apache/kyuubi
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity
86964fefbe
kyuubi/docs/extensions/server/authentication.rst
Kent Yao 6c8024c8a4
[KYUUBI #3101] [Subtask][#3100] Build the content for extension points documentation 
### _Why are the changes needed?_

Build the content for extension points documentation, pre-work for #3100

<img width="1767" alt="image" src="https://user-images.githubusercontent.com/8326978/179930987-1accbbb7-e804-4230-871f-6c4b1152f4a1.png">

1. the extensions are divided into 2: server side and engine side extensions. (Do we have client side extension support?)
2. the server side authentication page is cross-referenced by the security section, see 1 in the picture.
3. the engine side ones are grouped by different compute frameworks.
4. connector is one type of extension, so we cross-reference the connector pages directly, see 2 & 3 in the picture.

### _How was this patch tested?_
- [ ] Add some test cases that check the changes thoroughly including negative and positive cases if possible

- [x] Add screenshots for manual tests if appropriate

- [x] [Run test](https://kyuubi.apache.org/docs/latest/develop_tools/testing.html#running-tests) locally before make a pull request

Closes #3103 from yaooqinn/3101.

Closes #3101

a9ae3e32 [Kent Yao] [KYUUBI #3101] [Subtask][#3100] Build content for extension points documentation
3b7367e9 [Kent Yao] [KYUUBI #3101] [Subtask][#3100] Build content for extension points documentation
b5eda13e [Kent Yao] [KYUUBI #3101] [Subtask][#3100] Build content for extension points documentation

Authored-by: Kent Yao <yao@apache.org>
Signed-off-by: Kent Yao <yao@apache.org>
2022-07-21 15:37:19 +08:00

83 lines
3.0 KiB
ReStructuredText
Raw Blame History

.. Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
.. http://www.apache.org/licenses/LICENSE-2.0
.. Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Configure Kyuubi to use Custom Authentication
=============================================
Besides the `builtin authentication`_ methods, kyuubi supports custom
authentication implementations of `org.apache.kyuubi.service.authentication.PasswdAuthenticationProvider`.
.. code-block:: scala
package org.apache.kyuubi.service.authentication
import javax.security.sasl.AuthenticationException
trait PasswdAuthenticationProvider {
/**
* The authenticate method is called by the Kyuubi Server authentication layer
* to authenticate users for their requests.
* If a user is to be granted, return nothing/throw nothing.
* When a user is to be disallowed, throw an appropriate [[AuthenticationException]].
*
* @param user The username received over the connection request
* @param password The password received over the connection request
*
* @throws AuthenticationException When a user is found to be invalid by the implementation
*/
@throws[AuthenticationException]
def authenticate(user: String, password: String): Unit
}
Build A Custom Authenticator
----------------------------
To create custom Authenticator class derived from the above interface, we need to:
- Referencing the library
.. code-block:: xml
<dependency>
<groupId>org.apache.kyuubi</groupId>
<artifactId>kyuubi-common_2.12</artifactId>
<version>1.5.2-incubating</version>
<scope>provided</scope>
</dependency>
- Implement PasswdAuthenticationProvider - `Sample Code`_
Enable Custom Authentication
----------------------------
To enable the custom authentication method, we need to
- put the jar package to ``$KYUUBI_HOME/jars`` directory to make it visible for
the classpath of the kyuubi server.
- Configure the following properties to ``$KYUUBI_HOME/conf/kyuubi-defaults.conf``
on each node where kyuubi server is installed.
.. code-block:: property
:margin:
kyuubi.authentication=CUSTOM
kyuubi.authentication.custom.class=YourAuthenticationProvider
- Restart all the kyuubi server instances
.. _builtin authentication: ../../security/authentication.html
.. _Sample Code: https://github.com/kyuubilab/example-custom-authentication/blob/main/src/main/scala/org/apache/kyuubi/example/MyAuthenticationProvider.scala
Reference in New Issue View Git Blame Copy Permalink