Browse Source

[Feature-14802][api] Use Casdoor SSO to log in, add admin user configuration (#14814)

* [Feature-14802][feat] Use Casdoor SSO to log in, add admin user configuration

    Use Casdoor SSO to log in, add admin user configuration

This closes #14802

* [Feature-14802][feat] Use Casdoor SSO to log in, add admin user configuration

    Use Casdoor SSO to log in, add admin user configuration

This closes #14802

* update doc

* [Feature-14802][feat] Use Casdoor SSO to log in, add admin user configuration

    Use Casdoor SSO to log in, add admin user configuration

This closes #14802

---------

Co-authored-by: Eric Gao <ericgao.apache@gmail.com>
Co-authored-by: 旺阳 <qingwli@cisco.com>
3.2.1-prepare
gaopeng 1 year ago committed by GitHub
parent
commit
adf49fd23f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 8
      docs/docs/en/architecture/configuration.md
  2. 16
      docs/docs/en/guide/security/authentication-type.md
  3. 8
      docs/docs/zh/architecture/configuration.md
  4. 16
      docs/docs/zh/guide/security/authentication-type.md
  5. 9
      dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticator.java
  6. 17
      dolphinscheduler-api/src/main/resources/application.yaml
  7. 3
      dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticatorTest.java
  8. 3
      dolphinscheduler-api/src/test/resources/application.yaml
  9. 17
      dolphinscheduler-standalone-server/src/main/resources/application.yaml

8
docs/docs/en/architecture/configuration.md

@ -261,6 +261,14 @@ Location: `api-server/conf/application.yaml`
|security.authentication.ldap.ssl.enable|false|LDAP switch| |security.authentication.ldap.ssl.enable|false|LDAP switch|
|security.authentication.ldap.ssl.trust-store|ldapkeystore.jks|LDAP jks file absolute path| |security.authentication.ldap.ssl.trust-store|ldapkeystore.jks|LDAP jks file absolute path|
|security.authentication.ldap.ssl.trust-store-password|password|LDAP jks password| |security.authentication.ldap.ssl.trust-store-password|password|LDAP jks password|
|security.authentication.casdoor.user.admin||admin user account when you log-in with Casdoor|
|casdoor.endpoint||Casdoor server url|
|casdoor.client-id||id in Casdoor|
|casdoor.client-secret||secret in Casdoor|
|casdoor.certificate||certificate in Casdoor|
|casdoor.organization-name||organization name in Casdoor|
|casdoor.application-name||application name in Casdoor|
|casdoor.redirect-url||doplhinscheduler login url|
|api.traffic.control.global.switch|false|traffic control global switch| |api.traffic.control.global.switch|false|traffic control global switch|
|api.traffic.control.max-global-qps-rate|300|global max request number per second| |api.traffic.control.max-global-qps-rate|300|global max request number per second|
|api.traffic.control.tenant-switch|false|traffic control tenant switch| |api.traffic.control.tenant-switch|false|traffic control tenant switch|

16
docs/docs/en/guide/security/authentication-type.md

@ -30,6 +30,9 @@ security:
# jks file absolute path && password # jks file absolute path && password
trust-store: "/ldapkeystore.jks" trust-store: "/ldapkeystore.jks"
trust-store-password: "password" trust-store-password: "password"
casdoor:
user:
admin: ""
oauth2: oauth2:
enable: false enable: false
provider: provider:
@ -53,6 +56,19 @@ security:
callbackUrl: "" callbackUrl: ""
iconUri: "" iconUri: ""
provider: google provider: google
casdoor:
# Your Casdoor server url
endpoint: ""
client-id: ""
client-secret: ""
# The certificate may be multi-line, you can use `|-` for ease
certificate: ""
# Your organization name added in Casdoor
organization-name: ""
# Your application name added in Casdoor
application-name: ""
# Doplhinscheduler login url
redirect-url: ""
``` ```
For detailed explanation of specific fields, please see: [Api-server related configuration](../../architecture/configuration.md) For detailed explanation of specific fields, please see: [Api-server related configuration](../../architecture/configuration.md)

8
docs/docs/zh/architecture/configuration.md

@ -260,6 +260,14 @@ common.properties配置文件目前主要是配置hadoop/s3/yarn/applicationId
|security.authentication.ldap.ssl.enable|false|LDAP ssl开关| |security.authentication.ldap.ssl.enable|false|LDAP ssl开关|
|security.authentication.ldap.ssl.trust-store|ldapkeystore.jks|LDAP jks文件绝对路径| |security.authentication.ldap.ssl.trust-store|ldapkeystore.jks|LDAP jks文件绝对路径|
|security.authentication.ldap.ssl.trust-store-password|password|LDAP jks密码| |security.authentication.ldap.ssl.trust-store-password|password|LDAP jks密码|
|security.authentication.casdoor.user.admin||Casdoor登陆时,系统管理员账号|
|casdoor.endpoint||Casdoor服务器URL|
|casdoor.client-id||Casdoor中的ID|
|casdoor.client-secret||Casdoor中的密钥|
|casdoor.certificate||Casdoor中的证书|
|casdoor.organization-name||Casdoor中的组织名称|
|casdoor.application-name||Casdoor中的应用名称|
|casdoor.redirect-url||dolphinscheduler登录URL|
|api.traffic.control.global.switch|false|流量控制全局开关| |api.traffic.control.global.switch|false|流量控制全局开关|
|api.traffic.control.max-global-qps-rate|300|全局最大请求数/秒| |api.traffic.control.max-global-qps-rate|300|全局最大请求数/秒|
|api.traffic.control.tenant-switch|false|流量控制租户开关| |api.traffic.control.tenant-switch|false|流量控制租户开关|

16
docs/docs/zh/guide/security/authentication-type.md

@ -30,6 +30,9 @@ security:
# jks file absolute path && password # jks file absolute path && password
trust-store: "/ldapkeystore.jks" trust-store: "/ldapkeystore.jks"
trust-store-password: "password" trust-store-password: "password"
casdoor:
user:
admin: ""
oauth2: oauth2:
enable: false enable: false
provider: provider:
@ -53,6 +56,19 @@ security:
callbackUrl: "" callbackUrl: ""
iconUri: "" iconUri: ""
provider: google provider: google
casdoor:
# Your Casdoor server url
endpoint: ""
client-id: ""
client-secret: ""
# The certificate may be multi-line, you can use `|-` for ease
certificate: ""
# Your organization name added in Casdoor
organization-name: ""
# Your application name added in Casdoor
application-name: ""
# Doplhinscheduler login url
redirect-url: ""
``` ```
具体字段解释详见:[Api-server相关配置](../../architecture/configuration.md) 具体字段解释详见:[Api-server相关配置](../../architecture/configuration.md)

