mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2024-01-19 02:48:24 +00:00
Updated Security Overview (markdown)
parent
e27639eb2b
commit
9f1d1e9728
|
@ -82,6 +82,9 @@ To enable JWT-based access control for the Filer,
|
|||
|
||||
If `jwt.filer_signing.key` is configured: When sending upload/update/delete HTTP operations to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `jwt.filer_signing.key`.
|
||||
|
||||
The JwtToken can be generated by calling `security.GenJwtForFilerServer(signingKey SigningKey, expiresAfterSec int)` in `github.com/chrislusf/seaweedfs/weed/security` package.
|
||||
https://github.com/chrislusf/seaweedfs/blob/9b941773805400c520558d83aed633adc821988c/weed/security/jwt.go#L53
|
||||
|
||||
If `jwt.filer_signing.read.key` is configured: When sending GET or HEAD requests to a filer server, the request header `Authorization` should be the JWT string (`Authorization: Bearer [JwtToken]`). The operation is authorized after the filer validates the JWT with `jwt.filer_signing.read.key`.
|
||||
|
||||
The S3 API Gateway reads the above JWT keys and sends authenticated
|
||||
|
|
Loading…
Reference in a new issue