yes, correct, we are assuming the client will have the token available somehow and send in the token in the authentication header. We are not doing anything with actual token management.
On Fri, Oct 4, 2019 at 11:34 AM Jens Deppe <jde...@pivotal.io> wrote: > So, to be clear, we're providing the ability to recognize a HTTP > authentication header containing 'Bearer <some encoded token string>' and > then handing that to the Security Manager to do with as it pleases? > > We're not doing anything with actual token management? (i.e. generating, > revoking, etc.). > > --Jens > > On Fri, Oct 4, 2019 at 10:59 AM Jinmei Liao <jil...@pivotal.io> wrote: > > > Hi, all > > > > JWT token based authentication support is added to Geode develop branch. > > Currently only management v2 rest api can use this (we can add dev rest > > there too if requested). In order to turn on token based auth for > > management rest api, you will need to do these two things: > > 1. start your locator with this property: > > *security-auth-token-enabled-components = all (or management)* > > 2. implement your SecurityManager to authenticate the jwt token passed > in. > > The jwt token will be available in the properties using the key > > "security-token". > > > > Let me know if you have any questions. > > > > -- > > Cheers > > > > Jinmei > > > -- Cheers Jinmei
