| <!DOCTYPE html> |
| <!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]--> |
| <!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]--> |
| <head> |
| <meta charset="utf-8"> |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> |
| |
| <title>UI Authentication - Apache Gearpump(incubating)</title> |
| |
| |
| <link rel="shortcut icon" href="../../img/favicon.ico"> |
| |
| |
| <link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'> |
| |
| <link rel="stylesheet" href="../../css/theme.css" type="text/css" /> |
| <link rel="stylesheet" href="../../css/theme_extra.css" type="text/css" /> |
| <link rel="stylesheet" href="../../css/highlight.css"> |
| |
| |
| <script> |
| // Current page data |
| var mkdocs_page_name = "UI Authentication"; |
| </script> |
| |
| <script src="../../js/jquery-2.1.1.min.js"></script> |
| <script src="../../js/modernizr-2.8.3.min.js"></script> |
| <script type="text/javascript" src="../../js/highlight.pack.js"></script> |
| <script src="../../js/theme.js"></script> |
| |
| |
| </head> |
| |
| <body class="wy-body-for-nav" role="document"> |
| |
| <div class="wy-grid-for-nav"> |
| |
| |
| <nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav"> |
| <div class="wy-side-nav-search"> |
| <a href="../../index.html" class="icon icon-home"> Apache Gearpump(incubating)</a> |
| <div role="search"> |
| <form id ="rtd-search-form" class="wy-form" action="../../search.html" method="get"> |
| <input type="text" name="q" placeholder="Search docs" /> |
| </form> |
| </div> |
| </div> |
| |
| <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation"> |
| <ul class="current"> |
| |
| <li> |
| <li class="toctree-l1 "> |
| <a class="" href="../../index.html">Overview</a> |
| |
| </li> |
| <li> |
| |
| <li> |
| <ul class="subnav"> |
| <li><span>Introduction</span></li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../introduction/submit-your-1st-application/index.html">Submit Your 1st Application</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../introduction/commandline/index.html">Client Command Line</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../introduction/basic-concepts/index.html">Basic Concepts</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../introduction/features/index.html">Technical Highlights</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../introduction/message-delivery/index.html">Reliable Message Delivery</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../introduction/performance-report/index.html">Performance</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../introduction/gearpump-internals/index.html">Gearpump Internals</a> |
| |
| </li> |
| |
| |
| </ul> |
| <li> |
| |
| <li> |
| <ul class="subnav"> |
| <li><span>Deployment</span></li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-local/index.html">Local Mode</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-standalone/index.html">Standalone Mode</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-yarn/index.html">YARN Mode</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-docker/index.html">Docker Mode</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 current"> |
| <a class="current" href="index.html">UI Authentication</a> |
| |
| <ul> |
| |
| <li class="toctree-l3"><a href="#what-is-this-about">What is this about?</a></li> |
| |
| |
| <li class="toctree-l3"><a href="#how-to-enable-ui-authentication">How to enable UI authentication?</a></li> |
| |
| |
| <li class="toctree-l3"><a href="#how-many-authentication-methods-gearpump-ui-server-support">How many authentication methods Gearpump UI server support?</a></li> |
| |
| |
| <li class="toctree-l3"><a href="#user-password-based-authentication">User-Password based authentication</a></li> |
| |
| <li><a class="toctree-l4" href="#configfilebasedauthenticator-built-in-user-password-authenticator">ConfigFileBasedAuthenticator: built-in User-Password Authenticator</a></li> |
| |
