Put enabling security into its own section [#129578041]
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/10f9d9a2 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/10f9d9a2 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/10f9d9a2 Branch: refs/staging/docs-grant1 Commit: 10f9d9a2d5d19bc9060c0a8f3080fe837faba7a5 Parents: 6a5c86d Author: Karen Miller <[email protected]> Authored: Wed Aug 31 15:56:00 2016 -0700 Committer: Karen Miller <[email protected]> Committed: Wed Aug 31 15:56:00 2016 -0700 ---------------------------------------------------------------------- managing/security/chapter_overview.html.md.erb | 2 + managing/security/enable_security.html.md.erb | 41 ++++++++++++++++++++ .../implementing_authorization.html.md.erb | 40 ------------------- 3 files changed, 43 insertions(+), 40 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/10f9d9a2/managing/security/chapter_overview.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/chapter_overview.html.md.erb b/managing/security/chapter_overview.html.md.erb index b94c66f..da66a96 100644 --- a/managing/security/chapter_overview.html.md.erb +++ b/managing/security/chapter_overview.html.md.erb @@ -17,6 +17,8 @@ features help to secure the distributed system. Apache Geode can authenticate peer system members and clients. It can also authorize cache operations on a server from clients. +- **[Enable Security with Property Definitions](../../managing/security/enable_security`.html)** + - **[Authentication](../../managing/security/authentication_overview.html)** A distributed system using authentication bars malicious peers or clients, and deters inadvertent access to its cache. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/10f9d9a2/managing/security/enable_security.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/enable_security.html.md.erb b/managing/security/enable_security.html.md.erb new file mode 100644 index 0000000..b4c1c6b --- /dev/null +++ b/managing/security/enable_security.html.md.erb @@ -0,0 +1,41 @@ +--- +title: Enable Security with Property Definitions +--- + + +The callbacks that implement the authorization of an application +are specified with the `security-manager` property. +When this property is defined, authorization is enabled. +The definition of the `security-manager` property is the +path to the implementation of the `SecurityManager` interface. +For example: + +``` pre +security-manager = com.example.security.MySecurityManager +``` + +All components of the system invoke the same callback. +Authorization may be enabled on a component basis with +the definition of the `security-enabled-components` property. +Its definition restricts which system components invoke +the authorization callback. + +- `all`. All components invoke the `authorize` callback. +- `server`. +- `cluster`. +- `jmx`. Invokes the `authorize` callback for all components +that ? +- `http`. +- `gateway`. + +The `security-enabled-components` property defines +a comma-separated list of components that will +invoke the `authorize` callback. +For example, + +``` pre +security-enabled-components = server, cluster jmx +``` +``` pre +security-post-processor = com.example.security.MySecurityPostProcessing +``` http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/10f9d9a2/managing/security/implementing_authorization.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/implementing_authorization.html.md.erb b/managing/security/implementing_authorization.html.md.erb index 30d08af..cf89f24 100644 --- a/managing/security/implementing_authorization.html.md.erb +++ b/managing/security/implementing_authorization.html.md.erb @@ -18,46 +18,6 @@ All client operations sent to the server can be authorized. The operations check All client operations that return a result (like `get` and `query`) and all notifications can also be authorized in the post-operation phase where the callback can peek and even modify the result being sent out. -## Enable Authorization with Property Definitions - -The callbacks that implement the authorization of an application -are specified with the `security-manager` property. -When this property is defined, authorization is enabled. -The definition of the `security-manager` property is the -path to the implementation of the `SecurityManager` interface. -For example: - -``` pre -security-manager = com.example.security.MySecurityManager -``` - -All components of the system invoke the same callback. -Authorization may be enabled on a component basis with -the definition of the `security-enabled-components` property. -Its definition restricts which system components invoke -the authorization callback. - -- `all`. All components invoke the `authorize` callback. -- `server`. -- `cluster`. -- `jmx`. Invokes the `authorize` callback for all components -that ? -- `http`. -- `gateway`. - -The `security-enabled-components` property defines -a comma-separated list of components that will -invoke the `authorize` callback. -For example, - -``` pre -security-enabled-components = server, cluster jmx -``` -``` pre -security-post-processor = com.example.security.MySecurityPostProcessing -``` - - ## Resource Permissions ## Implement SecurityManager Interface
