Skip to content

Commit 7962e2c

Browse files
kaajaln2kaajaln2
authored
Document update - Security section (#7920)
* Document update - Security section – Added the Security Model statement to the Security section and repositioned the entire section to the top-level hierarchy of the document for improved visibility. Also added a link to the security pages in the “Apache Geode is 15 or Less” section to enhance accessibility to related resources. * Fixed based on review - Links called directly. Fixed indentation issue. Fixed broken links.
1 parent ab4c3e4 commit 7962e2c

32 files changed

+160
-121
lines changed

geode-book/master_middleman/source/subnavs/geode-subnav.erb

Lines changed: 89 additions & 85 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ limitations under the License.
2323
<li>
2424
<a href="/docs/guide/<%=vars.product_version_nodot%>/about_geode.html">Apache Geode Documentation</a>
2525
</li>
26-
<li class="has_submenu">
26+
<li class="has_submenu">
2727
<a href="/docs/guide/<%=vars.product_version_nodot%>/getting_started/book_intro.html">Getting Started with Apache Geode</a>
2828
<ul>
2929
<li>
@@ -74,6 +74,94 @@ limitations under the License.
7474
</li>
7575
</ul>
7676
</li>
77+
<li class="has_submenu">
78+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/chapter_overview.html">Security</a>
79+
<ul>
80+
<li>
81+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security_model.html">Security Model</a>
82+
</li>
83+
<li>
84+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_security.html">Security Implementation Introduction and Overview</a>
85+
</li>
86+
<li class="has_submenu">
87+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security_audit_overview.html">Security Detail Considerations</a>
88+
<ul>
89+
<li>
90+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security-audit.html">External Interfaces, Ports, and Services</a>
91+
</li>
92+
<li>
93+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security-audit.html#topic_263072624B8D4CDBAD18B82E07AA44B6">Resources That Must Be Protected</a>
94+
</li>
95+
<li>
96+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/security-audit.html#topic_5B6DF783A14241399DC25C6EE8D0048A">Log File Locations</a>
97+
</li>
98+
<li>
99+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/properties_file.html">Where to Place Security Configuration Settings</a>
100+
</li>
101+
</ul>
102+
</li>
103+
<li>
104+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/enable_security.html">Enable Security with Property Definitions</a>
105+
</li>
106+
<li class="has_submenu">
107+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authentication_overview.html">Authentication</a>
108+
<ul>
109+
<li>
110+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_authentication.html">Implementing Authentication</a>
111+
</li>
112+
<li>
113+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authentication_examples.html">Authentication Example</a>
114+
</li>
115+
<li>
116+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_authentication_expiry.html">Implementing Authentication Expiry</a>
117+
</li>
118+
</ul>
119+
</li>
120+
<li class="has_submenu">
121+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authorization_overview.html">Authorization</a>
122+
<ul>
123+
<li>
124+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_authorization.html">Implementing Authorization</a>
125+
</li>
126+
<li>
127+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/method_invocation_authorizers.html">Method Invocation Authorizers</a>
128+
</li>
129+
<li>
130+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/authorization_example.html">Authorization Examples</a>
131+
</li>
132+
</ul>
133+
</li>
134+
<li>
135+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/post_processing.html">Post Processing of Region Data</a>
136+
</li>
137+
<li class="has_submenu">
138+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/ssl_overview.html">SSL</a>
139+
<ul>
140+
<li class="has_submenu">
141+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html">Configuring SSL</a>
142+
<ul>
143+
<li>
144+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#ssl_configurable_components">SSL-Configurable Components</a>
145+
</li>
146+
<li>
147+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#ssl_configuration_properties">SSL Configuration Properties</a>
148+
</li>
149+
<li>
150+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#ssl_property_reference_tables">SSL Property Reference Tables</a>
151+
</li>
152+
<li>
153+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/implementing_ssl.html#implementing_ssl__sec_ssl_impl_proc">Procedure</a>
154+
</li>
155+
</ul>
156+
</li>
157+
<li>
158+
<a href="/docs/guide/<%=vars.product_version_nodot%>/security/ssl_example.html">SSL Sample Implementation</a>
159+
</li>
160+
</ul>
161+
</li>
162+
</ul>
163+
</li>
164+
77165
<li class="has_submenu">
78166
<a href="/docs/guide/<%=vars.product_version_nodot%>/configuring/chapter_overview.html">Configuring and Running a Cluster</a>
79167
<ul>
@@ -584,90 +672,6 @@ limitations under the License.
584672
</li>
585673
</ul>
586674
</li>
587-
<li class="has_submenu">
588-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/chapter_overview.html">Security</a>
589-
<ul>
590-
<li>
591-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_security.html">Security Implementation Introduction and Overview</a>
592-
</li>
593-
<li class="has_submenu">
594-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security_audit_overview.html">Security Detail Considerations</a>
595-
<ul>
596-
<li>
597-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security-audit.html">External Interfaces, Ports, and Services</a>
598-
</li>
599-
<li>
600-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security-audit.html#topic_263072624B8D4CDBAD18B82E07AA44B6">Resources That Must Be Protected</a>
601-
</li>
602-
<li>
603-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/security-audit.html#topic_5B6DF783A14241399DC25C6EE8D0048A">Log File Locations</a>
604-
</li>
605-
<li>
606-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/properties_file.html">Where to Place Security Configuration Settings</a>
607-
</li>
608-
</ul>
609-
</li>
610-
<li>
611-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/enable_security.html">Enable Security with Property Definitions</a>
612-
</li>
613-
<li class="has_submenu">
614-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authentication_overview.html">Authentication</a>
615-
<ul>
616-
<li>
617-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_authentication.html">Implementing Authentication</a>
618-
</li>
619-
<li>
620-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authentication_examples.html">Authentication Example</a>
621-
</li>
622-
<li>
623-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_authentication_expiry.html">Implementing Authentication Expiry</a>
624-
</li>
625-
</ul>
626-
</li>
627-
<li class="has_submenu">
628-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authorization_overview.html">Authorization</a>
629-
<ul>
630-
<li>
631-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_authorization.html">Implementing Authorization</a>
632-
</li>
633-
<li>
634-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/method_invocation_authorizers.html">Method Invocation Authorizers</a>
635-
</li>
636-
<li>
637-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/authorization_example.html">Authorization Examples</a>
638-
</li>
639-
</ul>
640-
</li>
641-
<li>
642-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/post_processing.html">Post Processing of Region Data</a>
643-
</li>
644-
<li class="has_submenu">
645-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/ssl_overview.html">SSL</a>
646-
<ul>
647-
<li class="has_submenu">
648-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html">Configuring SSL</a>
649-
<ul>
650-
<li>
651-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#ssl_configurable_components">SSL-Configurable Components</a>
652-
</li>
653-
<li>
654-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#ssl_configuration_properties">SSL Configuration Properties</a>
655-
</li>
656-
<li>
657-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#ssl_property_reference_tables">SSL Property Reference Tables</a>
658-
</li>
659-
<li>
660-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/implementing_ssl.html#implementing_ssl__sec_ssl_impl_proc">Procedure</a>
661-
</li>
662-
</ul>
663-
</li>
664-
<li>
665-
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/security/ssl_example.html">SSL Sample Implementation</a>
666-
</li>
667-
</ul>
668-
</li>
669-
</ul>
670-
</li>
671675
<li class="has_submenu">
672676
<a href="/docs/guide/<%=vars.product_version_nodot%>/managing/monitor_tune/chapter_overview.html">Performance Tuning and Configuration</a>
673677
<ul>

