Google Git
Sign in
apache / incubator-retired-gearpump-site / c330442c4020cb6b95d7016dd14a1fef9be8ca72 / . / content / releases / latest / deployment-ui-authentication.html
blob: baa8183454eb9676d5bad1f5c06dfa4cedd8994e [file] [log] [blame]
<!DOCTYPE html>
<!--[if lt IE 7]>
<html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<!--[if IE 7]>
<html class="no-js lt-ie9 lt-ie8"> <![endif]-->
<!--[if IE 8]>
<html class="no-js lt-ie9"> <![endif]-->
<!--[if gt IE 8]><!-->
<html class="no-js"> <!--<![endif]-->
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"/>
<title>UI Dashboard Authentication and Authorization - Gearpump 0.8.1 Documentation</title>
<link rel="stylesheet" href="css/bootstrap-3.3.5.min.css">
<style>
body {
padding-top: 60px;
padding-bottom: 40px;
}
</style>
<link rel="stylesheet" href="css/main.css">
<link rel="stylesheet" href="css/pygments-default.css">
<script src="js/vendor/modernizr-2.6.1-respond-1.1.0.min.js"></script>
</head>
<body>
<!--[if lt IE 7]>
<p class="chromeframe">You are using an outdated browser. <a href="http://browsehappy.com/">Upgrade
your browser today</a> or <a href="http://www.google.com/chromeframe/?redirect=true">install
Google Chrome Frame</a> to better experience this site.</p>
<![endif]-->
<div class="navbar navbar-inverse navbar-fixed-top" id="topbar">
<div class="container">
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse"
data-target="#navbar" aria-expanded="false" aria-controls="navbar">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="http://gearpump.apache.org">Gearpump
<span class="label label-primary" style="font-size: .6em">0.8.1</span>
</a>
</div>
<div id="navbar" class="collapse navbar-collapse">
<ul class="nav navbar-nav">
<li><a href="index.html">Overview</a></li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Introduction<b
class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="submit-your-1st-application.html">Submit Your 1st Application</a></li>
<li><a href="commandline.html">Client Command Line</a></li>
<li class="divider"></li>
<li><a href="basic-concepts.html">Basic Concepts</a></li>
<li><a href="features.html">Technical Highlights</a></li>
<li><a href="message-delivery.html">Reliable Message Delivery</a></li>
<li><a href="performance-report.html">Performance</a></li>
<li><a href="gearpump-internals.html">Gearpump Internals</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Deploying<b class="caret"></b></a>
<ul class="dropdown-menu">
<li class="dropdown-header">Deployment</li>
<li><a href="deployment-local.html">Local Mode</a>
<li>
<li><a href="deployment-standalone.html">Standalone Mode</a></li>
<li><a href="deployment-yarn.html">YARN Mode</a></li>
<li><a href="deployment-docker.html">Docker Mode</a>
<li>
<li class="divider"></li>
<li><a href="deployment-ui-authentication.html">UI Authentication</a></li>
<li><a href="deployment-ha.html">High Availability</a></li>
<li><a href="deployment-msg-delivery.html">Reliable Message Delivery</a></li>
<li><a href="deployment-configuration.html">Configuration</a></li>
<li><a href="deployment-resource-isolation.html">Resource Isolation</a></li>
<li class="divider"></li>
<li><a href="deployment-security.html">YARN Security Guide</a></li>
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">Programming Guide<b
class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="dev-write-1st-app.html">Write Your 1st App</a></li>
<li><a href="dev-custom-serializer.html">Customized Message Passing</a></li>
<li class="divider"></li>
<li><a href="api/scala/index.html">Scala API</a></li>
<li><a href="api/java/index.html">Java API</a></li>
<li><a href="dev-rest-api.html">RESTful API</a></li>
<li class="divider"></li>
<li><a href="dev-connectors.html">Gearpump Connectors</a></li>
<li class="divider"></li>
<li><a href="dev-storm.html">Storm Compatibility</a></li>
<!--
<li><a href="dev-samoa.html">Samoa Compatibility</a></li>
<li class="divider"></li>
<li><a href="dev-iot.html">Gearpump with IoT</a></li>
-->
</ul>
</li>
<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown">More<b class="caret"></b></a>
<ul class="dropdown-menu">
<li><a href="faq.html">FAQ</a></li>
</ul>
</li>
</ul>
</div>
</div>
</div>
<div class="container" id="content">
<h1 class="title">UI Dashboard Authentication and Authorization</h1>
<h2 id="what-is-this-about">What is this about?</h2>
<h2 id="how-to-enable-ui-authentication">How to enable UI authentication?</h2>
<ol>
<li>
<p>Change config file gear.conf, find entry <code>gearpump-ui.gearpump.ui-security.authentication-enabled</code>, change the value to true</p>