9
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticator.java

@ -42,6 +42,8 @@ public class CasdoorAuthenticator extends AbstractSsoAuthenticator {
private CasdoorAuthService casdoorAuthService; private CasdoorAuthService casdoorAuthService;
@Value("${casdoor.redirect-url}") @Value("${casdoor.redirect-url}")
private String redirectUrl; private String redirectUrl;
@Value("${security.authentication.casdoor.user.admin:#{null}}")
private String adminUserName;
@Override @Override
public User login(String state, String code, String extra) { public User login(String state, String code, String extra) {
@ -66,12 +68,17 @@ public class CasdoorAuthenticator extends AbstractSsoAuthenticator {
// check if user exist // check if user exist
user = usersService.getUserByUserName(casdoorUser.getName()); user = usersService.getUserByUserName(casdoorUser.getName());
if (user == null) { if (user == null) {
user = usersService.createUser(UserType.GENERAL_USER, casdoorUser.getName(), casdoorUser.getEmail()); user = usersService.createUser(getUserType(casdoorUser.getName()), casdoorUser.getName(),
casdoorUser.getEmail());
} }
} }
return user; return user;
} }
public UserType getUserType(String userName) {
return adminUserName.equalsIgnoreCase(userName) ? UserType.ADMIN_USER : UserType.GENERAL_USER;
}
@Override @Override
public String getSignInUrl(String state) { public String getSignInUrl(String state) {
return casdoorAuthService.getSigninUrl(redirectUrl, state); return casdoorAuthService.getSigninUrl(redirectUrl, state);

17
dolphinscheduler-api/src/main/resources/application.yaml

@ -181,6 +181,9 @@ security:
# jks file absolute path && password # jks file absolute path && password
trust-store: "/ldapkeystore.jks" trust-store: "/ldapkeystore.jks"
trust-store-password: "password" trust-store-password: "password"
casdoor:
user:
admin: ""
oauth2: oauth2:
enable: false enable: false
provider: provider:
@ -204,6 +207,20 @@ security:
callbackUrl: "" callbackUrl: ""
iconUri: "" iconUri: ""
provider: google provider: google
casdoor:
# Your Casdoor server url
endpoint: ""
client-id: ""
client-secret: ""
# The certificate may be multi-line, you can use `|-` for ease
certificate: ""
# Your organization name added in Casdoor
organization-name: ""
# Your application name added in Casdoor
application-name: ""
# Doplhinscheduler login url
redirect-url: ""
# Override by profile # Override by profile

3
dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticatorTest.java

@ -55,7 +55,8 @@ import org.springframework.web.context.request.ServletRequestAttributes;
"casdoor.certificate=public-key", "casdoor.certificate=public-key",
"casdoor.organization-name=built-in", "casdoor.organization-name=built-in",
"casdoor.application-name=app-built-in", "casdoor.application-name=app-built-in",
"casdoor.redirect-url=http://localhost:8888/view/login/index.html" "casdoor.redirect-url=http://localhost:8888/view/login/index.html",
"security.authentication.casdoor.user.admin=admin"
}) })
public class CasdoorAuthenticatorTest extends AbstractControllerTest { public class CasdoorAuthenticatorTest extends AbstractControllerTest {

3
dolphinscheduler-api/src/test/resources/application.yaml

@ -87,6 +87,9 @@ security:
# jks file absolute path && password # jks file absolute path && password
trust-store: "/ldapkeystore.jks" trust-store: "/ldapkeystore.jks"
trust-store-password: "password" trust-store-password: "password"
casdoor:
user:
admin: ""
oauth2: oauth2:
enable: true enable: true
provider: provider:

17
dolphinscheduler-standalone-server/src/main/resources/application.yaml

@ -111,6 +111,9 @@ security:
# jks file absolute path && password # jks file absolute path && password
trust-store: "/ldapkeystore.jks" trust-store: "/ldapkeystore.jks"
trust-store-password: "" trust-store-password: ""
casdoor:
user:
admin: admin
oauth2: oauth2:
enable: false enable: false
provider: provider:
@ -135,7 +138,19 @@ security:
iconUri: "" iconUri: ""
provider: gitee provider: gitee
casdoor:
# Your Casdoor server url
endpoint: http://localhost:8000
client-id: ""
client-secret: ""
# The certificate may be multi-line, you can use `|-` for ease
certificate: ""
# Your organization name added in Casdoor
organization-name: built-in
# Your application name added in Casdoor
application-name: dolphinscheduler
# Doplhinscheduler login url
redirect-url: http://localhost:5173/login

Loading…
Cancel
Save