Token based authentication support added in Geode Develop

[Jinmei Liao <ji...@pivotal.io>]

Hi, all

JWT token based authentication support is added to Geode develop branch.
Currently only management v2 rest api can use this (we can add dev rest
there too if requested). In order to turn on token based auth for
management rest api, you will need to do these two things:
1. start your locator with this property:
     *security-auth-token-enabled-components = all (or management)*
2. implement your SecurityManager to authenticate the jwt token passed in.
The jwt token will be available in the properties using the key
"security-token".

Let me know if you have any questions.

-- 
Cheers

Jinmei

Re: Token based authentication support added in Geode Develop

[John Blum <jb...@pivotal.io>]

got it

On Mon, Oct 7, 2019 at 10:33 AM Joris Melchior <jm...@pivotal.io> wrote:

> Yes, at the moment the we only support receiving a token provided in the
> Authentication header field. We don't provide the standard endpoints for
> token acquisition and refresh.
>
> On Fri, Oct 4, 2019 at 4:14 PM John Blum <jb...@pivotal.io> wrote:
>
> > So application developer's will need to know to code their application
> > client's to lookup the JWT token (from some store) and set HTTP request
> > headers to send the token, or will this be handled automatically by a
> geode
> > client?
> >
> > On Fri, Oct 4, 2019 at 11:37 AM Jinmei Liao <ji...@pivotal.io> wrote:
> >
> > > yes, correct,  we are assuming the client will have the token available
> > > somehow and send in the token in the authentication header. We are not
> > > doing anything with actual token management.
> > >
> > > On Fri, Oct 4, 2019 at 11:34 AM Jens Deppe <jd...@pivotal.io> wrote:
> > >
> > > > So, to be clear, we're providing the ability to recognize a HTTP
> > > > authentication header containing 'Bearer <some encoded token string>'
> > and
> > > > then handing that to the Security Manager to do with as it pleases?
> > > >
> > > > We're not doing anything with actual token management? (i.e.
> > generating,
> > > > revoking, etc.).
> > > >
> > > > --Jens
> > > >
> > > > On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <ji...@pivotal.io>
> wrote:
> > > >
> > > > > Hi, all
> > > > >
> > > > > JWT token based authentication support is added to Geode develop
> > > branch.
> > > > > Currently only management v2 rest api can use this (we can add dev
> > rest
> > > > > there too if requested). In order to turn on token based auth for
> > > > > management rest api, you will need to do these two things:
> > > > > 1. start your locator with this property:
> > > > >      *security-auth-token-enabled-components = all (or management)*
> > > > > 2. implement your SecurityManager to authenticate the jwt token
> > passed
> > > > in.
> > > > > The jwt token will be available in the properties using the key
> > > > > "security-token".
> > > > >
> > > > > Let me know if you have any questions.
> > > > >
> > > > > --
> > > > > Cheers
> > > > >
> > > > > Jinmei
> > > > >
> > > >
> > >
> > >
> > > --
> > > Cheers
> > >
> > > Jinmei
> > >
> >
> >
> > --
> > -John
> > john.blum10101 (skype)
> >
>
>
> --
> *Joris Melchior *
> CF Engineering
> Pivotal Toronto
> 416 877 5427
>
> “Programs must be written for people to read, and only incidentally for
> machines to execute.” – *Hal Abelson*
> <https://en.wikipedia.org/wiki/Hal_Abelson>
>


-- 
-John
john.blum10101 (skype)

Re: Token based authentication support added in Geode Develop

[Joris Melchior <jm...@pivotal.io>]

Yes, at the moment the we only support receiving a token provided in the
Authentication header field. We don't provide the standard endpoints for
token acquisition and refresh.

On Fri, Oct 4, 2019 at 4:14 PM John Blum <jb...@pivotal.io> wrote:

> So application developer's will need to know to code their application
> client's to lookup the JWT token (from some store) and set HTTP request
> headers to send the token, or will this be handled automatically by a geode
> client?
>
> On Fri, Oct 4, 2019 at 11:37 AM Jinmei Liao <ji...@pivotal.io> wrote:
>
> > yes, correct,  we are assuming the client will have the token available
> > somehow and send in the token in the authentication header. We are not
> > doing anything with actual token management.
> >
> > On Fri, Oct 4, 2019 at 11:34 AM Jens Deppe <jd...@pivotal.io> wrote:
> >
> > > So, to be clear, we're providing the ability to recognize a HTTP
> > > authentication header containing 'Bearer <some encoded token string>'
> and
> > > then handing that to the Security Manager to do with as it pleases?
> > >
> > > We're not doing anything with actual token management? (i.e.
> generating,
> > > revoking, etc.).
> > >
> > > --Jens
> > >
> > > On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <ji...@pivotal.io> wrote:
> > >
> > > > Hi, all
> > > >
> > > > JWT token based authentication support is added to Geode develop
> > branch.
> > > > Currently only management v2 rest api can use this (we can add dev
> rest
> > > > there too if requested). In order to turn on token based auth for
> > > > management rest api, you will need to do these two things:
> > > > 1. start your locator with this property:
> > > >      *security-auth-token-enabled-components = all (or management)*
> > > > 2. implement your SecurityManager to authenticate the jwt token
> passed
> > > in.
> > > > The jwt token will be available in the properties using the key
> > > > "security-token".
> > > >
> > > > Let me know if you have any questions.
> > > >
> > > > --
> > > > Cheers
> > > >
> > > > Jinmei
> > > >
> > >
> >
> >
> > --
> > Cheers
> >
> > Jinmei
> >
>
>
> --
> -John
> john.blum10101 (skype)
>


