davebarnes97 commented on a change in pull request #6928:
URL: https://github.com/apache/geode/pull/6928#discussion_r721467821
##########
File path: geode-docs/managing/security/implementing_authentication.html.md.erb
##########
@@ -23,151 +23,150 @@ Authentication lends a measure of security to a cluster
by verifying the identity of components as they connect to the system.
All components use the same authentication mechanism.
-## How Authentication Works
+## <a id="authentication-how-it-works"></a>How Authentication Works
When a component initiates a connection to the cluster,
the `SecurityManager.authenticate` method is invoked.
The component provides its credentials in the form of properties
as a parameter to the `authenticate` method.
-The credential is presumed to be the two properties
+The credentials parameter is presumed to be a user/password combination,
specified as the two properties
`security-username` and `security-password`.
The `authenticate` method is expected to either return an object
representing a principal or throw an `AuthenticationFailedException`.
A well-designed `authenticate` method will have a set of known user and
password pairs that can be
-compared to the credential presented or will have a way of obtaining those
pairs.
+compared to the credentials presented or will have a way of obtaining those
pairs.
-## How a Server Sets Its Credential
+## <a id="authentication-server-set-creds"></a>How a Server Sets Its
Credentials
-In order to connect with a locator that does authentication,
-a server will need to set its credential, composed of the two properties
+In order to connect with a locator that performs authentication,
+a server must set its credentials, a username and password specified as the
two properties
`security-username` and `security-password`.
-Choose one of these two ways to accomplish this:
-
-- Set `security-username` and `security-password` in the server's
-`gfsecurity.properties` file that will be read upon server start up,
-as in the example
-
- ``` pre
- security-username=admin
- security-password=xyz1234
- ```
- The user name and password are stored in the clear, so the
- `gfsecurity.properties` file must be protected by restricting access with
- file system permissions.
-
-- Implement `AuthInitialize` interface for the server.
-
- - Set the property `security-peer-auth-init`,
- so that an object of the class that implements the `AuthInitialize`
- interface will be instantiated.
- Set the property to one of these two values:
-
- - Set property `security-peer-auth-init` to the fully-qualified
- class name that implements the `AuthInitialize` interface
- as in the example
-
- ``` pre
- security-peer-auth-init=com.example.security.ServerAuthenticate
- ```
- - Set property `security-peer-auth-init` to the fully-qualified
- method name of a method that instantiates an object of the class
- that implements the `AuthInitialize` interface
- as in the example
-
- ``` pre
- security-peer-auth-init=com.example.security.ServerAuthenticate.create
- ```
-
- - Implement the `getCredentials` method within the `AuthInitialize`
- interface to acquire values for
- the `security-username` and `security-password` properties
- in whatever way it wishes.
- It might look up values in a database or another external resource.
-
-Gateway senders and receivers communicate as a component of their
-server member.
-Therefore, the credential of the server become those of the gateway
-sender or receiver.
-
-## How a Client Cache Sets Its Credential
-
-In order to connect with a locator or a server that does authentication,
-a client will need to set its credential, composed of the two properties
+Choose one of two ways to set the server credentials:
+
+- Add settings to the server properties file, or
+- Implement the `AuthInitialize` interface for the server
+
+### <a id="authentication-setserverprops"></a>Add Settings to the Server
Properties File
+
+Set `security-username` and `security-password` in the server's
+`gfsecurity.properties` file, which is read upon server startup.
+For example:
+
+``` pre
+security-username=admin
+security-password=xyz1234
+```
+The username and password are stored in the clear, so the
+`gfsecurity.properties` file must be protected by restricting access with
+file system permissions.
+
+### <a id="authentication-implementserverinterface"></a>Implement the
AuthInitialize Interface for the Server
+
+To implement the `AuthInitialize` interface for the server, set the
+`security-peer-auth-init` property so that an object of the class that
implements the `AuthInitialize`
+interface will be instantiated. There are two ways to do this:
+
+- You can set the `security-peer-auth-init` property to the fully-qualified
class name that implements
+ the `AuthInitialize` interface as in the example
+
+ ``` pre
+ security-peer-auth-init=com.example.security.ServerAuthenticate
+ ```
+
+- You can set the `security-peer-auth-init` property to the fully-qualified
method name of a method
+that instantiates an object of the class that implements the `AuthInitialize`
interface as in the
+example
+
+ ``` pre
+ security-peer-auth-init=com.example.security.ServerAuthenticate.create
+ ```
+
+Implement the `getCredentials` method within the `AuthInitialize` interface to
acquire values for
+the `security-username` and `security-password` properties in whatever way you
wish. For example,
+it might look up values in a database or another external resource.
+
+Gateway senders and receivers communicate as components of their respective
server members. Therefore, the
+credentials of the server become those of the gateway sender or receiver.
+
+## <a id="authentication-client-set-creds"></a>How a Client Cache Sets its
Credentials
+
+In order to connect with a locator or a server that performs authentication,
+a client must set its credentials, a username and password specified as the
two properties
Review comment:
Thanks, @jinmeiliao Change incorporated.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
