You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@sling.apache.org by bu...@apache.org on 2013/10/11 09:59:38 UTC
svn commit: r882140 - in /websites/staging/sling/trunk/content: ./
documentation/bundles/discovery-api-and-impl.html
Author: buildbot
Date: Fri Oct 11 07:59:38 2013
New Revision: 882140
Log:
Staging update by buildbot for sling
Modified:
websites/staging/sling/trunk/content/ (props changed)
websites/staging/sling/trunk/content/documentation/bundles/discovery-api-and-impl.html
Propchange: websites/staging/sling/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Fri Oct 11 07:59:38 2013
@@ -1 +1 @@
-1530621
+1531216
Modified: websites/staging/sling/trunk/content/documentation/bundles/discovery-api-and-impl.html
==============================================================================
--- websites/staging/sling/trunk/content/documentation/bundles/discovery-api-and-impl.html (original)
+++ websites/staging/sling/trunk/content/documentation/bundles/discovery-api-and-impl.html Fri Oct 11 07:59:38 2013
@@ -235,9 +235,29 @@ that it sees the same number of instance
<p>leaderElectionRepositoryDescriptor: this is an advanced parameter. It denotes a repository descriptor that is evaluated
and taken into account for leader Election: the corresponding value of the descriptor is sorted by first.</p>
</li>
+<li>
+<p>hmacEnabled: If this is true, and sharedKey is set to a value on all Sling instances within the same topology, then messages are
+ validates using a signature of the content of the message based on the shared key. The signature and the digest of the content
+ appear as http headers. When hmac message validation is enabled, whitelisting is disabled. This use useful where the topology
+ messages are transported through multiple reverse proxy layers or the topology is dynamic. The Hmac algorithm in use is HmacSHA256.
+ The JVM is expected to have a provider implementing this algorithm (The Standard JDKs do).</p>
+</li>
+<li>
+<p>sharedKey: If hmacEnabled is true, this must be set to a secret value, shared amongst all Sling instances that are members of the
+ same topology.</p>
+</li>
+<li>
+<p>enableEncryption: If hmacEnabled is true, and sharedKey is set, setting this to true will encrypt the body of the message using 128 Bit
+ AES encryption. The encryption key is derived from the sharedKey using a 9 byte random salt, giving 2^^72 potential salt values.</p>
+</li>
+<li>
+<p>hmacSharedKeyTTL: The key used for the signatures is derived from the shared key. Each derived key has a lifetime before the next key
+ is generated. This parameter sets the lifetime of each key in ms. The default is 4h. Messages sent using old keys will remain valid for
+ 2x the TTL, after which time the message will be ignored.</p>
+</li>
</ul>
<div class="timestamp" style="margin-top: 30px; font-size: 80%; text-align: right;">
- Rev. 1505904 by cziegeler on Tue, 23 Jul 2013 06:09:00 +0000
+ Rev. 1531216 by ieb on Fri, 11 Oct 2013 07:59:16 +0000
</div>
<div class="trademarkFooter">
Apache Sling, Sling, Apache, the Apache feather logo, and the Apache Sling project