Remove security-enabled-components property and rework prose to accomodate the removal. [#130304427]
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/b40485b0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/b40485b0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/b40485b0 Branch: refs/staging/docs-grant1 Commit: b40485b02d2c75b6114ef549fe017f5578255b64 Parents: d19a977 Author: Karen Miller <[email protected]> Authored: Wed Sep 14 09:39:48 2016 -0700 Committer: Karen Miller <[email protected]> Committed: Wed Sep 14 09:39:48 2016 -0700 ---------------------------------------------------------------------- managing/security/enable_security.html.md.erb | 50 +++++++------------- .../implementing_authentication.html.md.erb | 4 +- .../implementing_authorization.html.md.erb | 4 +- 3 files changed, 20 insertions(+), 38 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b40485b0/managing/security/enable_security.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/enable_security.html.md.erb b/managing/security/enable_security.html.md.erb index 441b66c..8f2824c 100644 --- a/managing/security/enable_security.html.md.erb +++ b/managing/security/enable_security.html.md.erb @@ -17,42 +17,24 @@ For example: security-manager = com.example.security.MySecurityManager ``` -## security-enabled-components Property - All components of the system invoke the same callbacks. -Security may be enabled on a component basis with -the definition of the `security-enabled-components` property. -Its definition restricts which system components invoke -the authentication and authorization callbacks. -The defined values for system components: - -- `all`—All components invoke the security callbacks. -- `server`—Invokes security callbacks upon connection and operation -requests that a client makes of a server. -- `cluster`—Invokes security callbacks upon connection and operation -requests that a server makes as the peer of a locator. -- `jmx`—Invokes security callbacks upon connection and operation -requests that components communicating with a JMX manager make of a locator. +Here are descriptions of the components and the connections that they +make with the system. + +- A client connects with a server and makes operation requests +of that server. The callbacks invoked are those defined by the +`SecurityManager` interface for that server. +- A server connects with a locator, invoking the `authenticate` callback +defined for that locator. +- Components communicating with a locator's JMX manager connect and make +operation requests of the locator. +The callbacks invoked are those defined by the +`SecurityManager` interface for that locator. Both `gfsh` and `Pulse` use this form of communication. -- `http`—Invokes security callbacks upon connection and operation -requests that applications communicating via the REST API make of a server. -- `gateway`—Invokes security callbacks upon connection and operation -requests that a gateway sender makes of a locator. - -The `security-enabled-components` property defines -a comma-separated list of components that will -invoke the `authorize` callback. -For example, - -``` pre -security-enabled-components = server, cluster jmx -``` - -The `all` component value is used by itself, as in the example - -``` pre -security-enabled-components = all -``` +- Applications communicating via the REST API make of a server +invoke security callbacks upon connection and operation requests. +- Requests that a gateway sender makes of a locator +invoke security callbacks defined for that locator. ## security-post-processor Property http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b40485b0/managing/security/implementing_authentication.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/implementing_authentication.html.md.erb b/managing/security/implementing_authentication.html.md.erb index 9bbb9d3..c238be9 100644 --- a/managing/security/implementing_authentication.html.md.erb +++ b/managing/security/implementing_authentication.html.md.erb @@ -28,9 +28,9 @@ that will connect to the system. This simplistic algorithm returns the user name as a principal if the user name and password passed to the `authenticate` method are a match for one of the stored pairs. -- Define the `security-manager` and `security-enabled-components` properties. +- Define the `security-manager` property. See [Enable Security with Property Definitions](enable_security.html) -for details about these properties. +for details about this property. - Implement the `authenticate` method of the `SecurityManager` interface. - Define any extra resources that the implemented authentication algorithm needs in order to make a decision. http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b40485b0/managing/security/implementing_authorization.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/implementing_authorization.html.md.erb b/managing/security/implementing_authorization.html.md.erb index 87b4135..3fd4816 100644 --- a/managing/security/implementing_authorization.html.md.erb +++ b/managing/security/implementing_authorization.html.md.erb @@ -239,9 +239,9 @@ which operations. The algorithm bases its decision on a look up of the permissions granted to the principal attempting the operation. -- Define the `security-manager` and `security-enabled-components` properties. +- Define the `security-manager` property. See [Enable Security with Property Definitions](enable_security.html) -for details about these properties. +for details about this property. - Implement the `authorize` method of the `SecurityManager` interface. - Define any extra resources that the implemented authorization algorithm needs in order to make a decision.