<div class="highlight"><pre><code>gearpump-ui.gearpump.ui-security.authentication-enabled = true
</code></pre></div>
<p>Restart the UI dashboard, and then the UI authentication is enabled. It will prompt for user name and password.</p>
</li>
</ol>
<h2 id="how-many-authentication-methods-gearpump-ui-server-support">How many authentication methods Gearpump UI server support?</h2>
<p>Currently, It supports:</p>
<ol>
<li>Username-Password based authentication and</li>
<li>OAuth2 based authentication.</li>
</ol>
<p>User-Password based authentication is enabled when <code>gearpump-ui.gearpump.ui-security.authentication-enabled</code>,
and <strong>CANNOT</strong> be disabled.</p>
<p>UI server admin can also choose to enable <strong>auxiliary</strong> OAuth2 authentication channel.</p>
<h2 id="user-password-based-authentication">User-Password based authentication</h2>
<p>User-Password based authentication covers all authentication scenarios which requires
user to enter an explicit username and password.</p>
<p>Gearpump provides a built-in ConfigFileBasedAuthenticator which verify user name and password
against password hashcode stored in config files.</p>
<p>However, developer can choose to extends the <code>org.apache.gearpump.security.Authenticator</code> to provide a custom
User-Password based authenticator, to support LDAP, Kerberos, and Database-based authentication&#8230;</p>
<h3 id="configfilebasedauthenticator-built-in-user-password-authenticator">ConfigFileBasedAuthenticator: built-in User-Password Authenticator</h3>
<p>ConfigFileBasedAuthenticator store all user name and password hashcode in configuration file gear.conf. Here
is the steps to configure ConfigFileBasedAuthenticator.</p>
<h4 id="how-to-add-or-remove-user">How to add or remove user?</h4>
<p>For the default authentication plugin, it has three categories of users: admins, users, and guests.</p>
<ul>
<li>admins: have unlimited permission, like shutdown a cluster, add/remove machines.</li>
<li>users: have limited permission to submit an application and etc..</li>
<li>guests: can not submit/kill applications, but can view the application status.</li>
</ul>
<p>System administrator can add or remove user by updating config file <code>conf/gear.conf</code>.</p>
<p>Suppose we want to add user jerry as an administrator, here are the steps:</p>
<ol>
<li>
<p>Pick a password, and generate the digest for this password. Suppose we use password <code>ilovegearpump</code>,
to generate the digest:</p>
<div class="highlight"><pre><code>bin/gear org.apache.gearpump.security.PasswordUtil -password ilovegearpump
</code></pre></div>
<p>It will generate a digest value like this:</p>
<div class="highlight"><pre><code>CgGxGOxlU8ggNdOXejCeLxy+isrCv0TrS37HwA==
</code></pre></div>
</li>
<li>
<p>Change config file conf/gear.conf at path <code>gearpump-ui.gearpump.ui-security.config-file-based-authenticator.admins</code>,
add user <code>jerry</code> in this list:</p>
<div class="highlight"><pre><code>admins = {
## Default Admin. Username: admin, password: admin
## !!! Please replace this builtin account for production cluster for security reason. !!!
"admin" = "AeGxGOxlU8QENdOXejCeLxy+isrCv0TrS37HwA=="
"jerry" = "CgGxGOxlU8ggNdOXejCeLxy+isrCv0TrS37HwA=="
}
</code></pre></div>
</li>
<li>
<p>Restart the UI dashboard by <code>bin/services</code> to make the change effective.</p>
</li>
<li>
<p>Group &#8220;admins&#8221; have very unlimited permission, you may want to restrict the permission. In that case
you can modify <code>gearpump-ui.gearpump.ui-security.config-file-based-authenticator.users</code> or
<code>gearpump-ui.gearpump.ui-security.config-file-based-authenticator.guests</code>.</p>
</li>
<li>
<p>See description at <code>conf/gear.conf</code> to find more information.</p>
</li>
</ol>
<h4 id="what-is-the-default-user-and-password">What is the default user and password?</h4>
<p>For ConfigFileBasedAuthenticator, Gearpump distribution is shipped with two default users:</p>
<ol>
<li>username: admin, password: admin</li>
<li>username: guest, password: guest</li>
</ol>
<p>User <code>admin</code> has unlimited permissions, while <code>guest</code> can only view the application status.</p>
<p>For security reason, you need to remove the default users <code>admin</code> and <code>guest</code> for cluster in production.</p>
<h4 id="is-this-secure">Is this secure?</h4>
<p>Firstly, we will NOT store any user password in any way so only the user himself knows the password.