geode-docs/basic_config/the_cache/managing_a_secure_cache.html.md.erb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ and authorization prior to cache operations.
2424
Client apps and cluster members (servers and locators) require
2525
configuration and setup when the `SecurityManager` is enabled.
2626

27-
See the section on [Security](../../managing/security/chapter_overview.html)
27+
See the section on [Security](../../security/chapter_overview.html)
2828
for details.
2929
For authentication, see
30-
[Implementing Authentication](../../managing/security/implementing_authentication.html).
30+
[Implementing Authentication](../../security/implementing_authentication.html).

geode-docs/configuring/cluster_config/gfsh_remote.html.md.erb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ To connect `gfsh` using the HTTP protocol to a remote cluster:
7070
To configure SSL for the remote connection (HTTPS), enable SSL for the `http` component
7171
in <span class="ph filepath">gemfire.properties</span> or <span class="ph
7272
filepath">gfsecurity-properties</span> or upon server startup. See
73-
[SSL](../../managing/security/ssl_overview.html) for details on configuring SSL parameters. These
73+
[SSL](../../security/ssl_overview.html) for details on configuring SSL parameters. These
7474
SSL parameters also apply to all HTTP services hosted on the configured JMX Manager, which can
7575
include the following:
7676

geode-docs/developing/function_exec/function_execution.html.md.erb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ Code the methods you need for the function. These steps do not have to be done i
4444
- If the function should be run with an authorization level other than
4545
the default of `DATA:WRITE`,
4646
implement an override of the `Function.getRequiredPermissions()` method.
47-
See [Authorization of Function Execution](../../managing/security/implementing_authorization.html#AuthorizeFcnExecution) for details on this method.
47+
See [Authorization of Function Execution](../../security/implementing_authorization.html#AuthorizeFcnExecution) for details on this method.
4848
- Code the `execute` method to perform the work of the function.
4949
1. Make `execute` thread safe to accommodate simultaneous invocations.
5050
2. For high availability, code `execute` to accommodate multiple identical calls to the function. Use the `RegionFunctionContext` `isPossibleDuplicate` to determine whether the call may be a high-availability re-execution. This boolean is set to true on execution failure and is false otherwise.

