![Page 1: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/1.jpg)
#Cassandra13
Infinite Session Clustering with Apache Shiro & Cassandra
Les Hazlewood @lhazlewood Apache Shiro Project Chair
CTO, Stormpath stormpath.com
Cassandra Summit 2013
![Page 2: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/2.jpg)
#Cassandra13
.com • User Management and Authen?ca?on API • Security for your applica?ons • User security workflows • Security best prac?ces • Developer tools, SDKs, libraries
![Page 3: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/3.jpg)
#Cassandra13
• Applica?on security framework
• ASF TLP hMp://shiro.apache.org
• Quick and Easy • Simplifies Security
What is Apache Shiro?
![Page 4: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/4.jpg)
#Cassandra13
Web Session Management
Auxiliary Features
Authoriza?on Authen?ca?on
Cryptography Session
Management
Web Support
![Page 5: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/5.jpg)
#Cassandra13
Quick Concepts
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(...) currentUser.isPermitted(...)
![Page 6: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/6.jpg)
#Cassandra13
Session Management Defined Managing the lifecycle of Subject-‐specific temporal data context
![Page 7: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/7.jpg)
#Cassandra13
Session Management Features • Heterogeneous client access • POJO/J2SE based (IoC friendly) • Event listeners • Host address reten?on • Inac?vity/expira?on support (touch()) • Transparent web use -‐ HMpSession • Container-‐Independent Clustering!
![Page 8: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/8.jpg)
#Cassandra13
Acquiring and CreaKng Sessions Subject subject = SecurityUtils.getSubject() //guarantee a session Session session = subject.getSession(); //get a session if it exists subject.getSession(false);
![Page 9: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/9.jpg)
#Cassandra13
Session API getStartTimestamp()
getLastAccessTime()
getAttribute(key)
setAttribute(key, value)
get/setTimeout(long)
touch()
...
![Page 10: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/10.jpg)
#Cassandra13
Session Management Architecture Subject .getSession() à Session
![Page 11: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/11.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
.getSession() à Session
![Page 12: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/12.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
.getSession() à
Session Factory
Session
![Page 13: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/13.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session Factory
Session
![Page 14: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/14.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Factory
Session
![Page 15: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/15.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Session
![Page 16: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/16.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Session
Data store
![Page 17: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/17.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Valida?on Scheduler
Session
Data store
![Page 18: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/18.jpg)
#Cassandra13
Session Management Architecture Subject
SessionManager
SessionDAO
.getSession() à
Session ID Generator
Session Cache
Session Factory
Valida?on Scheduler Session
Listeners
Session
Data store
![Page 19: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/19.jpg)
#Cassandra13
Session Clustering: Clustered Data Store of Choice
SessionDAO
Session ID Generator
Session Cache
Valida?on Scheduler
Data store
![Page 20: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/20.jpg)
#Cassandra13
Web ConfiguraKon • web.xml elements
• Protects all URLs
• Innova?ve Filtering (URL-‐specific chains)
• JSP Tag support
• Transparent HMpSession support
![Page 21: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/21.jpg)
#Cassandra13
web.xml <listener> <listener-class> org.apache.shiro.web.env.EnvironmentLoaderListener </listener-class> </listener> <filter> <filter-name>ShiroFilter</filter-name> <filter-class> org.apache.shiro.web.servlet.ShiroFilter </filter-class> </filter>
![Page 22: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/22.jpg)
#Cassandra13
web.xml cont’d <filter-mapping> <filter-name>ShiroFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping>
![Page 23: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/23.jpg)
#Cassandra13
shiro.ini overview [main] # bean config here [users] # optional static user accounts (and their roles) here [roles] # optional static roles (and their permissions) here [urls] # filter chains here
![Page 24: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/24.jpg)
#Cassandra13
Session Clustering
![Page 25: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/25.jpg)
#Cassandra13
Two Approaches • Write a SessionDAO
• Use EnterpriseCacheSessionDAO and
write a CacheManager
![Page 26: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/26.jpg)
#Cassandra13
Cassandra SessionDAO
![Page 27: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/27.jpg)
#Cassandra13
SessionDAO Concerns SessionManager
SessionDAO
Session ID Generator
Session Cache
Data store
![Page 28: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/28.jpg)
#Cassandra13
Custom SessionDAO public class MySessionDAO extends AbstractSessionDAO { protected void doCreate(Session s){...} protected void doReadSession(Serializable id){...} protected void delete(Session s){...} protected void update(Session s){...}
Collection<Session> getActiveSessions(){...} } Or public class MySessionDAO extends CachingSessionDAO { ... //enables write-through caching }
![Page 29: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/29.jpg)
#Cassandra13
NaKve Web Session Manager [main] sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager securityManager.sessionManager = $sessionManager
![Page 30: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/30.jpg)
#Cassandra13
Cassandra SessionDAO [main] ... cassandraCluster = com.leshazlewood.samples.shiro.cassandra.ClusterFactory
sessionDAO = com.leshazlewood.samples.shiro.cassandra.CassandraSessionDAO sessionDAO.cluster = $cassandraCluster sessionDAO.keyspaceName = shirosessions sessionDAO.tableName = sessions ...
![Page 31: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/31.jpg)
#Cassandra13
Plug in the SessionDAO [main] ... sessionManager.sessionDAO = $sessionDAO
![Page 32: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/32.jpg)
#Cassandra13
Sessions Table (CQL 3) CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob )
![Page 33: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/33.jpg)
#Cassandra13
No ValidaKon Scheduler?
![Page 34: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/34.jpg)
#Cassandra13
No ValidaKon Scheduler? Use Cassandra’s TTL
![Page 35: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/35.jpg)
#Cassandra13
TTL for session Kmeout [main] # Cassandra can enforce a TTL. # No need for Shiro to invalidate! sessionManager.sessionValidationSchedulerEnabled = false
![Page 36: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/36.jpg)
#Cassandra13
Session Upsert (CQL 3) UPDATE sessions USING TTL $timeout SET start_ts = ?, stop_ts = ?, last_access_ts = ?, timeout = ?,
expired = ?, host = ?, serialized_value = ? WHERE id = ?
![Page 37: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/37.jpg)
#Cassandra13
But what about tombstones!?!?
![Page 38: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/38.jpg)
#Cassandra13
Sessions Table (revised) CREATE TABLE sessions ( id timeuuid PRIMARY KEY, start_ts timestamp, stop_ts timestamp, last_access_ts timestamp, timeout bigint, expired boolean, host varchar, serialized_value blob ) WITH gc_grace_seconds = 86400 AND compacation = {‘class’:’LeveledCompactionStrategy’}
![Page 39: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/39.jpg)
#Cassandra13
But what about row caching?
![Page 40: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/40.jpg)
#Cassandra13
Row Cache? Probably don’t need it (but maybe in some cases it would be useful)
• SSTable likely in Opera?ng System page cache (off heap)
• DO use Key Cache (very important, enabled by default in 1.2)
![Page 41: C* Summit 2013: Remember Me! Session Clustering with Cassandra by Les Hazlewood](https://reader033.vdocument.in/reader033/viewer/2022060108/554f59f8b4c905b9508b5312/html5/thumbnails/41.jpg)
#Cassandra13
Code $ git clone https://github.com/lhazlewood/shiro-cassandra-sample.git $ cd shiro-cassandra-sample $ $CASSANDRA_HOME/bin/cassandra $ mvn jetty:run Open a browser to http://localhost:8080