We will use one-way hash digest to verify the user input password.</p>
<h3 id="how-to-develop-a-custom-user-password-authenticator-for-ldap-database-and-etc">How to develop a custom User-Password Authenticator for LDAP, Database, and etc..</h3>
<p>If developer choose to define his/her own User-Password based authenticator, it is required that user
modify configuration option:</p>
<div class="highlight"><pre><code>## Replace "org.apache.gearpump.security.CustomAuthenticator" with your real authenticator class.
gearpump.ui-security.authenticator = "org.apache.gearpump.security.CustomAuthenticator"
</code></pre></div>
<p>Make sure CustomAuthenticator extends interface:
```scala
trait Authenticator {</p>
<p>def authenticate(user: String, password: String, ec: ExecutionContext): Future[AuthenticationResult]
}
```</p>
<h2 id="oauth2-based-authentication">OAuth2 based authentication</h2>
<p>OAuth2 based authentication is commonly use to achieve social login with social network account.</p>
<p>Gearpump provides generic OAuth2 Authentication support which allow user to extend to support new authentication sources.</p>
<p>Basically, OAuth2 based Authentication contains these steps:
1. User accesses Gearpump UI website, and choose to login with OAuth2 server.
2. Gearpump UI website redirects user to OAuth2 server domain authorization endpoint.
3. End user complete the authorization in the domain of OAuth2 server.
4. OAuth2 server redirects user back to Gearpump UI server.
5. Gearpump UI server verify the tokens and extract credentials from query
parameters and form fields.</p>
<h3 id="terminologies">Terminologies</h3>
<p>For terms like client Id, and client secret, please refers to guide <a href="https://tools.ietf.org/html/rfc6749">RFC 6749</a></p>
<h3 id="enable-web-proxy-for-ui-server">Enable web proxy for UI server</h3>
<p>To enable OAuth2 authentication, the Gearpump UI server should have network access to OAuth2 server, as
some requests are initiated directly inside Gearpump UI server. So, if you are behind a firewall, make
sure you have configured the proxy properly for UI server.</p>
<h4 id="if-you-are-on-windows">If you are on Windows</h4>
<div class="highlight"><pre><code class="language-bash"> &gt; <span class="nb">set </span><span class="nv">JAVA_OPTS</span><span class="o">=</span>-Dhttp.proxyHost<span class="o">=</span>xx.com -Dhttp.proxyPort<span class="o">=</span><span class="m">8088</span> -Dhttps.proxyHost<span class="o">=</span>xx.com -Dhttps.proxyPort<span class="o">=</span>8088
&gt; bin<span class="se">\s</span>ervices</code></pre></div>
<h4 id="if-you-are-on-linux">If you are on Linux</h4>
<div class="highlight"><pre><code class="language-bash"> <span class="nv">$ </span><span class="nb">export </span><span class="nv">JAVA_OPTS</span><span class="o">=</span><span class="s2">&quot;-Dhttp.proxyHost=xx.com -Dhttp.proxyPort=8088 -Dhttps.proxyHost=xx.com -Dhttps.proxyPort=8088&quot;</span>
<span class="nv">$ </span>bin/services</code></pre></div>
<h3 id="google-plus-oauth2-authenticator">Google Plus OAuth2 Authenticator</h3>
<p>Google Plus OAuth2 Authenticator does authentication with Google OAuth2 service. It extracts the email address
from Google user profile as credentials.</p>
<p>To use Google OAuth2 Authenticator, there are several steps:</p>
<ol>
<li>Register your application (Gearpump UI server here) as an application to Google developer console.</li>
<li>Configure the Google OAuth2 information in gear.conf</li>
<li>Configure network proxy for Gearpump UI server if applies.</li>
</ol>
<h4 id="step1-register-your-website-as-an-oauth2-application-on-google">Step1: Register your website as an OAuth2 Application on Google</h4>
<ol>
<li>Create an application representing your website at <a href="https://console.developers.google.com">https://console.developers.google.com</a></li>