-- 
*Joris Melchior *
CF Engineering
Pivotal Toronto
416 877 5427

“Programs must be written for people to read, and only incidentally for
machines to execute.” – *Hal Abelson*
<https://en.wikipedia.org/wiki/Hal_Abelson>

Re: Token based authentication support added in Geode Develop

[John Blum <jb...@pivotal.io>]

So application developer's will need to know to code their application
client's to lookup the JWT token (from some store) and set HTTP request
headers to send the token, or will this be handled automatically by a geode
client?

On Fri, Oct 4, 2019 at 11:37 AM Jinmei Liao <ji...@pivotal.io> wrote:

> yes, correct,  we are assuming the client will have the token available
> somehow and send in the token in the authentication header. We are not
> doing anything with actual token management.
>
> On Fri, Oct 4, 2019 at 11:34 AM Jens Deppe <jd...@pivotal.io> wrote:
>
> > So, to be clear, we're providing the ability to recognize a HTTP
> > authentication header containing 'Bearer <some encoded token string>' and
> > then handing that to the Security Manager to do with as it pleases?
> >
> > We're not doing anything with actual token management? (i.e. generating,
> > revoking, etc.).
> >
> > --Jens
> >
> > On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <ji...@pivotal.io> wrote:
> >
> > > Hi, all
> > >
> > > JWT token based authentication support is added to Geode develop
> branch.
> > > Currently only management v2 rest api can use this (we can add dev rest
> > > there too if requested). In order to turn on token based auth for
> > > management rest api, you will need to do these two things:
> > > 1. start your locator with this property:
> > >      *security-auth-token-enabled-components = all (or management)*
> > > 2. implement your SecurityManager to authenticate the jwt token passed
> > in.
> > > The jwt token will be available in the properties using the key
> > > "security-token".
> > >
> > > Let me know if you have any questions.
> > >
> > > --
> > > Cheers
> > >
> > > Jinmei
> > >
> >
>
>
> --
> Cheers
>
> Jinmei
>


-- 
-John
john.blum10101 (skype)

Re: Token based authentication support added in Geode Develop

[Jinmei Liao <ji...@pivotal.io>]

yes, correct,  we are assuming the client will have the token available
somehow and send in the token in the authentication header. We are not
doing anything with actual token management.

On Fri, Oct 4, 2019 at 11:34 AM Jens Deppe <jd...@pivotal.io> wrote:

> So, to be clear, we're providing the ability to recognize a HTTP
> authentication header containing 'Bearer <some encoded token string>' and
> then handing that to the Security Manager to do with as it pleases?
>
> We're not doing anything with actual token management? (i.e. generating,
> revoking, etc.).
>
> --Jens
>
> On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <ji...@pivotal.io> wrote:
>
> > Hi, all
> >
> > JWT token based authentication support is added to Geode develop branch.
> > Currently only management v2 rest api can use this (we can add dev rest
> > there too if requested). In order to turn on token based auth for
> > management rest api, you will need to do these two things:
> > 1. start your locator with this property:
> >      *security-auth-token-enabled-components = all (or management)*
> > 2. implement your SecurityManager to authenticate the jwt token passed
> in.
> > The jwt token will be available in the properties using the key
> > "security-token".
> >
> > Let me know if you have any questions.
> >
> > --
> > Cheers
> >
> > Jinmei
> >
>


-- 
Cheers

Jinmei

Re: Token based authentication support added in Geode Develop

[Jens Deppe <jd...@pivotal.io>]

So, to be clear, we're providing the ability to recognize a HTTP
authentication header containing 'Bearer <some encoded token string>' and
then handing that to the Security Manager to do with as it pleases?

We're not doing anything with actual token management? (i.e. generating,
revoking, etc.).

--Jens

On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <ji...@pivotal.io> wrote:

> Hi, all
>
> JWT token based authentication support is added to Geode develop branch.
> Currently only management v2 rest api can use this (we can add dev rest
> there too if requested). In order to turn on token based auth for
> management rest api, you will need to do these two things:
> 1. start your locator with this property:
>      *security-auth-token-enabled-components = all (or management)*
> 2. implement your SecurityManager to authenticate the jwt token passed in.
> The jwt token will be available in the properties using the key
> "security-token".
>
> Let me know if you have any questions.
>
> --
> Cheers
>
> Jinmei
>