| <li><a class="toctree-l4" href="#how-to-develop-a-custom-user-password-authenticator-for-ldap-database-and-etc">How to develop a custom User-Password Authenticator for LDAP, Database, and etc..</a></li> |
| |
| |
| <li class="toctree-l3"><a href="#oauth2-based-authentication">OAuth2 based authentication</a></li> |
| |
| <li><a class="toctree-l4" href="#terminologies">Terminologies</a></li> |
| |
| <li><a class="toctree-l4" href="#enable-web-proxy-for-ui-server">Enable web proxy for UI server</a></li> |
| |
| <li><a class="toctree-l4" href="#google-plus-oauth2-authenticator">Google Plus OAuth2 Authenticator</a></li> |
| |
| <li><a class="toctree-l4" href="#cloudfoundry-uaa-server-oauth2-authenticator">CloudFoundry UAA server OAuth2 Authenticator</a></li> |
| |
| |
| </ul> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-ha/index.html">High Availability</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-msg-delivery/index.html">Reliable Message Delivery</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-configuration/index.html">Configuration</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-resource-isolation/index.html">Resource Isolation</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../deployment-security/index.html">YARN Security Guide</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../get-gearpump-distribution/index.html">How to Get Your Gearpump Distribution</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../hardware-requirement/index.html">Hardware Requirement</a> |
| |
| </li> |
| |
| |
| </ul> |
| <li> |
| |
| <li> |
| <ul class="subnav"> |
| <li><span>Programming Guide</span></li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../dev/dev-write-1st-app/index.html">Write Your 1st App</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../dev/dev-custom-serializer/index.html">Customized Message Passing</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../dev/dev-connectors/index.html">Gearpump Connectors</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../dev/dev-storm/index.html">Storm Compatibility</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../dev/dev-ide-setup/index.html">IDE Setup</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../dev/dev-non-streaming-example/index.html">Non Streaming Examples</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../dev/dev-rest-api/index.html">REST API</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../api/scala/index.html">Scala API</a> |
| |
| </li> |
| |
| |
| |
| <li class="toctree-l1 "> |
| <a class="" href="../../api/java/index.html">Java API</a> |
| |
| </li> |
| |
| |
| </ul> |
| <li> |
| |
| </ul> |
| </div> |
| |
| </nav> |
| |
| <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap"> |
| |
| |
| <nav class="wy-nav-top" role="navigation" aria-label="top navigation"> |
| <i data-toggle="wy-nav-top" class="fa fa-bars"></i> |
| <a href="../../index.html">Apache Gearpump(incubating)</a> |
| </nav> |
| |
| |
| <div class="wy-nav-content"> |
| <div class="rst-content"> |
| <div role="navigation" aria-label="breadcrumbs navigation"> |
| <ul class="wy-breadcrumbs"> |
| <li><a href="../../index.html">Docs</a> »</li> |
| |
| |
| |
| <li>Deployment »</li> |
| |
| |
| |
| <li>UI Authentication</li> |
| <li class="wy-breadcrumbs-aside"> |
| |
| |
| <a href="https://github.com/apache/incubator-gearpump" class="icon icon-github"> Edit on GitHub</a> |
| |
| |
| </li> |
| </ul> |
| <hr/> |
| </div> |
| <div role="main"> |
| <div class="section"> |
| |
| <h2 id="what-is-this-about">What is this about?</h2> |
| <h2 id="how-to-enable-ui-authentication">How to enable UI authentication?</h2> |
| <ol> |
| <li> |
| <p>Change config file gear.conf, find entry <code>gearpump-ui.gearpump.ui-security.authentication-enabled</code>, change the value to true</p> |
| <pre class="codehilite"><code class="language-bash">gearpump-ui.gearpump.ui-security.authentication-enabled = true</code></pre> |
| |
| |
| <p>Restart the UI dashboard, and then the UI authentication is enabled. It will prompt for user name and password.</p> |
| </li> |
| </ol> |