<li>In &#8220;API Manager&#8221; of your created application, enable API &#8220;Google+ API&#8221;</li>
<li>Create OAuth client ID for this application. In &#8220;Credentials&#8221; tab of &#8220;API Manager&#8221;,
choose &#8220;Create credentials&#8221;, and then select OAuth client ID. Follow the wizard
to set callback URL, and generate client ID, and client Secret.</li>
</ol>
<p><strong>NOTE:</strong> Callback URL is NOT optional.</p>
<h4 id="step2-configure-the-oauth2-information-in-gearconf">Step2: Configure the OAuth2 information in gear.conf</h4>
<ol>
<li>Enable OAuth2 authentication by setting <code>gearpump.ui-security.oauth2-authenticator-enabled</code>
as true.</li>
<li>Configure section <code>gearpump.ui-security.oauth2-authenticators.google</code> in gear.conf. Please make sure
class name, client ID, client Secret, and callback URL are set properly.</li>
</ol>
<p><strong>NOTE:</strong> Callback URL set here should match what is configured on Google in step1.</p>
<h4 id="step3-configure-the-network-proxy-if-applies">Step3: Configure the network proxy if applies.</h4>
<p>To enable OAuth2 authentication, the Gearpump UI server should have network access to Google service, as
some requests are initiated directly inside Gearpump UI server. So, if you are behind a firewall, make
sure you have configured the proxy properly for UI server.</p>
<p>For guide of how to configure web proxy for UI server, please refer to section &#8220;Enable web proxy for UI server&#8221; above.</p>
<h4 id="step4-restart-the-ui-server-and-try-to-click-the-google-login-icon-on-ui-server">Step4: Restart the UI server and try to click the Google login icon on UI server.</h4>
<h3 id="cloudfoundry-uaa-server-oauth2-authenticator">CloudFoundry UAA server OAuth2 Authenticator</h3>
<p>CloudFoundryUaaAuthenticator does authentication by using CloudFoundry UAA OAuth2 service. It extracts the email address
from Google user profile as credentials.</p>
<p>For what is UAA (User Account and Authentication Service), please see guide: <a href="https://github.com/cloudfoundry/uaa">UAA</a></p>
<p>To use Google OAuth2 Authenticator, there are several steps:</p>
<ol>
<li>Register your application (Gearpump UI server here) as an application to UAA with helper tool <code>uaac</code>.</li>
<li>Configure the Google OAuth2 information in gear.conf</li>
<li>Configure network proxy for Gearpump UI server if applies.</li>
</ol>
<h4 id="step1-register-your-application-to-uaa-with-uaac">Step1: Register your application to UAA with <code>uaac</code></h4>
<ol>
<li>Check tutorial on uaac at <a href="https://docs.cloudfoundry.org/adminguide/uaa-user-management.html">https://docs.cloudfoundry.org/adminguide/uaa-user-management.html</a></li>
<li>Open a bash shell, set the UAA server by command <code>uaac target</code>
<code>
uaac target [your uaa server url]
</code></li>
<li>
<p>Login in as user admin by</p>
<div class="highlight"><pre><code> uaac token client get admin -s MyAdminPassword
</code></pre></div>
</li>
<li>Create a new Application (Client) in UAA,
<code>
uaac client add [your_client_id]
--scope "openid cloud_controller.read"
--authorized_grant_types "authorization_code client_credentials refresh_token"
--authorities "openid cloud_controller.read"
--redirect_uri [your_redirect_url]
--autoapprove true
--secret [your_client_secret]
</code></li>
</ol>
<h4 id="step2-configure-the-oauth2-information-in-gearconf-1">Step2: Configure the OAuth2 information in gear.conf</h4>
<ol>
<li>Enable OAuth2 authentication by setting <code>gearpump.ui-security.oauth2-authenticator-enabled</code> as true.</li>
<li>Navigate to section <code>gearpump.ui-security.oauth2-authenticators.cloudfoundryuaa</code></li>
<li>Config gear.conf <code>gearpump.ui-security.oauth2-authenticators.cloudfoundryuaa</code> section.
