Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 0BE21200CA8 for ; Thu, 15 Jun 2017 23:50:07 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 0A743160BDF; Thu, 15 Jun 2017 21:50:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 2AB01160BC9 for ; Thu, 15 Jun 2017 23:50:06 +0200 (CEST) Received: (qmail 15431 invoked by uid 500); 15 Jun 2017 21:50:05 -0000 Mailing-List: contact issues-help@geode.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@geode.apache.org Delivered-To: mailing list issues@geode.apache.org Received: (qmail 15422 invoked by uid 99); 15 Jun 2017 21:50:05 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd4-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 15 Jun 2017 21:50:05 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd4-us-west.apache.org (ASF Mail Server at spamd4-us-west.apache.org) with ESMTP id F41BCC1817 for ; Thu, 15 Jun 2017 21:50:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd4-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd4-us-west.apache.org [10.40.0.11]) (amavisd-new, port 10024) with ESMTP id XEJAFxV7ERnd for ; Thu, 15 Jun 2017 21:50:03 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 72D335F27B for ; Thu, 15 Jun 2017 21:50:02 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 6A5C2E069F for ; Thu, 15 Jun 2017 21:50:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 8437324002 for ; Thu, 15 Jun 2017 21:50:00 +0000 (UTC) Date: Thu, 15 Jun 2017 21:50:00 +0000 (UTC) From: "ASF GitHub Bot (JIRA)" To: issues@geode.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (GEODE-2854) GEODE REST API Docs Missing Authentication MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Thu, 15 Jun 2017 21:50:07 -0000 [ https://issues.apache.org/jira/browse/GEODE-2854?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16051113#comment-16051113 ] ASF GitHub Bot commented on GEODE-2854: --------------------------------------- Github user joeymcallister commented on a diff in the pull request: https://github.com/apache/geode/pull/583#discussion_r122319962 --- Diff: geode-docs/rest_apps/setup_config.html.md.erb --- @@ -29,162 +31,233 @@ All Geode REST interface classes and required JAR files are distributed as a WAR where _install-dir_ is the server installation directory and _n.n.n_ is a version number. -To enable the developer REST API service in Apache Geode, set the `start-dev-rest-api` Geode property to `true` when starting a data node using either `gfsh` or the ServerLauncher API. Setting this property to true on a data node will start up an embedded Jetty server and deploy the REST developer API WAR file. +- [Enabling the REST API](#setup_config_enabling_rest) +- [Starting the REST API Service](#setup_config_starting_rest) +- [Implementing Authentication for the REST API](#setup_config_implementing_auth) +- [Programmatic Startup](#setup_config_implementing_auth) + +# Enabling the REST API + +The REST API service for application development runs only on data nodes; you cannot run the service on a locator. + +To enable the Developer REST API service on a given server, set the `start-dev-rest-api` property +to `true` when starting the data node to start an embedded Jetty server and deploy the Developer REST +API WAR file on that node. Use either the `gfsh start server` command or the ServerLauncher API to enable this property. -**Note:** -The REST API service for application development runs only on servers; you cannot use locators to host the developer Geode REST API services. +## Enabling the REST API on Multiple Nodes -You can have multiple REST enabled data nodes in a single distributed system. Each data node should +You can configure multiple REST enabled data nodes in a single distributed system. Each data node should have a separate host name and unique end point. To ensure that the data node is reachable on a -machine with multiple NIC addresses, you can use `http-service-bind-address` to bind an address to -the REST API service (as well as the other embedded web services such as Pulse). +machine with multiple NIC addresses, use `http-service-bind-address` to bind an address to +the REST API service (as well as the other embedded web services, such as Pulse). -You can also configure the Developer REST API service to run over -HTTPS by enabling ssl for the `http` component in `gemfire.properties` -or `gfsecurity.properties` or on server startup: -See [SSL](../managing/security/ssl_overview.html) for details on configuring SSL parameters. -These SSL parameters apply to all HTTP services hosted on the configured server, which can include the following: +You can configure the Developer REST API service to run over HTTPS by enabling SSL for the `http` +component in `gemfire.properties` or `gfsecurity.properties`, or on server startup. See +[SSL](../managing/security/ssl_overview.html) for details on configuring SSL parameters. These SSL +parameters apply to all HTTP services hosted on the configured server, which can include the +following: - Developer REST API service - Management REST API service (for remote cluster management) - Pulse monitoring tool -The following procedure starts up a REST API service-enabled Geode deployment: +# Starting the REST API Service -1. Configure PDX for your cluster. You must configure PDX if either or both of the following conditions apply: - - Application peer member caches will access REST-accessible Regions (resources) with the `Region.get(key)`. - - Your deployment has persistent regions that must be available as resources to the REST API. To configure PDX in your cluster, perform the following steps: - 1. Start up a locator running the [cluster configuration service](../configuring/cluster_config/gfsh_persist.html) (enabled by default). For example: +To start a REST API service-enabled Geode deployment, configure PDX serialization for your +cluster, then start the service on one or more server nodes. - ``` pre - gfsh>start locator --name=locator1 - ``` - 2. If your deployment has application peer member caches (for example, Java clients) that must also access REST-accessible Regions (resources), use the following gfsh command: +## Configure PDX for your cluster - ``` pre - gfsh>configure pdx --read-serialized=true - ``` - **Note:** - You do not need to configure `--read-serialized=true` if no application peer member caches are accessing the REST-accessible regions (resources) in your deployment. - 3. If your deployment contains **persistent regions** that must be REST-accessible, use the following gfsh command: +You must configure PDX if either or both of the following conditions apply: - ``` pre - gfsh>configure pdx --disk-store - ``` - This command sets `pdx` `persistent` equal to true and sets the disk-store-name to DEFAULT. If desired, specify an existing disk store name as the value for `--disk-store`. - 4. If both of the above cases apply to your deployment, then configure PDX with the following single command: +- Application peer member caches will access REST-accessible regions (resources) with `Region.get(key)`. +- Your deployment has persistent regions that must be available as resources to the REST API. - ``` pre - gfsh>configure pdx --read-serialized=true --disk-store - ``` +To configure PDX in your cluster, perform the following steps: - After you have configured PDX for your caches, then proceed with starting up your REST-enabled servers and other data nodes. +1. Start up a locator running the [cluster configuration service](../configuring/cluster_config/gfsh_persist.html) (enabled by default). For example: --- End diff -- Change "Start up a locator" to "Start a locator" > GEODE REST API Docs Missing Authentication > ------------------------------------------ > > Key: GEODE-2854 > URL: https://issues.apache.org/jira/browse/GEODE-2854 > Project: Geode > Issue Type: Task > Components: docs > Reporter: Michael Martell > Assignee: Dave Barnes > > The REST API docs don't document how to do authentication. Looks like HEAD params "security-username" and "security-password" are supported but undocumented in the REST API. > There is a comment about REST auth in this link: https://geode.apache.org/docs/guide/11/managing/security/implementing_authentication.html > Also, the docs seem to imply that you pass usr/passwd in the http headers such as 'security-username' and 'security-password'. However, it only works using HTTP Basic Authentication, which Spring must be translating on the server side into the 'security-username' and 'security-password' params. -- This message was sent by Atlassian JIRA (v6.4.14#64029)