diff --git a/docs/security.md b/docs/security.md index 69df5475dc8..3c8b095ff0b 100644 --- a/docs/security.md +++ b/docs/security.md @@ -55,11 +55,11 @@ GravitinoClient client = GravitinoClient.builder(uri) | Configuration item | Description | Default value | Required | Since version | |---------------------------------------------------|-----------------------------------------------------------------------------|-------------------|-----------------------------------------|---------------| -| `gravitino.authenticator` | The authenticator which Gravitino uses, setting as `simple` or `oauth`. | `simple` | Yes | 0.3.0 | -| `gravitino.authenticator.oauth.serviceAudience` | The audience name when Gravitino uses OAuth as the authenticator. | `GravitinoServer` | Yes if use `oauth` as the authenticator | 0.3.0 | -| `gravitino.authenticator.oauth.allowSkewSecs` | The JWT allows skew seconds when Gravitino uses OAuth as the authenticator. | `0` | Yes if use `oauth` as the authenticator | 0.3.0 | +| `gravitino.authenticator` | The authenticator which Gravitino uses, setting as `simple` or `oauth`. | `simple` | No | 0.3.0 | +| `gravitino.authenticator.oauth.serviceAudience` | The audience name when Gravitino uses OAuth as the authenticator. | `GravitinoServer` | No | 0.3.0 | +| `gravitino.authenticator.oauth.allowSkewSecs` | The JWT allows skew seconds when Gravitino uses OAuth as the authenticator. | `0` | No | 0.3.0 | | `gravitino.authenticator.oauth.defaultSignKey` | The signing key of JWT when Gravitino uses OAuth as the authenticator. | (none) | Yes if use `oauth` as the authenticator | 0.3.0 | -| `gravitino.authenticator.oauth.signAlgorithmType` | The signature algorithm when Gravitino uses OAuth as the authenticator. | `RS256` | Yes if use `oauth` as the authenticator | 0.3.0 | +| `gravitino.authenticator.oauth.signAlgorithmType` | The signature algorithm when Gravitino uses OAuth as the authenticator. | `RS256` | No | 0.3.0 | | `gravitino.authenticator.oauth.serverUri` | The URI of the default OAuth server. | (none) | Yes if use `oauth` as the authenticator | 0.3.0 | | `gravitino.authenticator.oauth.tokenPath` | The path for token of the default OAuth server. | (none) | Yes if use `oauth` as the authenticator | 0.3.0 | @@ -152,35 +152,35 @@ Both Gravitino server and Iceberg REST service can configure HTTPS. | Configuration item | Description | Default value | Required | Since version | |-----------------------------------------------------|--------------------------------------------------------------------|---------------|---------------------------------------------------|---------------| -| `gravitino.server.webserver.enableHttps` | Enables HTTPS. | `false` | Yes | 0.3.0 | -| `gravitino.server.webserver.httpsPort` | The HTTPS port number of the Jetty web server. | `8433` | Yes if use HTTPS | 0.3.0 | +| `gravitino.server.webserver.enableHttps` | Enables HTTPS. | `false` | No | 0.3.0 | +| `gravitino.server.webserver.httpsPort` | The HTTPS port number of the Jetty web server. | `8433` | No | 0.3.0 | | `gravitino.server.webserver.keyStorePath` | Path to the key store file. | (none) | Yes if use HTTPS | 0.3.0 | | `gravitino.server.webserver.keyStorePassword` | Password to the key store. | (none) | Yes if use HTTPS | 0.3.0 | -| `gravitino.server.webserver.keyStoreType` | The type to the key store. | `JKS` | Yes if use HTTPS | 0.3.0 | +| `gravitino.server.webserver.keyStoreType` | The type to the key store. | `JKS` | No | 0.3.0 | | `gravitino.server.webserver.managerPassword` | Manager password to the key store. | (none) | Yes if use HTTPS | 0.3.0 | -| `gravitino.server.webserver.tlsProtocol` | TLS protocol to use. The JVM must support the TLS protocol to use. | none | No | 0.3.0 | -| `gravitino.server.webserver.enableCipherAlgorithms` | The collection of enabled cipher algorithms. | `` | Yes if use HTTPS | 0.3.0 | -| `gravitino.server.webserver.enableClientAuth` | Enables the authentication of the client. | `false` | Yes if use HTTPS | 0.3.0 | -| `gravitino.server.webserver.trustStorePath` | Path