| <h2 id="how-many-authentication-methods-gearpump-ui-server-support">How many authentication methods Gearpump UI server support?</h2> |
| <p>Currently, It supports:</p> |
| <ol> |
| <li>Username-Password based authentication and</li> |
| <li>OAuth2 based authentication.</li> |
| </ol> |
| <p>User-Password based authentication is enabled when <code>gearpump-ui.gearpump.ui-security.authentication-enabled</code>, |
| and <strong>CANNOT</strong> be disabled.</p> |
| <p>UI server admin can also choose to enable <strong>auxiliary</strong> OAuth2 authentication channel.</p> |
| <h2 id="user-password-based-authentication">User-Password based authentication</h2> |
| <p>User-Password based authentication covers all authentication scenarios which requires |
| user to enter an explicit username and password.</p> |
| <p>Gearpump provides a built-in ConfigFileBasedAuthenticator which verify user name and password |
| against password hashcode stored in config files.</p> |
| <p>However, developer can choose to extends the <code>org.apache.gearpump.security.Authenticator</code> to provide a custom |
| User-Password based authenticator, to support LDAP, Kerberos, and Database-based authentication...</p> |
| <h3 id="configfilebasedauthenticator-built-in-user-password-authenticator">ConfigFileBasedAuthenticator: built-in User-Password Authenticator</h3> |
| <p>ConfigFileBasedAuthenticator store all user name and password hashcode in configuration file gear.conf. Here |
| is the steps to configure ConfigFileBasedAuthenticator.</p> |
| <h4 id="how-to-add-or-remove-user">How to add or remove user?</h4> |
| <p>For the default authentication plugin, it has three categories of users: admins, users, and guests.</p> |
| <ul> |
| <li>admins: have unlimited permission, like shutdown a cluster, add/remove machines.</li> |
| <li>users: have limited permission to submit an application and etc..</li> |
| <li>guests: can not submit/kill applications, but can view the application status.</li> |
| </ul> |
| <p>System administrator can add or remove user by updating config file <code>conf/gear.conf</code>. </p> |
| <p>Suppose we want to add user jerry as an administrator, here are the steps:</p> |
| <ol> |
| <li> |
| <p>Pick a password, and generate the digest for this password. Suppose we use password <code>ilovegearpump</code>, |
| to generate the digest:</p> |
| <pre class="codehilite"><code class="language-bash">bin/gear org.apache.gearpump.security.PasswordUtil -password ilovegearpump</code></pre> |
| |
| |
| <p>It will generate a digest value like this:</p> |
| <pre class="codehilite"><code class="language-bash">CgGxGOxlU8ggNdOXejCeLxy+isrCv0TrS37HwA==</code></pre> |
| |
| |
| </li> |
| <li> |
| <p>Change config file conf/gear.conf at path <code>gearpump-ui.gearpump.ui-security.config-file-based-authenticator.admins</code>, |
| add user <code>jerry</code> in this list:</p> |
| <pre class="codehilite"><code class="language-bash">admins = { |
| ## Default Admin. Username: admin, password: admin |
| ## !!! Please replace this builtin account for production cluster for security reason. !!! |
| "admin" = "AeGxGOxlU8QENdOXejCeLxy+isrCv0TrS37HwA==" |
| "jerry" = "CgGxGOxlU8ggNdOXejCeLxy+isrCv0TrS37HwA==" |
| }</code></pre> |
| |
| |
| </li> |
| <li> |
| <p>Restart the UI dashboard by <code>bin/services</code> to make the change effective.</p> |
| </li> |
| <li> |
| <p>Group "admins" have very unlimited permission, you may want to restrict the permission. In that case |
| you can modify <code>gearpump-ui.gearpump.ui-security.config-file-based-authenticator.users</code> or |
| <code>gearpump-ui.gearpump.ui-security.config-file-based-authenticator.guests</code>.</p> |
| </li> |
| <li> |
| <p>See description at <code>conf/gear.conf</code> to find more information. </p> |
| </li> |
| </ol> |
| <h4 id="what-is-the-default-user-and-password">What is the default user and password?</h4> |
| <p>For ConfigFileBasedAuthenticator, Gearpump distribution is shipped with two default users:</p> |
| <ol> |
| <li>username: admin, password: admin</li> |
