#Cassandra13	  Infinite	  Session	  Clustering	  with	  	  Apache	  Shiro	  &	  Cassandra	  Les	  Hazlewood	  @lhazlewood	 ...
#Cassandra13	  	  .com	  •  User	  Management	  and	  Authen?ca?on	  API	  •  Security	  for	  your	  applica?ons	  •  Use...
#Cassandra13	  •  Applica?on	  security	  framework	  •  ASF	  TLP	  hMp://shiro.apache.org	  •  Quick	  and	  Easy	  •  S...
#Cassandra13	  Web	  Session	  Management	  Auxiliary	  Features	  Authoriza?on	  Authen?ca?on	  Cryptography	  Session	  ...
#Cassandra13	  Quick	  Concepts	  Subject currentUser =SecurityUtils.getSubject();currentUser.login(...)currentUser.isPerm...
#Cassandra13	  Session	  Management	  Defined	  Managing	  the	  lifecycle	  of	  Subject-­‐specific	  temporal	  data	  con...
#Cassandra13	  Session	  Management	  Features	  •  Heterogeneous	  client	  access	  •  POJO/J2SE	  based	  (IoC	  friend...
#Cassandra13	  Acquiring	  and	  CreaKng	  Sessions	  Subject subject =SecurityUtils.getSubject()//guarantee a sessionSess...
#Cassandra13	  Session	  API	  getStartTimestamp()getLastAccessTime()getAttribute(key)setAttribute(key, value)get/setTimeo...
#Cassandra13	  Session	  Management	  Architecture	  Subject	   .getSession()	  à	   Session	  
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  .getSession()	  à	   Session	  
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  .getSession()	  à	  Session	  Factory	  S...
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  SessionDAO	  .getSession()	  à	  Session	...
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  SessionDAO	  .getSession()	  à	  Session	...
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  SessionDAO	  .getSession()	  à	  Session	...
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  SessionDAO	  .getSession()	  à	  Session	...
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  SessionDAO	  .getSession()	  à	  Session	...
#Cassandra13	  Session	  Management	  Architecture	  Subject	  SessionManager	  SessionDAO	  .getSession()	  à	  Session	...
#Cassandra13	  Session	  Clustering:	  Clustered	  Data	  Store	  of	  Choice	  SessionDAO	  Session	  ID	  Generator	  Se...
#Cassandra13	  Web	  ConfiguraKon	  •  web.xml	  elements	  •  Protects	  all	  URLs	  •  Innova?ve	  Filtering	  (URL-­‐sp...
#Cassandra13	  web.xml	  <listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></li...
#Cassandra13	  web.xml	  cont’d	  <filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern><disp...
#Cassandra13	  shiro.ini	  overview	  [main]# bean config here[users]# optional static user accounts (and their roles) her...
#Cassandra13	  Session	  Clustering	  
#Cassandra13	  Two	  Approaches	  •  Write	  a	  SessionDAO	  	  •  Use	  EnterpriseCacheSessionDAO	  and	  write	  a	  Ca...
#Cassandra13	  Cassandra	  SessionDAO	  
#Cassandra13	  SessionDAO	  Concerns	  SessionManager	  SessionDAO	  Session	  ID	  Generator	  Session	  Cache	  Data	  s...
#Cassandra13	  Custom	  SessionDAO	  public class MySessionDAO extends AbstractSessionDAO {protected void doCreate(Session...
#Cassandra13	  NaKve	  Web	  Session	  Manager	  [main]sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSession...
#Cassandra13	  Cassandra	  SessionDAO	  [main]...cassandraCluster = com.leshazlewood.samples.shiro.cassandra.ClusterFactor...
#Cassandra13	  Plug	  in	  the	  SessionDAO	  [main]...sessionManager.sessionDAO = $sessionDAO
#Cassandra13	  Sessions	  Table	  (CQL	  3)	  CREATE TABLE sessions (id timeuuid PRIMARY KEY,start_ts timestamp,stop_ts ti...
#Cassandra13	  No	  ValidaKon	  Scheduler?	  
#Cassandra13	  No	  ValidaKon	  Scheduler?	  Use	  Cassandra’s	  TTL	  
#Cassandra13	  TTL	  for	  session	  Kmeout	  [main]# Cassandra can enforce a TTL.# No need for Shiro to invalidate!sessio...
#Cassandra13	  Session	  Upsert	  (CQL	  3)	  UPDATE sessions USING TTL $timeout SETstart_ts = ?,stop_ts = ?,last_access_t...
#Cassandra13	  But	  what	  about	  tombstones!?!?	  
#Cassandra13	  Sessions	  Table	  (revised)	  CREATE TABLE sessions (id timeuuid PRIMARY KEY,start_ts timestamp,stop_ts ti...
#Cassandra13	  But	  what	  about	  row	  caching?	  
#Cassandra13	  Row	  Cache?	  Probably	  don’t	  need	  it	  	  	  	  	  	  (but	  maybe	  in	  some	  cases	  it	  would	...
#Cassandra13	  Code	  $ git clone https://github.com/lhazlewood/shiro-cassandra-sample.git$ cd shiro-cassandra-sample$ $CA...
#Cassandra13	  Thank	  You!	  •  les@stormpath.com	  •  TwiMer:	  @lhazlewood	  •  hMp://www.stormpath.com	  
Upcoming SlideShare
Loading in …5
×