Please make sure class name, client ID, client Secret, and callback URL are set properly.</li>
</ol>
<p><strong>NOTE:</strong> The callback URL here should match what you set on CloudFoundry UAA in step1.</p>
<h4 id="step3-configure-network-proxy-for-gearpump-ui-server-if-applies">Step3: Configure network proxy for Gearpump UI server if applies</h4>
<p>To enable OAuth2 authentication, the Gearpump UI server should have network access to Google service, as
some requests are initiated directly inside Gearpump UI server. So, if you are behind a firewall, make
sure you have configured the proxy properly for UI server.</p>
<p>For guide of how to configure web proxy for UI server, please refer to please refer to section &#8220;Enable web proxy for UI server&#8221; above.</p>
<h4 id="step4-restart-the-ui-server-and-try-to-click-the-cloudfoundry-login-icon-on-ui-server">Step4: Restart the UI server and try to click the CloudFoundry login icon on UI server.</h4>
<h4 id="step5-you-can-also-enable-additional-authenticator-for-cloudfoundry-uaa-by-setting-config">Step5: You can also enable additional authenticator for CloudFoundry UAA by setting config:</h4>
<div class="highlight"><pre><code>additional-authenticator-enabled = true
</code></pre></div>
<p>Please see description in gear.conf for more information.</p>
<h4 id="extends-oauth2authenticator-to-support-new-authorization-service-like-facebook-or-twitter">Extends OAuth2Authenticator to support new Authorization service like Facebook, or Twitter.</h4>
<p>You can follow the Google OAuth2 example code to define a custom OAuth2Authenticator. Basically, the steps includes:</p>
<ol>
<li>
<p>Define an OAuth2Authenticator implementation.</p>
<div class="highlight"><pre><code class="language-scala"><span class="cm">/**</span>
<span class="cm"> *</span>
<span class="cm"> * Uses OAuth2 social-login as the mechanism for authentication.</span>
<span class="cm"> * @see [[https://tools.ietf.org/html/rfc6749]] to find what is OAuth2, and how it works.</span>
<span class="cm"> *</span>
<span class="cm"> * Basically flow for OAuth2 Authentication:</span>
<span class="cm"> * 1. User accesses Gearpump UI website, and choose to login with OAuth2 server.</span>
<span class="cm"> * 2. Gearpump UI website redirects user to OAuth2 server domain authorization endpoint.</span>
<span class="cm"> * 3. End user complete the authorization in the domain of OAuth2 server.</span>
<span class="cm"> * 4. OAuth2 server redirects user back to Gearpump UI server.</span>
<span class="cm"> * 5. Gearpump UI server verify the tokens and extract credentials from query</span>
<span class="cm"> * parameters and form fields.</span>
<span class="cm"> *</span>
<span class="cm"> * @note &#39;&#39;&#39;Thread-safety&#39;&#39;&#39; is a MUST requirement. Developer need to ensure the sub-class is thread-safe.</span>
<span class="cm"> * Sub-class should have a parameter-less constructor.</span>
<span class="cm"> *</span>
<span class="cm"> * @note OAuth2 Authenticator requires access of Internet. Please make sure HTTP proxy are</span>
<span class="cm"> * set properly if applied.</span>
<span class="cm"> *</span>
<span class="cm"> * @example Config proxy when UI server is started on Windows:</span>
<span class="cm"> * }</span>
<span class="cm"> *</span>
<span class="cm"> * @example Config proxy when UI server is started on Linux:</span>
<span class="cm"> * }</span>
<span class="cm"> *</span>
<span class="cm"> */</span>
<span class="k">trait</span> <span class="nc">OAuth2Authenticator</span> <span class="o">{</span>
<span class="cm">/**</span>
<span class="cm"> * Inits authenticator with config which contains client ID, client secret, and etc..</span>
<span class="cm"> *</span>
<span class="cm"> * Typically, the client key and client secret is provided by OAuth2 Authorization server when user</span>
<span class="cm"> * register an application there.</span>
<span class="cm"> * @see [[https://tools.ietf.org/html/rfc6749]] for definition of client, client Id,</span>
<span class="cm"> * and client secret.</span>
<span class="cm"> *</span>
<span class="cm"> * See [[https://developer.github.com/v3/oauth/]] for an actual example of how Github</span>
<span class="cm"> * use client key, and client secret.</span>
<span class="cm"> *</span>
<span class="cm"> * @note &#39;&#39;&#39;Thread-Safety&#39;&#39;&#39;: Framework ensures this call is synchronized.</span>
