So, to be clear, we're providing the ability to recognize a HTTP authentication header containing 'Bearer <some encoded token string>' and then handing that to the Security Manager to do with as it pleases?
We're not doing anything with actual token management? (i.e. generating, revoking, etc.). --Jens On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <jil...@pivotal.io> wrote: > Hi, all > > JWT token based authentication support is added to Geode develop branch. > Currently only management v2 rest api can use this (we can add dev rest > there too if requested). In order to turn on token based auth for > management rest api, you will need to do these two things: > 1. start your locator with this property: > *security-auth-token-enabled-components = all (or management)* > 2. implement your SecurityManager to authenticate the jwt token passed in. > The jwt token will be available in the properties using the key > "security-token". > > Let me know if you have any questions. > > -- > Cheers > > Jinmei >