to the trust store file. | none | Yes if use HTTPS | 0.3.0 | -| `gravitino.server.webserver.trustStorePassword` | Password to the trust store. | none | Yes if use HTTPS and the authentication of client | 0.3.0 | -| `gravitino.server.webserver.trustStoreType` | The type to the trust store. | `JKS` | Yes if use HTTPS and the authentication of client | 0.3.0 | +| `gravitino.server.webserver.tlsProtocol` | TLS protocol to use. The JVM must support the TLS protocol to use. | (none) | No | 0.3.0 | +| `gravitino.server.webserver.enableCipherAlgorithms` | The collection of enabled cipher algorithms. | `` | No | 0.3.0 | +| `gravitino.server.webserver.enableClientAuth` | Enables the authentication of the client. | `false` | No | 0.3.0 | +| `gravitino.server.webserver.trustStorePath` | Path to the trust store file. | (none) | Yes if use HTTPS and the authentication of client | 0.3.0 | +| `gravitino.server.webserver.trustStorePassword` | Password to the trust store. | (none) | Yes if use HTTPS and the authentication of client | 0.3.0 | +| `gravitino.server.webserver.trustStoreType` | The type to the trust store. | `JKS` | No | 0.3.0 | ### Iceberg REST service's configuration | Configuration item | Description | Default value | Required | Since version | |------------------------------------------------------------|--------------------------------------------------------------------|---------------|---------------------------------------------------|---------------| -| `gravitino.auxService.iceberg-rest.enableHttps` | Enables HTTPS. | `false` | Yes | 0.3.0 | -| `gravitino.auxService.iceberg-rest.httpsPort` | The HTTPS port number of the Jetty web server. | `8433` | Yes if use HTTPS | 0.3.0 | +| `gravitino.auxService.iceberg-rest.enableHttps` | Enables HTTPS. | `false` | No | 0.3.0 | +| `gravitino.auxService.iceberg-rest.httpsPort` | The HTTPS port number of the Jetty web server. | `8433` | No | 0.3.0 | | `gravitino.auxService.iceberg-rest.keyStorePath` | Path to the key store file. | (none) | Yes if use HTTPS | 0.3.0 | | `gravitino.auxService.iceberg-rest.keyStorePassword` | Password to the key store. | (none) | Yes if use HTTPS | 0.3.0 | -| `gravitino.auxService.iceberg-rest.keyStoreType` | The type to the key store. | `JKS` | Yes if use HTTPS | 0.3.0 | +| `gravitino.auxService.iceberg-rest.keyStoreType` | The type to the key store. | `JKS` | No | 0.3.0 | | `gravitino.auxService.iceberg-rest.managerPassword` | Manager password to the key store. | (none) | Yes if use HTTPS | 0.3.0 | -| `gravitino.auxService.iceberg-rest.tlsProtocol` | TLS protocol to use. The JVM must support the TLS protocol to use. | (none) | Yes if use HTTPS | 0.3.0 | +| `gravitino.auxService.iceberg-rest.tlsProtocol` | TLS protocol to use. The JVM must support the TLS protocol to use. | (none) | No | 0.3.0 | | `gravitino.auxService.iceberg-rest.enableCipherAlgorithms` | The collection of enabled cipher algorithms. | `` | No | 0.3.0 | -| `gravitino.auxService.iceberg-rest.enableClientAuth` | Enables the authentication of the client. | `false` | Yes if use HTTPS | 0.3.0 | +| `gravitino.auxService.iceberg-rest.enableClientAuth` | Enables the authentication of the client. | `false` | No | 0.3.0 | | `gravitino.auxService.iceberg-rest.trustStorePath` | Path to the trust store file. | (none) | Yes if use HTTPS and the authentication of client | 0.3.0 | | `gravitino.auxService.iceberg-rest.trustStorePassword` | Password to the trust store. | (none) | Yes if use HTTPS and the authentication of client | 0.3.0 | -| `gravitino.auxService.iceberg-rest.trustStoreType` | The type to the trust store. | `JKS` | Yes if use HTTPS and the authentication of client | 0.3.0 | +| `gravitino.auxService.iceberg-rest.trustStoreType` | The type to the trust store. | `JKS` | No | 0.3.0 | Refer to the "Additional JSSE Standard Names" section of the [Java security guide](https://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#jssenames) for the list of protocols related to tlsProtocol. You can find the list of `tlsProtocol` values for Java 8 in this document.