You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tinkerpop.apache.org by GitBox <gi...@apache.org> on 2020/12/18 10:25:24 UTC

[GitHub] [tinkerpop] vtslab commented on a change in pull request #1308: TINKERPOP-2389 Authorization support in TinkerPop

vtslab commented on a change in pull request #1308:
URL: https://github.com/apache/tinkerpop/pull/1308#discussion_r545739475



##########
File path: docs/src/dev/provider/index.asciidoc
##########
@@ -1147,25 +1147,43 @@ one key value pair present (since only one `Traversal` is being submitted, there
 single alias).
 |=========================================================
 
-=== Authentication
+=== Authentication and Authorization
 
 Gremlin Server supports link:https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer[SASL-based]
 authentication.  A SASL implementation provides a series of challenges and responses that a driver must comply with
-in order to authenticate.  By default, Gremlin Server only supports the "PLAIN" SASL mechanism, which is a cleartext
-password system.  When authentication is enabled, an incoming request is intercepted before it is evaluated by the
-`ScriptEngine`.  The request is saved on the server and a `AUTHENTICATE` challenge response (status code `407`) is
-returned to the client.
-
-The client will detect the `AUTHENTICATE` and respond with an `authentication` for the `op` and an `arg` named `sasl`
-that contains the password.  The password should be either, an encoded sequence of UTF-8 bytes, delimited by 0
-(US-ASCII NUL), where the form is : `<NUL>username<NUL>password`, or a Base64 encoded string of the former (which
-in this instance would be `AHVzZXJuYW1lAHBhc3N3b3Jk`).  Should Gremlin Server be able to authenticate with the
-provided credentials, the server will return the results of the original request as it normally does without
-authentication.  If it cannot authenticate given the challenge response from the client, it will return `UNAUTHORIZED`
-(status code `401`).
+in order to authenticate.  Gremlin Server supports the "PLAIN" SASL mechanism, which is a cleartext
+password system, for all link:https://tinkerpop.apache.org/docs/current/tutorials/gremlin-language-variants/[Gremlin Language Variants].
+Other SASL mechanisms supported for selected clients are listed in the
+link:https://tinkerpop.apache.org/docs/current/reference/#security[security section of the Gremlin Server reference documentation].

Review comment:
       You are right. Although a bit messy to also put in in this PR, I caught a few other instances while at the job. Just say it, if you do not want these corrections here.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org