geode-docs/developing/function_exec/how_function_execution_works.html.md.erb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ a check is made to see that that caller is authorized to execute
4444
the function.
4545
The required permissions for authorization are provided by
4646
the function's `Function.getRequiredPermissions()` method.
47-
See [Authorization of Function Execution](../../managing/security/implementing_authorization.html#AuthorizeFcnExecution) for a discussion of this method.
47+
See [Authorization of Function Execution](../../security/implementing_authorization.html#AuthorizeFcnExecution) for a discussion of this method.
4848
2. Given successful authorization,
4949
<%=vars.product_name%> invokes the function on all members where it
5050
needs to run. The locations are determined by the `FunctionService` `on*`

geode-docs/developing/query_select/the_where_clause.html.md.erb

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -241,12 +241,12 @@ When a `null` argument is used, if the query processor cannot determine the prop
241241

242242
**Methods calls with the `SecurityManager` enabled**
243243

244-
When the `SecurityManager` is enabled, by default <%=vars.product_name%> throws a `NotAuthorizedException` when any method that does not belong to the to the list of default allowed methods, given in [RestrictedMethodAuthorizer](../../managing/security/method_invocation_authorizers.html#restrictedMethodAuthorizer), is invoked.
244+
When the `SecurityManager` is enabled, by default <%=vars.product_name%> throws a `NotAuthorizedException` when any method that does not belong to the to the list of default allowed methods, given in [RestrictedMethodAuthorizer](../../security/method_invocation_authorizers.html#restrictedMethodAuthorizer), is invoked.
245245
246-
In order to further customize this authorization check, see [Changing the Method Authorizer](../../managing/security/method_invocation_authorizers.html#changing_method_authorizer).
246+
In order to further customize this authorization check, see [Changing the Method Authorizer](../../security/method_invocation_authorizers.html#changing_method_authorizer).
247247
248248
In the past you could use the system property `gemfire.QueryService.allowUntrustedMethodInvocation` to disable the check altogether, but this approach is deprecated and will be removed in future releases;
249-
you need to configure the [UnrestrictedMethodAuthorizer](../../managing/security/method_invocation_authorizers.html#unrestrictedMethodAuthorizer) instead.
249+
you need to configure the [UnrestrictedMethodAuthorizer](../../security/method_invocation_authorizers.html#unrestrictedMethodAuthorizer) instead.
250250
251251
## <a id="the_where_clause__section_59E7D64746AE495D942F2F09EF7DB9B5" class="no-quick-link"></a>Enum Objects
252252

geode-docs/getting_started/15_minute_quickstart_gfsh.html.md.erb

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -514,6 +514,8 @@ To shut down your cluster, do the following:
514514
515515
Here are some suggestions on what to explore next with <%=vars.product_name_long%>:
516516

517-
- Continue reading the next section to learn more about the components and concepts that were just introduced.
518-
- To get more practice using `gfsh`, see [Tutorial—Performing Common Tasks with gfsh](../tools_modules/gfsh/tour_of_gfsh.html#concept_0B7DE9DEC1524ED0897C144EE1B83A34).
519-
- To learn about the cluster configuration service, see [Tutorial—Creating and Using a Cluster Configuration](../configuring/cluster_config/persisting_configurations.html#task_bt3_z1v_dl).
517+
- To ensure that your Geode instances are secure, see: [Security](../security/chapter_overview.html).
518+
- To get more practice using `gfsh`, see [Tutorial—Performing Common Tasks with gfsh](../tools_modules/gfsh/tour_of_gfsh.html#concept_0B7DE9DEC1524ED0897C144EE1B83A34).
519+
- To learn about the cluster configuration service, see [Tutorial—Creating and Using a Cluster Configuration](../configuring/cluster_config/persisting_configurations.html#task_bt3_z1v_dl).
520+
- Continue reading the next section to learn more about the components and concepts that were just introduced.
521+

0 commit comments

Comments
 (0)