Re: [PR] [#4467] docs: Refactor the security document and add access control page [gravitino]

Wed, 14 Aug 2024 00:24:06 -0700 


jerqi commented on code in PR #4496:
URL: https://github.com/apache/gravitino/pull/4496#discussion_r1716431127


##########
docs/security/how-to-authenticate.md:
##########
@@ -0,0 +1,176 @@
+---
+title: "How to authenticate"
+slug: /security/how-to-authenticate
+keyword: security authentication oauth kerberos
+license: "This software is licensed under the Apache License version 2."
+---
+
+## Authentication
+
+Apache Gravitino supports three kinds of authentication mechanisms: 
simple,OAuth and Kerberos.
+
+### Simple mode
+
+Simple mode is the default authentication option of the server.
+
+For the client side, if it doesn't set the authentication explicitly, it will 
use anonymous to access the server.
+
+If the client sets the simple mode,  it will use the environment variable 
`GRAVITINO_USER` as the user.
+
+If the environment variable `GRAVITINO_USER` isn't set, the client uses the 
user of the machine that sends requests.
+
+For the client side, users can enable `simple` mode by the following code:
+
+```java
+GravitinoClient client = GravitinoClient.builder(uri)
+    .withMetalake("metalake")
+    .withSimpleAuth()
+    .build();
+```
+
+### OAuth mode
+
+Gravitino only supports external OAuth 2.0 servers.
+
+First, users need to guarantee that the external correctly configured OAuth 
2.0 server supports Bearer JWT.
+
+Then, on the server side, users should set `gravitino.authenticator` as 
`oauth` and give
+`gravitino.authenticator.oauth.defaultSignKey`, 
`gravitino.authenticator.oauth.serverUri` and
+`gravitino.authenticator.oauth.tokenPath`  a proper value.
+
+Next, for the client side, users can enable `OAuth` mode by the following code:
+
+```java
+DefaultOAuth2TokenProvider authDataProvider = 
DefaultOAuth2TokenProvider.builder()
+    .withUri("oauth server uri")
+    .withCredential("yy:xx")

Review Comment:
   DefaultOAuth2TokenProvider doesn't support it now.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to