C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood

2,079 views

Published on

In this session Les Hazlewood, the Apache Shiro PMC Chair, will cover Shiro's enterprise session management capabilities, how it can be used across any application (not just web or JEE applications) and how to use Cassandra as Shiro's session store, enabling a distributed session cluster supporting hundreds of thousands or even millions of concurrent sessions. As a working example, Les will show how to set up a session cluster in under 10 minutes using Cassandra. If you need to scale user session load, you won't want to miss this!

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
2,079
On SlideShare
0
From Embeds
0
Number of Embeds
76
Actions
Shares
0
Downloads
35
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood

  1. 1. #Cassandra13  Infinite  Session  Clustering  with    Apache  Shiro  &  Cassandra  Les  Hazlewood  @lhazlewood  Apache  Shiro  Project  Chair  CTO,  Stormpath  stormpath.com  Cassandra  Summit  2013  
  2. 2. #Cassandra13    .com  •  User  Management  and  Authen?ca?on  API  •  Security  for  your  applica?ons  •  User  security  workflows  •  Security  best  prac?ces  •  Developer  tools,  SDKs,  libraries  
  3. 3. #Cassandra13  •  Applica?on  security  framework  •  ASF  TLP  hMp://shiro.apache.org  •  Quick  and  Easy  •  Simplifies  Security  What  is  Apache  Shiro?  
  4. 4. #Cassandra13  Web  Session  Management  Auxiliary  Features  Authoriza?on  Authen?ca?on  Cryptography  Session  Management  Web  Support  
  5. 5. #Cassandra13  Quick  Concepts  Subject currentUser =SecurityUtils.getSubject();currentUser.login(...)currentUser.isPermitted(...)
  6. 6. #Cassandra13  Session  Management  Defined  Managing  the  lifecycle  of  Subject-­‐specific  temporal  data  context  
  7. 7. #Cassandra13  Session  Management  Features  •  Heterogeneous  client  access  •  POJO/J2SE  based  (IoC  friendly)  •  Event  listeners  •  Host  address  reten?on  •  Inac?vity/expira?on  support  (touch())  •  Transparent  web  use  -­‐  HMpSession  •  Container-­‐Independent  Clustering!  
  8. 8. #Cassandra13  Acquiring  and  CreaKng  Sessions  Subject subject =SecurityUtils.getSubject()//guarantee a sessionSession session = subject.getSession();//get a session if it existssubject.getSession(false);
  9. 9. #Cassandra13  Session  API  getStartTimestamp()getLastAccessTime()getAttribute(key)setAttribute(key, value)get/setTimeout(long)touch()...
  10. 10. #Cassandra13  Session  Management  Architecture  Subject   .getSession()  à   Session  
  11. 11. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  .getSession()  à   Session  
  12. 12. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  .getSession()  à  Session  Factory  Session  
  13. 13. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  SessionDAO  .getSession()  à  Session  Factory  Session  
  14. 14. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  SessionDAO  .getSession()  à  Session  ID  Generator  Session  Factory  Session  
  15. 15. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  SessionDAO  .getSession()  à  Session  ID  Generator  Session  Cache  Session  Factory  Session  
  16. 16. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  SessionDAO  .getSession()  à  Session  ID  Generator  Session  Cache  Session  Factory  Session  Data  store  
  17. 17. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  SessionDAO  .getSession()  à  Session  ID  Generator  Session  Cache  Session  Factory  Valida?on  Scheduler  Session  Data  store  
  18. 18. #Cassandra13  Session  Management  Architecture  Subject  SessionManager  SessionDAO  .getSession()  à  Session  ID  Generator  Session  Cache  Session  Factory  Valida?on  Scheduler   Session  Listeners  Session  Data  store  
  19. 19. #Cassandra13  Session  Clustering:  Clustered  Data  Store  of  Choice  SessionDAO  Session  ID  Generator  Session  Cache  Valida?on  Scheduler  Data  store  
