Move table of authenticators to Advanced Development

frankframework · Oct 21, 2024 · 0ed9792 · 0ed9792
1 parent 6221deb
commit 0ed9792
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 20 deletions.
diff --git a/docs/source/advancedDevelopment/authorization/authorizationMethodsAndRoles.rst b/docs/source/advancedDevelopment/authorization/authorizationMethodsAndRoles.rst
@@ -33,4 +33,42 @@ The overview of which roles exist is not only relevant for Frank developers, but
 
 .. NOTE::
 
-   With the ``IN_MEMORY`` authentication mechanism, no role list can be supplied. When a user authenticates by this mechanism, he is given every role and he can therefore access every feature of the configured interface.
+   With the ``IN_MEMORY`` authentication mechanism, no role list can be supplied. When a user authenticates by this mechanism, he is given every role and he can therefore access every feature of the configured interface.
+
+The following table shows all the available authorization mechanism and the properties that exist for each authorization mechanism:
+
+.. list-table:: Authorization mechanisms & properties
+   :widths: 20 20 60
+   :header-rows: 1
+
+   * - Description
+     - ``type``
+     - Property suffixes\*
+   * - No access
+     - ``NONE``\*\*
+     - --
+   * - In memory
+     - ``IN_MEMORY``
+     - ``username``, ``password``
+   * - Yaml
+     - ``YAML`` or ``YML``
+     - --
+   * - ActiveDirectory
+     - ``AD``
+     - ``domainName``, ``url``, ``baseDn``, ``followReferrals``, ``searchFilter``, ``roleMappingFile``
+   * - OAuth2
+     - ``OAUTH2``
+     - ``scopes``, ``authorizationUri``, ``tokenUri``, ``jwkSetUri``, ``issuerUri``, ``userInfoUri``, ``userNameAttributeName``, ``clientId``, ``clientSecret``, ``provider``, ``roleMappingFile``
+   * - Jee\*\*\*
+     - ``CONTAINER``
+     - --
+
+\* = to get the real property name, prepend by:
+
+  * ``application.security.console.authentication.`` to protect the Frank!Console,
+  * ``application.security.testtool.authentication.`` to protect Ladybug, or
+  * ``application.security.http.authenticators.<authenticator name>`` to protect an HTTP interface.
+
+\*\* = This is the default. Access is denied by default unless ``dtap.stage=LOC``.
+
+\*\*\* = Type Jee, ``CONTAINER``, is deprecated. It means that authorization is handled by the application server.
diff --git a/docs/source/deploying/security.rst b/docs/source/deploying/security.rst
@@ -66,25 +66,6 @@ The last line is the assigment of the authentication system. ::
 
 Here we say that the ApiListener servlet should be protected by the authentication system that we defined before. Without this line, the API endpoints remains unprotected. 
 
-The "NONE" type is the default for authenticators and simply indicates an absence of an authenticator. Functionally it does nothing. 
-Below is a table containing all authenticator types and their properties.
-
-.. list-table:: Authenticators & Properties
-   :widths: 30 70
-   :header-rows: 1
-
-   * - Type
-     - Properties
-   * - Jee
-     - Application Server defined settings
-   * - ActiveDirectory
-     - domainName, url, baseDn, followReferrals, searchFilter, roleMappingFile
-   * - InMemory
-     - username, password
-   * - OAuth2
-     - scopes, authorizationUri, tokenUri, jwkSetUri, issuerUri, userInfoUri, userNameAttributeName, clientId, clientSecret, provider, roleMappingFile
-
-
 JEE Provided Authentication (Deprecated since v8.0.0)
 -----------------------------------------------------