Added examples for creds and nkey (java only so far)

2025-01-18 04:03:23 -08:00 · 2019-05-16 15:07:04 -07:00 · 2019-05-16 15:07:04 -07:00 · 615ef54fd1
commit 615ef54fd1
parent 312697bfa4
5 changed files with 83 additions and 0 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -75,6 +75,8 @@
 * [Securing Connections](developer/security/intro.md)
  * [Authenticating with a User and Password](developer/security/userpass.md)
  * [Authenticating with a Token](developer/security/token.md)
+  * [Authenticating with an NKey](developer/security/nkey.md)
+  * [Authenticating with a Credentials File](developer/security/creds.md)
  * [Encrypting Connections with TLS](developer/security/tls.md)

 * [Receiving Messages](developer/receiving/intro.md)
--- a/_examples/connect_creds.html
+++ b/_examples/connect_creds.html
@ -0,0 +1,24 @@
+
+<div class="tab-wrap">
+  	
+	
+	<input type="radio" id="connect_creds_java" name="connect_creds" class="tab" checked>
+	
+	<label for="connect_creds_java" class="api-lang" data-language="java">Java</label>
+	
+
+  	
+	<div class="tab__content">
+	<pre id="connect_creds_java_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/java-nats-examples/blob/master/src/main/java/io/nats/examples/ConnectCreds.java#L11-21"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-java">Options options = new Options.Builder().
+            server(&#34;nats://localhost:4222&#34;).
+            authHandler(Nats.credentials(&#34;path_to_creds_file&#34;)).
+            build();
+Connection nc = Nats.connect(options);
+
+// Do something with the connection
+
+nc.close();
+</code></pre>
+	</div>
+	
+</div>
--- a/_examples/connect_nkey.html
+++ b/_examples/connect_nkey.html
@ -0,0 +1,45 @@
+
+<div class="tab-wrap">
+  	
+	
+	<input type="radio" id="connect_nkey_java" name="connect_nkey" class="tab" checked>
+	
+	<label for="connect_nkey_java" class="api-lang" data-language="java">Java</label>
+	
+
+  	
+	<div class="tab__content">
+	<pre id="connect_nkey_java_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/java-nats-examples/blob/master/src/main/java/io/nats/examples/ConnectNKey.java#L16-47"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-java">NKey theNKey = NKey.createUser(null); // really should load from somewhere
+Options options = new Options.Builder().
+            server(&#34;nats://localhost:4222&#34;).
+            authHandler(new AuthHandler(){
+                public char[] getID() {
+                    try {
+                        return theNKey.getPublicKey();
+                    } catch (GeneralSecurityException|IOException|NullPointerException ex) {
+                        return null;
+                    }
+                }
+
+                public byte[] sign(byte[] nonce) {
+                    try {
+                        return theNKey.sign(nonce);
+                    } catch (GeneralSecurityException|IOException|NullPointerException ex) {
+                        return null;
+                    }
+                }
+
+                public char[] getJWT() {
+                    return null;
+                }
+            }).
+            build();
+Connection nc = Nats.connect(options);
+
+// Do something with the connection
+
+nc.close();
+</code></pre>
+	</div>
+	
+</div>
--- a/developer/security/creds.md
+++ b/developer/security/creds.md
@ -0,0 +1,5 @@
+# Authenticating with an NKey
+
+The 2.0 version of NATS server introduced the idea of JWT-based authentication. Clients interact with this new scheme using a user JWT and the private key from an NKey pair. To help make connecting with a JWT easier, the client libraries support the concept of a credentials file. This file contains both the private key and the JWT and can be generated with the `nsc` tool. Given a creds file, a client can authenticate as a specific user belonging to a specific account:
+
+!INCLUDE "../../_examples/connect_creds.html"
--- a/developer/security/nkey.md
+++ b/developer/security/nkey.md
@ -0,0 +1,7 @@
+# Authenticating with an NKey
+
+The 2.0 version of NATS server introduces a new challenge response authentication option. This challenge response is based on a wrapper we call NKeys which uses ED25519 signing. The server can use these keys in several ways for authentication. The simplest is for the server to be configured with a list of known public keys and for the clients to respond to the challenge by signing it with its private key. This challenge-response insures security by insuring that the client has the private key, but also protects the private key from the server which never has to actually see it.
+
+Handling challenge response may require more than just a setting in the connection options, depending on the client library.
+
+!INCLUDE "../../_examples/connect_nkey.html"