0

I've a springboot app hosted on PCF trying to connect to PCC(pivotal cloud cache). I've spinned up a PCC instance and binded it to my app and pushed the app to cloud foundry. I've added all the required gemfire starter dependencies to springboot and it appears like it was able to read the locator and server information from VCAP_SERVICES. But, I see the following error on spring boot app startup.

Error prefilling connections : org.apache.geode.security.AuthenticationRequiredException: No security credentials are provided
org.apache.geode.security.AuthenticationRequiredException: No security credentials are provided
at org.apache.geode.internal.cache.tier.sockets.Handshake.readMessage(Handshake.java:320)


Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apache.geode.cache.Region]: Failed to create Region for cache [TestRegion]; nested exception is org.apache.geode.security.AuthenticationRequiredException: No security credentials are provided

Here are my dependencies list

        <dependency>
            <groupId>org.springframework.geode</groupId>
            <artifactId>spring-gemfire-starter</artifactId>
            <version>1.2.6.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.data</groupId>
            <artifactId>spring-data-gemfire</artifactId>
            <version>2.2.1.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>javax.cache</groupId>
            <artifactId>cache-api</artifactId>
            <scope>compile</scope>
        </dependency>

        <dependency>
            <groupId>io.pivotal.gemfire</groupId>
            <artifactId>geode-core</artifactId>
            <version>9.5.4</version>
            <scope>compile</scope>
        </dependency>
        <dependency>
            <groupId>io.pivotal.gemfire</groupId>
            <artifactId>geode-common</artifactId>
            <version>9.5.4</version>
            <scope>compile</scope>
        </dependency>
        <dependency>
            <groupId>io.pivotal.gemfire</groupId>
            <artifactId>geode-cq</artifactId>
            <version>9.5.4</version>
            <scope>compile</scope>
        </dependency>
        <dependency>
            <groupId>io.pivotal.gemfire</groupId>
            <artifactId>geode-lucene</artifactId>
            <version>9.5.4</version>
            <scope>compile</scope>
        </dependency>
        <dependency>
            <groupId>io.pivotal.gemfire</groupId>
            <artifactId>geode-wan</artifactId>
            <version>9.5.4</version>
            <scope>compile</scope>
        </dependency>

@Configuration
@ClientCacheApplication(name = "Test", logLevel = "info")
@EnableCachingDefinedRegions(
    clientRegionShortcut = ClientRegionShortcut.PROXY,
    serverRegionShortcut = RegionShortcut.REPLICATE_HEAP_LRU)
@EnableClusterAware
@EnablePdx
public class CloudConfiguration {}

I believe, Springboot gemfire starter dependency that I have is good enough to read the security creds automatically from the VCAP_SERVICES without any manual effort. But, I see its not picking up the creds, not sure why after having all the dependencies below. Can someone help? Thanks

John Blum
  • 7,381
  • 1
  • 20
  • 30
Madmax
  • 23
  • 5
  • Hello Madmax, you shouldn't have dependencies to both `geode` and `gemfire` in your `pom.mlx`. PCC uses `gemfire` so should just stick to that. Same goes for `spring-data-gemfire` and `spring-data-geode`. Give it a try and let me know how it goes. – Juan Ramos Apr 10 '20 at 08:30
  • @JuanRamos I removed geode dependencies and tried using ```spring-data-gemfire``` and pivotal gemfire ```geode-core``` lirbraries and I see ```Could not connect to: localhost:40404``` issue now. Not sure why its trying to connect to local host when the app is already binded to PCC. Am I missing a gemfire library which reads VCAP_SERVICES env variable on PCF? Can you please let me know the specific dependencies required for gemfire to connect to PCC and auto creation of regions with annotations? Thanks !! – Madmax Apr 10 '20 at 19:20
  • You can use the [Sample-App-PizzaStore](https://github.com/pivotal-cf/PCC-Sample-App-PizzaStore) as the starting point for creating *spring-boot* applications to connect to *PCC*, have you tried that?. The [documentation](https://docs.pivotal.io/p-cloud-cache/1-11/SBapp1.html) contains a detailed description about the application itself, along with the configuration options used and the reasons behind it. – Juan Ramos Apr 14 '20 at 10:53
  • @JuanRamos Hi, Yes I did see the above example. I'm using the gemfire libraries like```spring-gemfire-starter``` and pivotal ```geode-core``` but I still see below error after pushing the app to PCF. Local works fine. Not sure whats going on. ```Error prefilling connections : org.apache.geode.security.AuthenticationRequiredException: No security credentials are provided org.apache.geode.security.AuthenticationRequiredException: No security credentials are provided ``` – Madmax Apr 15 '20 at 09:23
  • That's weird... SBDG should automatically configure your `ClientCache`, parse the `VCAP_SERVICES` and configure your credentials when needed without requiring you to add any extra annotations at all. Would you be able to post your SBDG application?, just the base bits needed to analyse how you're configuring things. – Juan Ramos Apr 15 '20 at 11:28
  • @JuanRamos Yes, I was excpecting the same, SBDG to read the VCAP_SERVICES automatically but I see the authentication error. We are using ```PCC v1.6/ Gemfire v9.6.1``` So I had to override```gemfire-starter``` dependencies use lower versions of ```pivotal geode```. I've edited the question with the current version of my pom and PCC configuration. Can you please take a look and see whats going on? Let me know if you need anything in particular to analyze. Thanks much! – Madmax Apr 15 '20 at 12:15
  • Sure, let me try to reproduce the problem locally and/or find someone who can assist with this. – Juan Ramos Apr 15 '20 at 12:57
  • @JuanRamos Thank you. Do you have any recommendations for me to try meanwhile? I added addtional stacktrace I found.. ```Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.apache.geode.cache.Region]: Failed to create Region for cache [TestRegion]; nested exception is org.apache.geode.security.AuthenticationRequiredException: No security credentials are provided ``` – Madmax Apr 15 '20 at 15:29

