This is an automated email from the ASF dual-hosted git repository. dmagda pushed a commit to branch IGNITE-7595 in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/IGNITE-7595 by this push: new 385b68d cosmetic changes in the sandbox and cpp installation instructions 385b68d is described below commit 385b68d5985d25604c46ec39a6127a592d8ebb3b Author: Denis Magda <dma...@gridgain.com> AuthorDate: Thu Sep 24 12:29:07 2020 -0700 cosmetic changes in the sandbox and cpp installation instructions --- docs/_data/toc.yaml | 2 +- docs/_docs/includes/cpp-prerequisites.adoc | 8 ++------ docs/_docs/quick-start/cpp.adoc | 2 +- docs/_docs/security/sandbox.adoc | 29 +++++++++++++++-------------- 4 files changed, 19 insertions(+), 22 deletions(-) diff --git a/docs/_data/toc.yaml b/docs/_data/toc.yaml index 8f124c2..4bf3950 100644 --- a/docs/_data/toc.yaml +++ b/docs/_data/toc.yaml @@ -319,7 +319,7 @@ url: /security/tde - title: Master key rotation url: /security/master-key-rotation - - titel: Sandbox + - title: Sandbox url: /security/sandbox - title: Thin Clients items: diff --git a/docs/_docs/includes/cpp-prerequisites.adoc b/docs/_docs/includes/cpp-prerequisites.adoc index de5bf5b..83f3a19 100644 --- a/docs/_docs/includes/cpp-prerequisites.adoc +++ b/docs/_docs/includes/cpp-prerequisites.adoc @@ -1,11 +1,7 @@ [width="100%",cols="1,3"] |=== -.3+|JDK|Oracle JDK 8 and later -|Open JDK 8 and later -|IBM JDK 8 and later -.3+|OS|Windows (Vista and up), -|Windows Server (2008 and up) -|Ubuntu (18.04 64 bit) +|JDK|Oracle JDK 8 and later, Open JDK 8 and later, IBM JDK 8 and later +|OS|Windows Vista, Windows Server 2008 and later versions, Ubuntu (18.04 64 bit) |Network|No restrictions (10G recommended) |Hardware|No restrictions |C++ compiler|MS Visual C++ (10.0 and up), g++ (4.4.0 and up) diff --git a/docs/_docs/quick-start/cpp.adoc b/docs/_docs/quick-start/cpp.adoc index 67d692d..7de361f 100644 --- a/docs/_docs/quick-start/cpp.adoc +++ b/docs/_docs/quick-start/cpp.adoc @@ -49,7 +49,7 @@ include::includes/cpp-linux-build-prerequisites.adoc[] === Building C++ Ignite - Download and unzip the Ignite binary release. We'll refer to a resulting directory as to `${IGNITE_HOME}`. -- Create build directory for CMake. We'll refer to this as `${CPP_BUILD_DIR}` +- Create a build directory for CMake. We'll refer to this as `${CPP_BUILD_DIR}` - Build and install Ignite.C++ by executing the following commands: [tabs] diff --git a/docs/_docs/security/sandbox.adoc b/docs/_docs/security/sandbox.adoc index 04edc00..fa59cfd 100644 --- a/docs/_docs/security/sandbox.adoc +++ b/docs/_docs/security/sandbox.adoc @@ -9,34 +9,34 @@ and allows you to restrict the scope of user-defined logic executed via Ignite A == Ignite Sandbox Activation -Follow the steps below to activate Ignite Sandbox. +The activation of Ignite Sandbox involves the configuration of an `SecurityManager` instance and creation of an +`GridSecurityProcessor` implementation. -- Install the SecurityManager. +=== Install SecurityManager -Due to the fact, that Ignite Sandbox is based on the Java Sandbox model, and the SecurityManager is an important part of that model, you need to have it installed. +Due to the fact, that Ignite Sandbox is based on the Java Sandbox model, and +link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[SecurityManager,window=_blank] +is an important part of that model, you need to have it installed. The SecurityManager is responsible for checking, which security policy is currently in effect. It also performs access control checks. The security manager is not automatically installed when an application is running. If you run Ignite as a separate application, you must invoke the Java Virtual Machine with the `-Djava.security.manager` command-line argument (which sets the value of the `java.security.manager property`). -There is also a -Djava.security.policy command-line argument, defining, which policy files are utilized. +There is also a `-Djava.security.policy` command-line argument, defining, which policy files are utilized. If you don't include `-Djava.security.policy` into the command line, then the policy files specified in the security properties file will be used. -You can read more about Security Management link:https://docs.oracle.com/javase/8/docs/technotes/guides/security/spec/security-spec.doc6.html#a19349[here,window=_blank]. - NOTE: It may be convenient adding the security manager and the policy command-line arguments to `{IGNITE-HOME}/bin/ignite.sh|ignite.bat` script. -Read more about link:/quick-start/java#starting_a_node[starting a node]. NOTE: Ignite should have enough permissions to work correctly. You may apply the most straightforward way that is granting to Ignite the `java.security.AllPermission` permission, but you should remember the "giving permissions as low as possible" security principle. -- Provide an implementation of the GridSecurityProcessor. +=== Provide GridSecurityProcessor Implementation Currently, Apache Ignite does not provide an implementation of the `GridSecurityProcessor` interface out-of-the-box. -But, you can implement this interface as a part of link:/plugins[a custom plugin]. +But, you can implement this interface as a part of link:/docs/plugins[a custom plugin]. The `GridSecurityProcessor` interface has the `sandboxEnabled` method that manages a user-defined code execution inside the Ignite Sandbox. By default, this method returns `false`, which means no-sandbox. -If you are going to use the Ignite Sandbox, your overridden `sandboxEnabled` method should return `true`. +If you are going to use Ignite Sandbox, your overridden `sandboxEnabled` method needs to return `true`. If the Ignite Sandbox is turned on, you can see the following trace line: [source,text] @@ -47,10 +47,11 @@ If the Ignite Sandbox is turned on, you can see the following trace line: == Permissions A user-defined code is always executed on behalf of the security subject that initiates its execution. -The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions,window=_blank] define actions that a user-defined code can perform. -The Ignite Sandbox gets these permissions using the `SecuritySubject#sandboxPermissions` method. +The security subject's sandbox link:https://docs.oracle.com/en/java/javase/11/security/java-se-platform-security-architecture.html#GUID-DEA8EAB1-CF00-4658-AA6D-D2C9754C8B37[permissions,window=_blank] +define actions that a user-defined code can perform. +The Ignite Sandbox retrieves those permissions using the `SecuritySubject#sandboxPermissions` method. -NOTE: A user-defined code, when running inside the Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. +NOTE: A user-defined code, when running inside Ignite Sandbox, may use the public API of Ignite without granting any additional permissions. If a security subject doesn't have enough permissions to perform a security-sensitive operation, an AcccessControlException appears. @@ -76,4 +77,4 @@ In the case of accessing the system property shown in the snippet above, you can [source,text] ---- java.security.AccessControlException: access denied ("java.util.PropertyPermission" "secret.property" "read") ----- \ No newline at end of file +----