  20. 20. #Cassandra13  Web  ConfiguraKon  •  web.xml  elements  •  Protects  all  URLs  •  Innova?ve  Filtering  (URL-­‐specific  chains)  •  JSP  Tag  support  •  Transparent  HMpSession  support  
  21. 21. #Cassandra13  web.xml  <listener><listener-class>org.apache.shiro.web.env.EnvironmentLoaderListener</listener-class></listener><filter><filter-name>ShiroFilter</filter-name><filter-class>org.apache.shiro.web.servlet.ShiroFilter</filter-class></filter>
  22. 22. #Cassandra13  web.xml  cont’d  <filter-mapping><filter-name>ShiroFilter</filter-name><url-pattern>/*</url-pattern><dispatcher>REQUEST</dispatcher><dispatcher>FORWARD</dispatcher><dispatcher>INCLUDE</dispatcher><dispatcher>ERROR</dispatcher></filter-mapping>
  23. 23. #Cassandra13  shiro.ini  overview  [main]# bean config here[users]# optional static user accounts (and their roles) here[roles]# optional static roles (and their permissions) here[urls]# filter chains here
  24. 24. #Cassandra13  Session  Clustering  
  25. 25. #Cassandra13  Two  Approaches  •  Write  a  SessionDAO    •  Use  EnterpriseCacheSessionDAO  and  write  a  CacheManager  
  26. 26. #Cassandra13  Cassandra  SessionDAO  
  27. 27. #Cassandra13  SessionDAO  Concerns  SessionManager  SessionDAO  Session  ID  Generator  Session  Cache  Data  store  
  28. 28. #Cassandra13  Custom  SessionDAO  public class MySessionDAO extends AbstractSessionDAO {protected void doCreate(Session s){...}protected void doReadSession(Serializable id){...}protected void delete(Session s){...}protected void update(Session s){...}Collection<Session> getActiveSessions(){...}}Orpublic class MySessionDAO extends CachingSessionDAO {... //enables write-through caching}
  29. 29. #Cassandra13  NaKve  Web  Session  Manager  [main]sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManagersecurityManager.sessionManager = $sessionManager
  30. 30. #Cassandra13  Cassandra  SessionDAO  [main]...cassandraCluster = com.leshazlewood.samples.shiro.cassandra.ClusterFactorysessionDAO = com.leshazlewood.samples.shiro.cassandra.CassandraSessionDAOsessionDAO.cluster = $cassandraClustersessionDAO.keyspaceName = shirosessionssessionDAO.tableName = sessions...
  31. 31. #Cassandra13  Plug  in  the  SessionDAO  [main]...sessionManager.sessionDAO = $sessionDAO
  32. 32. #Cassandra13  Sessions  Table  (CQL  3)  CREATE TABLE sessions (id timeuuid PRIMARY KEY,start_ts timestamp,stop_ts timestamp,last_access_ts timestamp,timeout bigint,expired boolean,host varchar,serialized_value blob)
  33. 33. #Cassandra13  No  ValidaKon  Scheduler?  
  34. 34. #Cassandra13  No  ValidaKon  Scheduler?  Use  Cassandra’s  TTL  
  35. 35. #Cassandra13  TTL  for  session  Kmeout  [main]# Cassandra can enforce a TTL.# No need for Shiro to invalidate!sessionManager.sessionValidationSchedulerEnabled = false
  36. 36. #Cassandra13  Session  Upsert  (CQL  3)  UPDATE sessions USING TTL $timeout SETstart_ts = ?,stop_ts = ?,last_access_ts = ?,timeout = ?,expired = ?,host = ?,serialized_value = ?WHEREid = ?
  37. 37. #Cassandra13  But  what  about  tombstones!?!?  
  38. 38. #Cassandra13  Sessions  Table  (revised)  CREATE TABLE sessions (id timeuuid PRIMARY KEY,start_ts timestamp,stop_ts timestamp,last_access_ts timestamp,timeout bigint,expired boolean,host varchar,serialized_value blob) WITH gc_grace_seconds = 86400AND compacation = {‘class’:’LeveledCompactionStrategy’}
  39. 39. #Cassandra13  But  what  about  row  caching?  
  40. 40. #Cassandra13  Row  Cache?  Probably  don’t  need  it            (but  maybe  in  some  cases  it  would  be  useful)  •  SSTable  likely  in  Opera?ng  System  page  cache  (off  heap)  •  DO  use  Key  Cache  (very  important,  enabled  by  default  in  1.2)  
  41. 41. #Cassandra13  Code  $ git clone https://github.com/lhazlewood/shiro-cassandra-sample.git$ cd shiro-cassandra-sample$ $CASSANDRA_HOME/bin/cassandra$ mvn jetty:runOpen a browser to http://localhost:8080
  42. 42. #Cassandra13  Thank  You!  •  les@stormpath.com  •  TwiMer:  @lhazlewood  •  hMp://www.stormpath.com  

×