
  Clustering	
  with	
  	
  
Apache	
  Shiro	
  &	
  Cassandra	
 ...
@lhazlewood	
  |	
  @goStormpath	
  
	
  .com	
  
•  User	
  Management	
  and	
  AuthenAcaAon	
  
API	
  
•  Security	
  ...
@lhazlewood	
  |	
  @goStormpath	
  
•  ApplicaAon	
  security	
  framework	
  
•  ASF	
  TLP	
  hMp://shiro.apache.org	
 ...
@lhazlewood	
  |	
  @goStormpath	
  
Web	
  Session	
  Management	
  
Auxiliary	
  Features	
  
AuthorizaAon	
  AuthenAcaA...
@lhazlewood	
  |	
  @goStormpath	
  
Quick	
  Concepts	
  
Subject currentUser =
SecurityUtils.getSubject();
currentUser.l...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Defined	
  
Managing	
  the	
  lifecycle	
  of	
  Subject-­‐s...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Features	
  
•  Heterogeneous	
  client	
  access	
  
•  POJ...
@lhazlewood	
  |	
  @goStormpath	
  
Acquiring	
  and	
  CreaNng	
  Sessions	
  
Subject subject =
SecurityUtils.getSubjec...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  API	
  
getStartTimestamp()
getLastAccessTime()
getAttribute(key)
setAttri...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
   .getSession()	
  à	
   Session...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
.getSession(...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
.getSession(...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
SessionDAO	
...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
SessionDAO	
...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
SessionDAO	
...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
SessionDAO	
...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
SessionDAO	
...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Management	
  Architecture	
  
Subject	
  
SessionManager	
  
SessionDAO	
...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Clustering:	
  
Clustered	
  Data	
  Store	
  of	
  Choice	
  
SessionDAO	...
@lhazlewood	
  |	
  @goStormpath	
  
Web	
  ConfiguraNon	
  
•  web.xml	
  elements	
  
•  Protects	
  all	
  URLs	
  
•  I...
@lhazlewood	
  |	
  @goStormpath	
  
web.xml	
  
<listener>
<listener-class>
org.apache.shiro.web.env.EnvironmentLoaderLis...
@lhazlewood	
  |	
  @goStormpath	
  
web.xml	
  cont’d	
  
<filter-mapping>
<filter-name>ShiroFilter</filter-name>
<url-pa...
@lhazlewood	
  |	
  @goStormpath	
  
shiro.ini	
  overview	
  
[main]
# bean config here
[users]
# optional static user ac...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Clustering	
  
@lhazlewood	
  |	
  @goStormpath	
  
Two	
  Approaches	
  
•  Write	
  a	
  SessionDAO	
  
	
  
•  Use	
  EnterpriseCacheS...
@lhazlewood	
  |	
  @goStormpath	
  
Cassandra	
  SessionDAO	
  
@lhazlewood	
  |	
  @goStormpath	
  
SessionDAO	
  Concerns	
  
SessionManager	
  
SessionDAO	
  
Session	
  ID	
  
Genera...
@lhazlewood	
  |	
  @goStormpath	
  
Custom	
  SessionDAO	
  
public class MySessionDAO extends AbstractSessionDAO {
prote...
@lhazlewood	
  |	
  @goStormpath	
  
NaNve	
  Web	
  Session	
  Manager	
  
[main]
sessionManager = org.apache.shiro.web.s...
@lhazlewood	
  |	
  @goStormpath	
  
Cassandra	
  SessionDAO	
  
[main]
...
cassandraCluster = com.leshazlewood.samples.sh...
@lhazlewood	
  |	
  @goStormpath	
  
Plug	
  in	
  the	
  SessionDAO	
  
[main]
...
sessionManager.sessionDAO = $sessionDAO
@lhazlewood	
  |	
  @goStormpath	
  
Sessions	
  Table	
  (CQL	
  3)	
  
CREATE TABLE sessions (
id timeuuid PRIMARY KEY,
...
@lhazlewood	
  |	
  @goStormpath	
  
No	
  ValidaNon	
  Scheduler?	
  
@lhazlewood	
  |	
  @goStormpath	
  
No	
  ValidaNon	
  Scheduler?	
  
Use	
  Cassandra’s	
  TTL	
  
@lhazlewood	
  |	
  @goStormpath	
  
TTL	
  for	
  session	
  Nmeout	
  
[main]
# Cassandra can enforce a TTL.
# No need f...
@lhazlewood	
  |	
  @goStormpath	
  
Session	
  Upsert	
  (CQL	
  3)	
  
UPDATE sessions USING TTL $timeout SET
start_ts =...
@lhazlewood	
  |	
  @goStormpath	
  
But	
  what	
  about	
  tombstones!?!?	
  
