This is an automated email from the ASF dual-hosted git repository.
dmagda pushed a commit to branch IGNITE-7595
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/IGNITE-7595 by this push:
new 385b68d cosmetic changes in the sandbox and cpp installation
instructions
385b68d is described below
commit 385b68d5985d25604c46ec39a6127a592d8ebb3b
Author: Denis Magda <dma...@gridgain.com>
AuthorDate: Thu Sep 24 12:29:07 2020 -0700
cosmetic changes in the sandbox and cpp installation instructions
---
docs/_data/toc.yaml | 2 +-
docs/_docs/includes/cpp-prerequisites.adoc | 8 ++------
docs/_docs/quick-start/cpp.adoc | 2 +-
docs/_docs/security/sandbox.adoc | 29 +++++++++++++++--------------
4 files changed, 19 insertions(+), 22 deletions(-)
diff --git a/docs/_data/toc.yaml b/docs/_data/toc.yaml
index 8f124c2..4bf3950 100644
--- a/docs/_data/toc.yaml
+++ b/docs/_data/toc.yaml
@@ -319,7 +319,7 @@
url: /security/tde
- title: Master key rotation
url: /security/master-key-rotation
- - titel: Sandbox
+ - title: Sandbox
url: /security/sandbox
- title: Thin Clients
items:
diff --git a/docs/_docs/includes/cpp-prerequisites.adoc
b/docs/_docs/includes/cpp-prerequisites.adoc
index de5bf5b..83f3a19 100644
--- a/docs/_docs/includes/cpp-prerequisites.adoc
+++ b/docs/_docs/includes/cpp-prerequisites.adoc
@@ -1,11 +1,7 @@
[width="100%",cols="1,3"]
|===
-.3+|JDK|Oracle JDK 8 and later
-|Open JDK 8 and later
-|IBM JDK 8 and later
-.3+|OS|Windows (Vista and up),
-|Windows Server (2008 and up)
-|Ubuntu (18.04 64 bit)
+|JDK|Oracle JDK 8 and later, Open JDK 8 and later, IBM JDK 8 and later
+|OS|Windows Vista, Windows Server 2008 and later versions, Ubuntu (18.04 64
bit)
|Network|No restrictions (10G recommended)
|Hardware|No restrictions
|C++ compiler|MS Visual C++ (10.0 and up), g++ (4.4.0 and up)
diff --git a/docs/_docs/quick-start/cpp.adoc b/docs/_docs/quick-start/cpp.adoc
index 67d692d..7de361f 100644
--- a/docs/_docs/quick-start/cpp.adoc
+++ b/docs/_docs/quick-start/cpp.adoc
@@ -49,7 +49,7 @@ include::includes/cpp-linux-build-prerequisites.adoc[]
=== Building C++ Ignite
- Download and unzip the Ignite binary release. We'll refer to a resulting
directory as to `${IGNITE_HOME}`.
-- Create build directory for CMake. We'll refer to this as `${CPP_BUILD_DIR}`
+- Create a build directory for CMake. We'll refer to this as `${CPP_BUILD_DIR}`
- Build and install Ignite.C++ by executing the following commands:
[tabs]
diff --git a/docs/_docs/security/sandbox.adoc b/docs/_docs/security/sandbox.adoc
index 04edc00..fa59cfd 100644
--- a/docs/_docs/security/sandbox.adoc
+++ b/docs/_docs/security/sandbox.adoc
@@ -9,34 +9,34 @@ and allows you to restrict the scope of user-defined logic
executed via Ignite A
== Ignite Sandbox Activation
-Follow the steps below to activate Ignite Sandbox.
+The activation of Ignite Sandbox involves the configuration of an
`SecurityManager` instance and creation of an
+`GridSecurityProcessor` implementation.
-- Install the SecurityManager.
+=== Install SecurityManager
-Due to the fact, that Ignite Sandbox is based on the Java Sandbox model, and
the SecurityManager is an important part of that model, you need to have it
installed.
+Due to the fact, that Ignite Sandbox is based on the Java Sandbox model, and
+link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager,window=_blank]
+is an important part of that model, you need to have it installed.
The SecurityManager is responsible for checking, which security policy is
currently in effect. It also performs access control checks.
The security manager is not automatically installed when an application is
running. If you run Ignite as a separate application,
you must invoke the Java Virtual Machine with the `-Djava.security.manager`
command-line argument (which sets the value of the `java.security.manager
property`).
-There is also a -Djava.security.policy command-line argument, defining, which
policy files are utilized.
+There is also a `-Djava.security.policy` command-line argument, defining,
which policy files are utilized.
If you don't include `-Djava.security.policy` into the command line, then the
policy files specified in the security properties file will be used.
-You can read more about Security Management
link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[here,window=_blank].
-
NOTE: It may be convenient adding the security manager and the policy
command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script.
-Read more about link:/quick-start/java#starting_a_node[starting a node].
NOTE: Ignite should have enough permissions to work correctly.
You may apply the most straightforward way that is granting to Ignite the
`java.security.AllPermission` permission,
but you should remember the "giving permissions as low as possible" security
principle.
-- Provide an implementation of the GridSecurityProcessor.
+=== Provide GridSecurityProcessor Implementation
Currently, Apache Ignite does not provide an implementation of the
`GridSecurityProcessor` interface out-of-the-box.
-But, you can implement this interface as a part of link:/plugins[a custom
plugin].
+But, you can implement this interface as a part of link:/docs/plugins[a custom
plugin].
The `GridSecurityProcessor` interface has the `sandboxEnabled` method that
manages a user-defined code execution inside the Ignite Sandbox.
By default, this method returns `false`, which means no-sandbox.
-If you are going to use the Ignite Sandbox, your overridden `sandboxEnabled`
method should return `true`.
+If you are going to use Ignite Sandbox, your overridden `sandboxEnabled`
method needs to return `true`.
If the Ignite Sandbox is turned on, you can see the following trace line:
[source,text]
@@ -47,10 +47,11 @@ If the Ignite Sandbox is turned on, you can see the
following trace line:
== Permissions
A user-defined code is always executed on behalf of the security subject that
initiates its execution.
-The security subject's sandbox
link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions,window=_blank]
define actions that a user-defined code can perform.
-The Ignite Sandbox gets these permissions using the
`SecuritySubject#sandboxPermissions` method.
+The security subject's sandbox
link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions,window=_blank]
+define actions that a user-defined code can perform.
+The Ignite Sandbox retrieves those permissions using the
`SecuritySubject#sandboxPermissions` method.
-NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the
public API of Ignite without granting any additional permissions.
+NOTE: A user-defined code, when running inside Ignite Sandbox, may use the
public API of Ignite without granting any additional permissions.
If a security subject doesn't have enough permissions to perform a
security-sensitive operation,
an AcccessControlException appears.
@@ -76,4 +77,4 @@ In the case of accessing the system property shown in the
snippet above, you can
[source,text]
----
java.security.AccessControlException: access denied
("java.util.PropertyPermission" "secret.property" "read")
-----
\ No newline at end of file
+----