| <li>username: guest, password: guest</li> |
| </ol> |
| <p>User <code>admin</code> has unlimited permissions, while <code>guest</code> can only view the application status.</p> |
| <p>For security reason, you need to remove the default users <code>admin</code> and <code>guest</code> for cluster in production.</p> |
| <h4 id="is-this-secure">Is this secure?</h4> |
| <p>Firstly, we will NOT store any user password in any way so only the user himself knows the password. |
| We will use one-way hash digest to verify the user input password.</p> |
| <h3 id="how-to-develop-a-custom-user-password-authenticator-for-ldap-database-and-etc">How to develop a custom User-Password Authenticator for LDAP, Database, and etc..</h3> |
| <p>If developer choose to define his/her own User-Password based authenticator, it is required that user |
| modify configuration option:</p> |
| <pre class="codehilite"><code class="language-bash">## Replace "org.apache.gearpump.security.CustomAuthenticator" with your real authenticator class. |
| gearpump.ui-security.authenticator = "org.apache.gearpump.security.CustomAuthenticator"</code></pre> |
| |
| |
| <p>Make sure CustomAuthenticator extends interface:</p> |
| <pre class="codehilite"><code class="language-scala">trait Authenticator { |
| |
| def authenticate(user: String, password: String, ec: ExecutionContext): Future[AuthenticationResult] |
| }</code></pre> |
| |
| |
| <h2 id="oauth2-based-authentication">OAuth2 based authentication</h2> |
| <p>OAuth2 based authentication is commonly use to achieve social login with social network account.</p> |
| <p>Gearpump provides generic OAuth2 Authentication support which allow user to extend to support new authentication sources.</p> |
| <p>Basically, OAuth2 based Authentication contains these steps: |
| 1. User accesses Gearpump UI website, and choose to login with OAuth2 server. |
| 2. Gearpump UI website redirects user to OAuth2 server domain authorization endpoint. |
| 3. End user complete the authorization in the domain of OAuth2 server. |
| 4. OAuth2 server redirects user back to Gearpump UI server. |
| 5. Gearpump UI server verify the tokens and extract credentials from query |
| parameters and form fields.</p> |
| <h3 id="terminologies">Terminologies</h3> |
| <p>For terms like client Id, and client secret, please refers to guide <a href="https://tools.ietf.org/html/rfc6749">RFC 6749</a></p> |
| <h3 id="enable-web-proxy-for-ui-server">Enable web proxy for UI server</h3> |
| <p>To enable OAuth2 authentication, the Gearpump UI server should have network access to OAuth2 server, as |
| some requests are initiated directly inside Gearpump UI server. So, if you are behind a firewall, make |
| sure you have configured the proxy properly for UI server.</p> |
| <h4 id="if-you-are-on-windows">If you are on Windows</h4> |
| <pre class="codehilite"><code class="language-bash">set JAVA_OPTS=-Dhttp.proxyHost=xx.com -Dhttp.proxyPort=8088 -Dhttps.proxyHost=xx.com -Dhttps.proxyPort=8088 |
| bin/services</code></pre> |
| |
| |
| <h4 id="if-you-are-on-linux">If you are on Linux</h4> |
| <pre class="codehilite"><code class="language-bash">export JAVA_OPTS="-Dhttp.proxyHost=xx.com -Dhttp.proxyPort=8088 -Dhttps.proxyHost=xx.com -Dhttps.proxyPort=8088" |
| bin/services</code></pre> |
| |
| |
| <h3 id="google-plus-oauth2-authenticator">Google Plus OAuth2 Authenticator</h3> |
| <p>Google Plus OAuth2 Authenticator does authentication with Google OAuth2 service. It extracts the email address |
| from Google user profile as credentials.</p> |
| <p>To use Google OAuth2 Authenticator, there are several steps:</p> |
| <ol> |
| <li>Register your application (Gearpump UI server here) as an application to Google developer console.</li> |
| <li>Configure the Google OAuth2 information in gear.conf</li> |
| <li>Configure network proxy for Gearpump UI server if applies.</li> |
| </ol> |
| <h4 id="step1-register-your-website-as-an-oauth2-application-on-google">Step1: Register your website as an OAuth2 Application on Google</h4> |
| <ol> |
