Complete the update of setting credentials for authentication. [#130304427]
Project: http://git-wip-us.apache.org/repos/asf/incubator-geode/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-geode/commit/b60f78a0 Tree: http://git-wip-us.apache.org/repos/asf/incubator-geode/tree/b60f78a0 Diff: http://git-wip-us.apache.org/repos/asf/incubator-geode/diff/b60f78a0 Branch: refs/staging/docs-grant1 Commit: b60f78a0758c174e63089886cb39e4090dd9a9b5 Parents: b9e16c0 Author: Karen Miller <[email protected]> Authored: Thu Sep 15 13:37:42 2016 -0700 Committer: Karen Miller <[email protected]> Committed: Thu Sep 15 13:37:42 2016 -0700 ---------------------------------------------------------------------- .../implementing_authentication.html.md.erb | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-geode/blob/b60f78a0/managing/security/implementing_authentication.html.md.erb ---------------------------------------------------------------------- diff --git a/managing/security/implementing_authentication.html.md.erb b/managing/security/implementing_authentication.html.md.erb index 98b5505..a605e1b 100644 --- a/managing/security/implementing_authentication.html.md.erb +++ b/managing/security/implementing_authentication.html.md.erb @@ -53,6 +53,11 @@ the properties `security-username` and `security-password` in whatever way it wishes. It might look up values in a database or another external resource. +Gateway senders and receivers communicate as a component of their +server member. +Therefore, the credential of the server become those of the gateway +sender or receiver. + ## How a Cache Client Sets Its Credential In order to connect with a locator or a server that does authentication, @@ -65,7 +70,7 @@ There are two ways of accomplishing this: as in the example ``` pre - security-username=webclient + security-username=clientapp security-password=xyz1234 ``` The user name and password are stored in the clear, so the @@ -88,13 +93,16 @@ or it might prompt for values. ## How Other Components Set Their Credentials -gfsh prompts upon `gfsh connect`. - -Pulse prompts upon start up. - -Components connecting via the REST API do something. +`gfsh` prompts for the user name and password upon invocation of +a`gfsh connect` command. +Pulse prompts for the user name and password upon start up. +Due to the stateless nature of the REST API, +a web application or other component that speaks to a server or locator +via the REST API goes through authentication on each request. +The header of the request needs to include attributes that define values for +`security-username` and `security-password`. ## Implement SecurityManager Interface
