So application developer's will need to know to code their application client's to lookup the JWT token (from some store) and set HTTP request headers to send the token, or will this be handled automatically by a geode client?
On Fri, Oct 4, 2019 at 11:37 AM Jinmei Liao <jil...@pivotal.io> wrote: > yes, correct, we are assuming the client will have the token available > somehow and send in the token in the authentication header. We are not > doing anything with actual token management. > > On Fri, Oct 4, 2019 at 11:34 AM Jens Deppe <jde...@pivotal.io> wrote: > > > So, to be clear, we're providing the ability to recognize a HTTP > > authentication header containing 'Bearer <some encoded token string>' and > > then handing that to the Security Manager to do with as it pleases? > > > > We're not doing anything with actual token management? (i.e. generating, > > revoking, etc.). > > > > --Jens > > > > On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <jil...@pivotal.io> wrote: > > > > > Hi, all > > > > > > JWT token based authentication support is added to Geode develop > branch. > > > Currently only management v2 rest api can use this (we can add dev rest > > > there too if requested). In order to turn on token based auth for > > > management rest api, you will need to do these two things: > > > 1. start your locator with this property: > > > *security-auth-token-enabled-components = all (or management)* > > > 2. implement your SecurityManager to authenticate the jwt token passed > > in. > > > The jwt token will be available in the properties using the key > > > "security-token". > > > > > > Let me know if you have any questions. > > > > > > -- > > > Cheers > > > > > > Jinmei > > > > > > > > -- > Cheers > > Jinmei > -- -John john.blum10101 (skype)