| <li>Create an application representing your website at <a href="https://console.developers.google.com">https://console.developers.google.com</a></li> |
| <li>In "API Manager" of your created application, enable API "Google+ API"</li> |
| <li>Create OAuth client ID for this application. In "Credentials" tab of "API Manager", |
| choose "Create credentials", and then select OAuth client ID. Follow the wizard |
| to set callback URL, and generate client ID, and client Secret.</li> |
| </ol> |
| <p><strong>NOTE:</strong> Callback URL is NOT optional.</p> |
| <h4 id="step2-configure-the-oauth2-information-in-gearconf">Step2: Configure the OAuth2 information in gear.conf</h4> |
| <ol> |
| <li>Enable OAuth2 authentication by setting <code>gearpump.ui-security.oauth2-authenticator-enabled</code> |
| as true.</li> |
| <li>Configure section <code>gearpump.ui-security.oauth2-authenticators.google</code> in gear.conf. Please make sure |
| class name, client ID, client Secret, and callback URL are set properly.</li> |
| </ol> |
| <p><strong>NOTE:</strong> Callback URL set here should match what is configured on Google in step1.</p> |
| <h4 id="step3-configure-the-network-proxy-if-applies">Step3: Configure the network proxy if applies.</h4> |
| <p>To enable OAuth2 authentication, the Gearpump UI server should have network access to Google service, as |
| some requests are initiated directly inside Gearpump UI server. So, if you are behind a firewall, make |
| sure you have configured the proxy properly for UI server.</p> |
| <p>For guide of how to configure web proxy for UI server, please refer to section "Enable web proxy for UI server" above.</p> |
| <h4 id="step4-restart-the-ui-server-and-try-to-click-the-google-login-icon-on-ui-server">Step4: Restart the UI server and try to click the Google login icon on UI server.</h4> |
| <h3 id="cloudfoundry-uaa-server-oauth2-authenticator">CloudFoundry UAA server OAuth2 Authenticator</h3> |
| <p>CloudFoundryUaaAuthenticator does authentication by using CloudFoundry UAA OAuth2 service. It extracts the email address |
| from Google user profile as credentials.</p> |
| <p>For what is UAA (User Account and Authentication Service), please see guide: <a href="https://github.com/cloudfoundry/uaa">UAA</a></p> |
| <p>To use Google OAuth2 Authenticator, there are several steps:</p> |
| <ol> |
| <li>Register your application (Gearpump UI server here) as an application to UAA with helper tool <code>uaac</code>.</li> |
| <li>Configure the Google OAuth2 information in gear.conf</li> |
| <li>Configure network proxy for Gearpump UI server if applies.</li> |
| </ol> |
| <h4 id="step1-register-your-application-to-uaa-with-uaac">Step1: Register your application to UAA with <code>uaac</code></h4> |
| <ol> |
| <li>Check tutorial on uaac at <a href="https://docs.cloudfoundry.org/adminguide/uaa-user-management.html">https://docs.cloudfoundry.org/adminguide/uaa-user-management.html</a></li> |
| <li> |
| <p>Open a bash shell, set the UAA server by command <code>uaac target</code></p> |
| <pre class="codehilite"><code class="language-bash">uaac target [your uaa server url]</code></pre> |
| |
| |
| </li> |
| <li> |
| <p>Login in as user admin by</p> |
| <pre class="codehilite"><code class="language-bash">uaac token client get admin -s MyAdminPassword</code></pre> |
| |
| |
| </li> |
| <li> |
| <p>Create a new Application (Client) in UAA,</p> |
| <pre class="codehilite"><code class="language-bash">uaac client add [your_client_id] |
| --scope "openid cloud_controller.read" |
| --authorized_grant_types "authorization_code client_credentials refresh_token" |
| --authorities "openid cloud_controller.read" |
| --redirect_uri [your_redirect_url] |
| --autoapprove true |
| --secret [your_client_secret]</code></pre> |
| |
| |
| </li> |
| </ol> |
| <h4 id="step2-configure-the-oauth2-information-in-gearconf_1">Step2: Configure the OAuth2 information in gear.conf</h4> |
| <ol> |
| <li>Enable OAuth2 authentication by setting <code>gearpump.ui-security.oauth2-authenticator-enabled</code> as true.</li> |
