You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by db...@apache.org on 2021/11/05 18:46:51 UTC
[geode] 01/01: GEODE-9797: User guide typo repairs (#7085)
This is an automated email from the ASF dual-hosted git repository.
dbarnes pushed a commit to branch support/1.13
in repository https://gitbox.apache.org/repos/asf/geode.git
commit 00aad0ed326466e9b85add7353b1061acf450af0
Author: Dave Barnes <db...@apache.org>
AuthorDate: Fri Nov 5 09:17:08 2021 -0700
GEODE-9797: User guide typo repairs (#7085)
---
.../security/authentication_examples.html.md.erb | 2 +-
.../implementing_authentication.html.md.erb | 154 +++++++++++----------
2 files changed, 83 insertions(+), 73 deletions(-)
diff --git a/geode-docs/managing/security/authentication_examples.html.md.erb b/geode-docs/managing/security/authentication_examples.html.md.erb
index ce73399..b57ce38 100644
--- a/geode-docs/managing/security/authentication_examples.html.md.erb
+++ b/geode-docs/managing/security/authentication_examples.html.md.erb
@@ -34,7 +34,7 @@ spoof the system.
This example assumes that a set of user name and password pairs
representing users that may be successfully authenticated
-has been read into a data structure upon intialization.
+has been read into a data structure upon initialization.
Any component that presents the correct password for a user name
successfully authenticates,
and its identity is verified as that user.
diff --git a/geode-docs/managing/security/implementing_authentication.html.md.erb b/geode-docs/managing/security/implementing_authentication.html.md.erb
index 64091f2..a4ceb88 100644
--- a/geode-docs/managing/security/implementing_authentication.html.md.erb
+++ b/geode-docs/managing/security/implementing_authentication.html.md.erb
@@ -42,92 +42,102 @@ compared to the credential presented or will have a way of obtaining those pairs
In order to connect with a locator that does authentication,
a server will need to set its credential, composed of the two properties
`security-username` and `security-password`.
-There are two ways of accomplishing this:
+Choose one of these two ways to accomplish this:
-- Set the `security-username` and `security-password` in the server's
+- Set `security-username` and `security-password` in the server's
`gfsecurity.properties` file that will be read upon server start up,
as in the example
- ``` pre
- security-username=admin
- security-password=xyz1234
- ```
-The user name and password are stored in the clear, so the
-`gfsecurity.properties` file must be protected by restricting access with
-file system permissions.
-
-- Implement the `getCredentials` method of the `AuthInitialize` interface
-for the server.
-This callback's location is defined in the property `security-peer-auth-init`,
-as in the example
-
- ``` pre
- security-peer-auth-init=com.example.security.MyAuthInitialize
- ```
-The implementation of `getCredentials` may then acquire values for
-the properties `security-username` and `security-password` in whatever way
-it wishes.
-It might look up values in a database or another external resource.
+ ``` pre
+ security-username=admin
+ security-password=xyz1234
+ ```
+ The user name and password are stored in cleartext, so the
+ `gfsecurity.properties` file must be protected by restricting access with
+ file system permissions.
+
+- Implement `AuthInitialize` interface for the server.
+
+ - Set the property `security-peer-auth-init`,
+ so that an object of the class that implements the `AuthInitialize`
+ interface will be instantiated.
+ Set the property to one of these two values:
+
+ - Set property `security-peer-auth-init` to the fully-qualified
+ class name that implements the `AuthInitialize` interface
+ as in the example
+
+ ``` pre
+ security-peer-auth-init=com.example.security.ServerAuthenticate
+ ```
+ - Set property `security-peer-auth-init` to the fully-qualified
+ method name of a method that instantiates an object of the class
+ that implements the `AuthInitialize` interface
+ as in the example
+
+ ``` pre
+ security-peer-auth-init=com.example.security.ServerAuthenticate.create
+ ```
+
+ - Implement the `getCredentials` method within the `AuthInitialize`
+ interface to acquire values for
+ the `security-username` and `security-password` properties
+ in whatever way it wishes.
+ It might look up values in a database or another external resource.
Gateway senders and receivers communicate as a component of their
server member.
Therefore, the credential of the server become those of the gateway
sender or receiver.
-## How a Cache Client Sets Its Credential
+## How a Client Cache Sets Its Credential
-<!-- Revised for GEODE-1883
In order to connect with a locator or a server that does authentication,
a client will need to set its credential, composed of the two properties
`security-username` and `security-password`.
-There are two ways of accomplishing this:
-
-- Set the `security-username` and `security-password` in the client's
-`gfsecurity.properties` file that will be read upon client start up,
-as in the example
-
- ``` pre
- security-username=clientapp
- security-password=xyz1234
- ```
-The user name and password are stored in the clear, so the
-`gfsecurity.properties` file must be protected by restricting access with
-file system permissions.
-To accomplish this:
-
-- Implement the `getCredentials` method of the `AuthInitialize` interface
-for the client.
-This callback's location is defined in the property `security-client-auth-init`,
-as in the example
-
- ``` pre
- security-client-auth-init=com.example.security.ClientAuthInitialize
- ```
-The implementation of `getCredentials` may then acquire values for
-the properties `security-username` and `security-password` in whatever way
-it wishes.
-It might look up values in a database or another external resource,
-or it might prompt for values.
--->
-
-In order to connect with a locator or a server that does authentication,
-a client will need to set its credential, composed of the two properties
-`security-username` and `security-password`.
-To accomplish this:
-
-- Implement the `getCredentials` method of the `AuthInitialize` interface
-for the client.
-This callback's location is defined in the property `security-client-auth-init`,
-as in the example
-
- ``` pre
- security-client-auth-init=com.example.security.ClientAuthInitialize
- ```
-The implementation of `getCredentials` may then acquire values for
-the properties `security-username` and `security-password` in whatever way
-it wishes.
-It might look up values in a database or another external resource,
-or it might prompt for values.
+Choose one of these two ways to accomplish this:
+
+- Set the `security-username` and `security-password` properties for the client
+using the API:
+
+ ``` pre
+ Properties properties = new Properties();
+ properties.setProperty("security-username", "exampleuser23");
+ properties.setProperty("security-password", "xyz1234");
+ ClientCache cache = new ClientCacheFactory(properties).create();
+ ```
+
+ Take care that credentials set in this manner are not accessible
+ to observers of the code.
+
+- Implement `AuthInitialize` interface for the client.
+
+ - Set the property `security-client-auth-init`,
+ so that an object of the class that implements the
+ `AuthInitialize` interface will be instantiated.
+ Set the property to one of these two values:
+
+ - Set property `security-client-auth-init` to the fully-qualified
+ class name that implements the `AuthInitialize` interface:
+
+ ``` pre
+ security-client-auth-init=com.example.security.ClientAuthInitialize
+ ```
+ - Set property `security-client-auth-init` to the fully-qualified
+ name of a static method that instantiates an object of the class
+ that implements the `AuthInitialize` interface:
+
+ ``` pre
+ security-client-auth-init=com.example.security.ClientAuthInitialize.create
+ ```
+
+ - Implement the `getCredentials` method of the `AuthInitialize` interface
+ for the client.
+ The implementation of `getCredentials` acquires values for
+ the `security-username` and `security-password` properties in whatever way
+ it wishes.
+ It might look up values in a database or another external resource,
+ or it might prompt for values.
## How Other Components Set Their Credentials