<span class="cm"> *</span>
<span class="cm"> * @param config Client Id, client secret, callback URL and etc..</span>
<span class="cm"> */</span>
<span class="k">def</span> <span class="n">init</span><span class="o">(</span><span class="n">config</span><span class="k">:</span> <span class="kt">Config</span><span class="o">)</span><span class="k">:</span> <span class="kt">Unit</span>
<span class="cm">/**</span>
<span class="cm"> * Returns the OAuth Authorization URL so for redirection to that address to do OAuth2</span>
<span class="cm"> * authorization.</span>
<span class="cm"> *</span>
<span class="cm"> * @note &#39;&#39;&#39;Thread-Safety&#39;&#39;&#39;: This can be called in a multi-thread environment. Developer</span>
<span class="cm"> * need to ensure thread safety.</span>
<span class="cm"> */</span>
<span class="k">def</span> <span class="n">getAuthorizationUrl</span><span class="k">:</span> <span class="kt">String</span>
<span class="cm">/**</span>
<span class="cm"> * After authorization, OAuth2 server redirects user back with tokens. This verify the</span>
<span class="cm"> * tokens, retrieve the profiles, and return [[UserSession]] information.</span>
<span class="cm"> *</span>
<span class="cm"> * @note This is an Async call.</span>
<span class="cm"> * @note This call requires external internet access.</span>
<span class="cm"> * @note &#39;&#39;&#39;Thread-Safety&#39;&#39;&#39;: This can be called in a multi-thread environment. Developer</span>
<span class="cm"> * need to ensure thread safety.</span>
<span class="cm"> *</span>
<span class="cm"> * @param parameters HTTP Query and Post parameters, which typically contains Authorization code.</span>
<span class="cm"> * @return UserSession if pass authentication.</span>
<span class="cm"> */</span>
<span class="k">def</span> <span class="n">authenticate</span><span class="o">(</span><span class="n">parameters</span><span class="k">:</span> <span class="kt">Map</span><span class="o">[</span><span class="kt">String</span>, <span class="kt">String</span><span class="o">])</span><span class="k">:</span> <span class="kt">Future</span><span class="o">[</span><span class="kt">UserSession</span><span class="o">]</span>
<span class="cm">/**</span>
<span class="cm"> * Clean resource</span>
<span class="cm"> */</span>
<span class="k">def</span> <span class="n">close</span><span class="o">()</span><span class="k">:</span> <span class="kt">Unit</span>
<span class="o">}</span></code></pre></div>
</li>
<li>
<p>Add an configuration entry under <code>gearpump.ui-security.oauth2-authenticators</code>. For example:</p>
<div class="highlight"><pre><code> ## name of this authenticator
"socialnetworkx" {
"class" = "org.apache.gearpump.services.security.oauth2.impl.SocialNetworkXAuthenticator"
## Please make sure this URL matches the name
"callback" = "http://127.0.0.1:8090/login/oauth2/socialnetworkx/callback"
"clientId" = "gearpump_test2"
"clientSecret" = "gearpump_test2"
"defaultUserRole" = "guest"
## Make sure socialnetworkx.png exists under dashboard/icons
icon = "/icons/socialnetworkx.png"
}
</code></pre></div>
<p>The configuration entry is supposed to be used by class <code>SocialNetworkXAuthenticator</code>.</p>
</li>
</ol>
</div>
<!-- /container -->
<script src="js/vendor/jquery-2.1.4.min.js"></script>
<script src="js/vendor/bootstrap-3.3.5.min.js"></script>
<script src="js/vendor/anchor-1.1.1.min.js"></script>
<script src="js/main.js"></script>
<!-- MathJax Section -->
<script type="text/x-mathjax-config">
MathJax.Hub.Config({
TeX: { equationNumbers: { autoNumber: "AMS" } }
});
</script>
<script>
// Note that we load MathJax this way to work with local file (file://), HTTP and HTTPS.
// We could use "//cdn.mathjax...", but that won't support "file://".
(function (d, script) {
script = d.createElement('script');
script.type = 'text/javascript';
script.async = true;
script.onload = function () {
MathJax.Hub.Config({
tex2jax: {
inlineMath: [["$", "$"], ["\\\\(", "\\\\)"]],
displayMath: [["$$", "$$"], ["\\[", "\\]"]],
processEscapes: true,
skipTags: ['script', 'noscript', 'style', 'textarea', 'pre']
}
});
};
script.src = ('https:' == document.location.protocol ? 'https://' : 'http://') +
'cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS-MML_HTMLorMML';
d.getElementsByTagName('head')[0].appendChild(script);
}(document));
</script>
</body>
</html>