| <li>Navigate to section <code>gearpump.ui-security.oauth2-authenticators.cloudfoundryuaa</code></li> |
| <li>Config gear.conf <code>gearpump.ui-security.oauth2-authenticators.cloudfoundryuaa</code> section. |
| Please make sure class name, client ID, client Secret, and callback URL are set properly.</li> |
| </ol> |
| <p><strong>NOTE:</strong> The callback URL here should match what you set on CloudFoundry UAA in step1.</p> |
| <h4 id="step3-configure-network-proxy-for-gearpump-ui-server-if-applies">Step3: Configure network proxy for Gearpump UI server if applies</h4> |
| <p>To enable OAuth2 authentication, the Gearpump UI server should have network access to Google service, as |
| some requests are initiated directly inside Gearpump UI server. So, if you are behind a firewall, make |
| sure you have configured the proxy properly for UI server.</p> |
| <p>For guide of how to configure web proxy for UI server, please refer to please refer to section "Enable web proxy for UI server" above.</p> |
| <h4 id="step4-restart-the-ui-server-and-try-to-click-the-cloudfoundry-login-icon-on-ui-server">Step4: Restart the UI server and try to click the CloudFoundry login icon on UI server.</h4> |
| <h4 id="step5-you-can-also-enable-additional-authenticator-for-cloudfoundry-uaa-by-setting-config">Step5: You can also enable additional authenticator for CloudFoundry UAA by setting config:</h4> |
| <pre class="codehilite"><code class="language-bash">additional-authenticator-enabled = true</code></pre> |
| |
| |
| <p>Please see description in gear.conf for more information.</p> |
| <h4 id="extends-oauth2authenticator-to-support-new-authorization-service-like-facebook-or-twitter">Extends OAuth2Authenticator to support new Authorization service like Facebook, or Twitter.</h4> |
| <p>You can follow the Google OAuth2 example code to define a custom OAuth2Authenticator. Basically, the steps includes:</p> |
| <ol> |
| <li> |
| <p>Define an OAuth2Authenticator implementation.</p> |
| </li> |
| <li> |
| <p>Add an configuration entry under <code>gearpump.ui-security.oauth2-authenticators</code>. For example:</p> |
| <pre class="codehilite"><code>## name of this authenticator |
| "socialnetworkx" { |
| "class" = "org.apache.gearpump.services.security.oauth2.impl.SocialNetworkXAuthenticator" |
| |
| ## Please make sure this URL matches the name |
| "callback" = "http://127.0.0.1:8090/login/oauth2/socialnetworkx/callback" |
| |
| "clientId" = "gearpump_test2" |
| "clientSecret" = "gearpump_test2" |
| "defaultUserRole" = "guest" |
| |
| ## Make sure socialnetworkx.png exists under dashboard/icons |
| "icon" = "/icons/socialnetworkx.png" |
| }</code></pre> |
| |
| |
| </li> |
| </ol> |
| <p>The configuration entry is supposed to be used by class <code>SocialNetworkXAuthenticator</code>.</p> |
| |
| </div> |
| </div> |
| <footer> |
| |
| <div class="rst-footer-buttons" role="navigation" aria-label="footer navigation"> |
| |
| <a href="../deployment-ha/index.html" class="btn btn-neutral float-right" title="High Availability"/>Next <span class="icon icon-circle-arrow-right"></span></a> |
| |
| |
| <a href="../deployment-docker/index.html" class="btn btn-neutral" title="Docker Mode"><span class="icon icon-circle-arrow-left"></span> Previous</a> |
| |
| </div> |
| |
| |
| <hr/> |
| |
| <div role="contentinfo"> |
| <!-- Copyright etc --> |
| |
| </div> |
| |
| Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>. |
| </footer> |
| |
| </div> |
| </div> |
| |
| </section> |
| |
| </div> |
| |
| <div class="rst-versions" role="note" style="cursor: pointer"> |
| <span class="rst-current-version" data-toggle="rst-current-version"> |
| |
| <a class="icon icon-github" style="float: left; color: #fcfcfc"> GitHub</a> |
| |
| |
| <span><a href="../deployment-docker/index.html" style="color: #fcfcfc;">« Previous</a></span> |
| |
| |
| <span style="margin-left: 15px"><a href="../deployment-ha/index.html" style="color: #fcfcfc">Next »</a></span> |
| |
| </span> |
| </div> |
| |
| </body> |
| </html> |