@lhazlewood	
  |	
  @goStormpath	
  
Sessions	
  Table	
  (revised)	
  
CREATE TABLE sessions (
id timeuuid PRIMARY KEY,
s...
@lhazlewood	
  |	
  @goStormpath	
  
But	
  what	
  about	
  row	
  caching?	
  
@lhazlewood	
  |	
  @goStormpath	
  
Row	
  Cache?	
  
Don’t	
  need	
  it!	
  
	
  
•  SSTable	
  likely	
  in	
  OperaAn...
@lhazlewood	
  |	
  @goStormpath	
  
Demo	
  Time!	
  
@lhazlewood	
  |	
  @goStormpath	
  
Code	
  
$ git clone https://github.com/lhazlewood/
shiro-cassandra-sample.git
$ cd s...
@lhazlewood	
  |	
  @goStormpath	
  
Thank	
  You!	
  
•  les@stormpath.com	
  
•  TwiMer:	
  @lhazlewood	
  
•  hMp://www...
Upcoming SlideShare
Loading in...5
×

Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra

419

Published on

In this session Les Hazlewood, the Apache Shiro PMC Chair, will cover Shiro's enterprise session management capabilities, how it can be used across any application (not just web or JEE applications) and how to use Cassandra as Shiro's session store, enabling a distributed session cluster supporting hundreds of thousands or even millions of concurrent sessions. As a working example, Les will show how to set up a session cluster in under 10 minutes using Cassandra. If you need to scale user session load, you won't want to miss this!

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
419
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Cassandra Day SV 2014: Infinite Session Clustering with Apache Cassandra"