1 Answers1

1

Ok...

First, see my answer to your last SO post concerning your application dependencies. Properly declaring application dependencies was the central theme in my answer.

Next, nothing in Spring Data GemFire (SDG) itself is going to handle Authentication "auto-magically" in a managed environment, like PCF, when using PCC. For that, you absolutely need Spring Boot for Apache Geode or Pivotal GemFire (SBDG) and in your case, ".. for Pivotal GemFire", and technically, the org.springframework.geode:spring-gemfire-starter dependency, which is the only dependency you need. Make sure you align the versions as I instructed in the previous post.

Based on your configuration above, you explicitly "overrode" the client Security configuration, and auto-configuration provided by SBDG since you explicitly declared the @ClientCacheApplication annotation on your CloudConfiguration class.

Why?

Well, once again, this is a GemFire/Geode thing, not a Spring thing, but "Security" in all its forms involving GemFire/Geode (client/server, P2P, WAN, etc) must be properly configured and setup before the cache object is constructed and initialized.

If the cache object is provided by user/application configuration, already, then SBDG's auto-configuration for GemFire/Geode client Security will not be applied. See here (and, well, here).

Technically, this has to do with the fact that GemFire/Geode "Security configuration" is almost entirely configured via GemFire/Geode properties. These properties must be declared/set before the cache is constructed since they are passed to the cache creation on startup. If they are not provided, then the Security configuration will not apply. It does not matter if you supply the Security properties later, at runtime, either, with or without Spring (for example, by simply using the GemFire/Geode API directly), the result is the same!

GemFire/Geode has a very specific order for initializing things: Auth, TLS/SSL, memory management, this, that, which is why the SBDG auto-configuration has been carefully crafted to make sure the proper initialization sequence is followed.

Additionally, whether using SDG's configuration annotations (explicitly) or not, rather declaring explicit beans in the Spring context using JavaConfig, the effect is the same, since the SDG configuration annotations are implicitly declaring those beans for you, which results in "overriding" the auto-configuration provided by Spring Boot, and SBDG in particular.

This works the same wether it is GemFire/Geode or not. If you explicitly declare a SQL DataSource bean, then you are telling Boot to override the provided DataSource when you have an embedded database (H2 or HSQL) on your application classpath.

The concept is, "convention over configuration" (by simply declaring dependencies on your application classpath to enable features auto-magically), but also to get out of the way quickly when your application requirements diverge from the defaults and you must declare a bean definition of a specific type explicitly in order to alter the configuration per your application requirements, which necessarily disables the auto-config provided by Spring Boot, otherwise, you'd have ambiguous and/or conflicting configuration (i.e. which is it). The Spring Framework, in general, does not allow that even.

Again, remove @ClientCacheApplication and @EnablePdx. You don't need them with SBDG. However, it is the @ClientCacheApplication annotation that is causing you issues here.

In summary, all of this has been thoroughly explained in detail in the reference documentation:

  1. Chapter 5 - Auto-configuration
  2. Chapter 6 - Declarative Configuration
  3. Chapter 7 - Externalized Configuration (with configuration meta-data reference in the Appendix).

Especially pay attention to Overriding Auto-configuration in Chapter 4.

Hope this helps!

