You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@geode.apache.org by rv...@apache.org on 2016/09/30 00:33:18 UTC

[11/50] [abbrv] incubator-geode git commit: Integrated Security: complete section on the properties that enable the security callbacks. [#129578041]

Integrated Security: complete section on the properties
that enable the security callbacks. [#129578041]


Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/bce4a113
Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/bce4a113
Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/bce4a113

Branch: refs/staging/docs-grant1
Commit: bce4a1133881a329841f2bad672fc1cfa4d8c73d
Parents: 8a56847
Author: Karen Miller <km...@pivotal.io>
Authored: Thu Sep 1 14:54:09 2016 -0700
Committer: Karen Miller <km...@pivotal.io>
Committed: Thu Sep 1 14:54:09 2016 -0700

----------------------------------------------------------------------
 managing/security/enable_security.html.md.erb | 57 +++++++++++++++++-----
 1 file changed, 45 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/bce4a113/managing/security/enable_security.html.md.erb
----------------------------------------------------------------------
diff --git a/managing/security/enable_security.html.md.erb b/managing/security/enable_security.html.md.erb
index b4c1c6b..b281ea9 100644
--- a/managing/security/enable_security.html.md.erb
+++ b/managing/security/enable_security.html.md.erb
@@ -3,9 +3,12 @@ title:  Enable Security with Property Definitions
 ---
 
 
-The callbacks that implement the authorization of an application
+## security-manager Property
+
+The callbacks that implement the authentication and authorization 
+of the various components of the system
 are specified with the `security-manager` property.
-When this property is defined, authorization is enabled.
+When this property is defined, authentication and authorization are enabled.
 The definition of the `security-manager` property is the
 path to the implementation of the `SecurityManager` interface.
 For example:
@@ -14,19 +17,27 @@ For example:
 security-manager = com.example.security.MySecurityManager
 ```
 
-All components of the system invoke the same callback.
-Authorization may be enabled on a component basis with
+## security-enabled-components Property
+
+All components of the system invoke the same callbacks.
+Security may be enabled on a component basis with
 the definition of the `security-enabled-components` property.
 Its definition restricts which system components invoke
-the authorization callback.
+the authentication and authorization callbacks.
+The defined values for system components:
 
-- `all`.  All components invoke the `authorize` callback.
-- `server`.
-- `cluster`.
-- `jmx`. Invokes the `authorize` callback for all components
-that ?
-- `http`.
-- `gateway`.
+- `all`.  All components invoke the security callbacks.
+- `server`. Invokes security callbacks upon connection and operation
+requests that a client makes of a server.
+- `cluster`.  Invokes security callbacks upon connection and operation
+requests that a server makes as the peer of a locator.
+- `jmx`.  Invokes security callbacks upon connection and operation
+requests that components communicating with a JMX manager make of a locator.
+Both `gfsh` and `Pulse` use this form of communication.
+- `http`.  Invokes security callbacks upon connection and operation
+requests that applications communicating via the REST API make of a server.
+- `gateway`.  Invokes security callbacks upon connection and operation
+requests that a gateway sender makes of a locator.
 
 The `security-enabled-components` property defines 
 a comma-separated list of components that will
@@ -36,6 +47,28 @@ For example,
 ``` pre
 security-enabled-components = server, cluster jmx
 ```
+
+The `all` component value is used by itself, as in the example
+
+``` pre
+security-enabled-components = all
+```
+
+## security-post-processor Property
+
+The  `PostProcessor` interface allows the definition of a set of callbacks
+that are invoked after operations that get data,
+but before the data is returned.
+This permits the callback to intervene and modify of the data
+that is to be returned.
+The callbacks do not modify the region data,
+only the data to be returned.
+
+Enable the post processing of data by defining the
+`security-post-processor` property
+with the path to the definition of the interface.
+For example,
+
 ``` pre
 security-post-processor = com.example.security.MySecurityPostProcessing
 ```