  1. 1. @lhazlewood  |  @goStormpath   Infinite  Session  Clustering  with     Apache  Shiro  &  Cassandra   Les  Hazlewood  @lhazlewood   Apache  Shiro  Project  Chair   CTO,  Stormpath  stormpath.com   Silicon  Valley  C*  Day  2014  
  2. 2. @lhazlewood  |  @goStormpath    .com   •  User  Management  and  AuthenAcaAon   API   •  Security  for  your  applicaAons   •  User  security  workflows   •  Security  best  pracAces   •  Developer  tools,  SDKs,  libraries  
  3. 3. @lhazlewood  |  @goStormpath   •  ApplicaAon  security  framework   •  ASF  TLP  hMp://shiro.apache.org   •  Quick  and  Easy   •  Simplifies  Security   What  is  Apache  Shiro?  
  4. 4. @lhazlewood  |  @goStormpath   Web  Session  Management   Auxiliary  Features   AuthorizaAon  AuthenAcaAon   Cryptography   Session   Management   Web  Support  
  5. 5. @lhazlewood  |  @goStormpath   Quick  Concepts   Subject currentUser = SecurityUtils.getSubject(); currentUser.login(...) currentUser.isPermitted(...)
  6. 6. @lhazlewood  |  @goStormpath   Session  Management  Defined   Managing  the  lifecycle  of  Subject-­‐specific   temporal  data  context  
  7. 7. @lhazlewood  |  @goStormpath   Session  Management  Features   •  Heterogeneous  client  access   •  POJO/J2SE  based  (IoC  friendly)   •  Event  listeners   •  Host  address  retenAon   •  InacAvity/expiraAon  support  (touch())   •  Transparent  web  use  -­‐  HMpSession   •  Container-­‐Independent  Clustering!  
  8. 8. @lhazlewood  |  @goStormpath   Acquiring  and  CreaNng  Sessions   Subject subject = SecurityUtils.getSubject() //guarantee a session Session session = subject.getSession(); //get a session if it exists subject.getSession(false);
  9. 9. @lhazlewood  |  @goStormpath   Session  API   getStartTimestamp() getLastAccessTime() getAttribute(key) setAttribute(key, value) get/setTimeout(long) touch() ...
  10. 10. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   .getSession()  à   Session  
  11. 11. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   .getSession()  à   Session  
  12. 12. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   .getSession()  à   Session   Factory   Session  
  13. 13. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session   Factory   Session  
  14. 14. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Factory   Session  
  15. 15. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   Session  
  16. 16. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   Session   Data   store  
  17. 17. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   ValidaAon   Scheduler   Session   Data   store  
  18. 18. @lhazlewood  |  @goStormpath   Session  Management  Architecture   Subject   SessionManager   SessionDAO   .getSession()  à   Session  ID   Generator   Session   Cache   Session   Factory   ValidaAon   Scheduler   Session   Listeners   Session   Data   store  
  19. 19. @lhazlewood  |  @goStormpath   Session  Clustering:   Clustered  Data  Store  of  Choice   SessionDAO   Session  ID   Generator   Session   Cache   ValidaAon   Scheduler   Data   store  
  20. 20. @lhazlewood  |  @goStormpath   Web  ConfiguraNon   •  web.xml  elements   •  Protects  all  URLs   •  InnovaAve  Filtering  (URL-­‐specific  chains)   •  JSP  Tag  support   •  Transparent  HMpSession  support  
  21. 21. @lhazlewood  |  @goStormpath   web.xml   <listener> <listener-class> org.apache.shiro.web.env.EnvironmentLoaderListener </listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class> org.apache.shiro.web.servlet.ShiroFilter </filter-class> </filter>
  22. 22. @lhazlewood  |  @goStormpath   web.xml  cont’d   <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
  23. 23. @lhazlewood  |  @goStormpath   shiro.ini  overview   [main] # bean config here [users] # optional static user accounts (and their roles) here [roles] # optional static roles (and their permissions) here [urls] # filter chains here
  24. 24. @lhazlewood  |  @goStormpath   Session  Clustering  
  25. 25. @lhazlewood  |  @goStormpath   Two  Approaches   •  Write  a  SessionDAO     •  Use  EnterpriseCacheSessionDAO  and   write  a  CacheManager  
  26. 26. @lhazlewood  |  @goStormpath   Cassandra  SessionDAO  
  27. 27. @lhazlewood  |  @goStormpath   SessionDAO  Concerns   SessionManager   SessionDAO   Session  ID   Generator   Session   Cache   Data   store  
  28. 28. @lhazlewood  |  @goStormpath   Custom  SessionDAO   public class MySessionDAO extends AbstractSessionDAO { protected void doCreate(Session s){...} protected void doReadSession(Serializable id){...} protected void delete(Session s){...} protected void update(Session s){...} Collection<Session> getActiveSessions(){...} } Or public class MySessionDAO extends CachingSessionDAO { ... //enables write-through caching }
  29. 29. @lhazlewood  |  @goStormpath   NaNve  Web  Session  Manager   [main] sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager
  30. 30. @lhazlewood  |  @goStormpath   Cassandra  SessionDAO   [main] ... cassandraCluster = com.leshazlewood.samples.shiro.cassandra.ClusterFactory sessionDAO = com.leshazlewood.samples.shiro.cassandra.CassandraSessionDAO sessionDAO.cluster = $cassandraCluster sessionDAO.keyspaceName = shirosessions sessionDAO.tableName = sessions ...
  31. 31. @lhazlewood  |  @goStormpath   Plug  in  the  SessionDAO   [main] ... sessionManager.sessionDAO = $sessionDAO
  32. 32. @lhazlewood  |  @goStormpath   Sessions  Table  (CQL  3)   CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob )
  33. 33. @lhazlewood  |  @goStormpath   No  ValidaNon  Scheduler?  
  34. 34. @lhazlewood  |  @goStormpath   No  ValidaNon  Scheduler?   Use  Cassandra’s  TTL  
  35. 35. @lhazlewood  |  @goStormpath   TTL  for  session  Nmeout   [main] # Cassandra can enforce a TTL. # No need for Shiro to invalidate! sessionManager.sessionValidationSchedulerEnabled = false
  36. 36. @lhazlewood  |  @goStormpath   Session  Upsert  (CQL  3)   UPDATE sessions USING TTL $timeout SET start_ts = ?, stop_ts = ?, last_access_ts = ?, timeout = ?, expired = ?, host = ?, serialized_value = ? WHERE id = ?
  37. 37. @lhazlewood  |  @goStormpath   But  what  about  tombstones!?!?  
  38. 38. @lhazlewood  |  @goStormpath   Sessions  Table  (revised)   CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob ) WITH gc_grace_seconds = 86400 AND compacation = {‘class’:’LeveledCompactionStrategy’}
  39. 39. @lhazlewood  |  @goStormpath   But  what  about  row  caching?  
  40. 40. @lhazlewood  |  @goStormpath   Row  Cache?   Don’t  need  it!     •  SSTable  likely  in  OperaAng  System  page  cache  (off   heap)   •  DO  use  Key  Cache  (very  important,  enabled  by   default  in  1.2+)  
  41. 41. @lhazlewood  |  @goStormpath   Demo  Time!  
  42. 42. @lhazlewood  |  @goStormpath   Code   $ git clone https://github.com/lhazlewood/ shiro-cassandra-sample.git $ cd shiro-cassandra-sample $ $CASSANDRA_HOME/bin/cassandra $ mvn jetty:run Open a browser to http://localhost:8080
  43. 43. @lhazlewood  |  @goStormpath   Thank  You!   •  les@stormpath.com   •  TwiMer:  @lhazlewood   •  hMp://www.stormpath.com  
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×