John Blum
  • 7,381
  • 1
  • 20
  • 30
  • Hi John, Thanks so much for your time and detailed answer. I've couple of questions based on dependency matrix, Currently my organization uses ```Spring boot v2.1.3 and PCC v1.6.2/Gemfire v9.6.1```. It looks like the oldest ```gemfire starter 1.1X version, 1.1.0.RELEASE``` uses ```Springboot v2.1.7```. What would be the ideal gemfire starter version for ```Springboot v2.1.3```? I tried using 1.1X versions with ```Springboot v2.1.3```. I see similar errors ```Error creating bean with name 'gemfireCache' defined in class path ClientCacheConfiguration.class: java.lang.AbstractMethodError```. – Madmax Apr 24 '20 at 05:27
  • Without seeing a Stack Trace, it is difficult to say for sure, but usually when you see CNFE, or `NoSuchMethodError` or `AbstractMethodError`, and so on, that usually hints at a version compatibility problem, e.g. SBDG does not match the version of Spring Boot, the Spring Framework or Spring Data, something like that. Searching back in my SBDG `1.1.x` release line, even going all the way back to SBDG `1.1.0.RELEASE`, it looks like the earliest Spring Boot version I picked up in the `2.1.x` line was `2.1.7.RELEASE`... – John Blum Apr 24 '20 at 22:02
  • https://github.com/spring-projects/spring-boot-data-geode/blob/1.1.0.RELEASE/gradle.properties#L8 – John Blum Apr 24 '20 at 22:02
  • Generally, _Spring Boot_, including all of _Boot's_ transitive dependencies on both the _Spring_ projects (e.g. _Spring Data_) along with 3rd party libs (e.g. SLF4J), should be largely compatible in the same `major.minor` _Boot_ version. That is, even though SBDG `1.1.0.RELEASE` is already based on _Boot_ `2.1.7.RELEASE`, it should work with Boot `2.1.3.RELEASE` since _Boot_ `2.1.7.RELEASE`, `2.1.3.RELEASE`, and well, all _Boot_ `2.1.x` (maintenance/patch versions) should be compatible. Having said, that, there are rare anomalies from time to time. – John Blum Apr 24 '20 at 22:28
  • In general, you should try to keep up with the latest maintenance/patch version in each `major.minor` version. For SBDG `1.1.x` that would be `1.1.6.RELEASE`, which is based on (https://github.com/spring-projects/spring-boot-data-geode/blob/1.1.6.RELEASE/gradle.properties#L8) the latest _Spring Boot_ `2.1.x` release, which is `2.1.13.RELEASE`. Having said this, we are planning (https://spring-calendar.cfapps.io/) new SBDG `1.1.x` (1.1.7) and Spring Boot `2.1.x` (2.1.14) releases this coming week (tentatively on Thurs, 4/30). – John Blum Apr 24 '20 at 22:36
  • It is also worth noting that as of the SBDG `1.2.x`, and now the `1.3.x`, release lines, the version numbers align with _Spring Boot's_ `2.2.x` and `2.3.x` versions. That is the `.minor.patch` version numbers match. The `major` version number will never match since the SBDG project started after _Spring Boot_, of course. But, my goal is to pair the `minor.patch` numbers exactly, version by version, to reduce the confusion around compatible versions. – John Blum Apr 24 '20 at 22:40
  • Finally, there have been many changes in SBDG `1.2.x` and even `1.3.x` (which will be GA by mid-May). Is it possible to upgrade SBDG/Spring Boot to the 1.2/2.2 line? I know this might force you to use a later GemFire/PCC version, but the SBDG 1.1.x/Spring Boot 2.1.x line will reach EOL by October, FYI. Let me know how else I might help you. Cheers! – John Blum Apr 24 '20 at 22:42
  • Hi John, thanks for your reply. Unfortunately we cannot upgrade both ```Spring boot v2.1.3``` and ```Gemfire v9.6.1``` at this time. I tried using all versions of ```Gemfire starter 1.1.X``` with ```Spring Boot v2.1.3``` but I see ```AbstractMethodError```. I've created a new question below with my config, pom and error stack trace. Any suggestions to make this work for ```Spring Boot v2.1.3``` and ```Gemfire v9.6.1```? Thanks again! – Madmax Apr 26 '20 at 02:03
  • https://stackoverflow.com/questions/61434955/geode-gemfire-cannot-create-gemfirecache-bean-error-springboot-v-2-1-3-gemfir – Madmax Apr 26 '20 at 02:03
  • I provided an answer to the new question. Ultimately, you are not using compatible versions. – John Blum Apr 26 '20 at 19:14