This is an automated email from the ASF dual-hosted git repository.
casion pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/linkis-website.git
The following commit(s) were added to refs/heads/dev by this push:
new 4485f33c18 update auth (#653)
4485f33c18 is described below
commit 4485f33c18718015a57397b748bb6182238a9af4
Author: Casion <[email protected]>
AuthorDate: Mon Jan 30 14:33:41 2023 +0800
update auth (#653)
* update auth
* update auth
* update auth
* update auth
* update auth
* update auth
* update api
---
.../engine-plugin-api.md | 454 ++++++++++++++++++++-
docs/api/login-api.md | 2 +-
docs/auth/_category_.json | 4 +
docs/auth/kerberos.md | 97 +++++
docs/auth/ldap.md | 50 +++
docs/auth/proxy.md | 57 +++
docs/auth/test.md | 76 ++++
docs/auth/token.md | 113 +++++
download/release-notes-1.3.1.md | 6 +-
faq/main.md | 2 +-
.../current/release-notes-1.3.1.md | 8 +-
.../current/main.md | 2 +-
.../engine-plugin-api.md | 451 ++++++++++++++++++++
.../current/api/login-api.md | 2 +-
.../current/auth/_category_.json | 4 +
.../current/auth/kerberos.md | 99 +++++
.../current/auth/ldap.md | 51 +++
.../current/auth/proxy.md | 59 +++
.../current/auth/test.md | 76 ++++
.../current/auth/token.md | 111 +++++
.../version-1.0.2/api/login-api.md | 2 +-
.../version-1.0.3/api/login-api.md | 2 +-
.../version-1.1.0/api/login-api.md | 2 +-
.../version-1.1.1/api/login-api.md | 2 +-
.../version-1.1.2/api/login-api.md | 2 +-
.../version-1.1.3/api/login-api.md | 2 +-
.../version-1.2.0/api/login-api.md | 2 +-
.../version-1.3.0/api/login-api.md | 2 +-
.../version-1.3.0/deployment/deploy-quick.md | 2 +-
static/Images-zh/auth/dsm-kerberos.png | Bin 0 -> 77014 bytes
static/Images-zh/auth/yarn-normal.png | Bin 0 -> 78202 bytes
versioned_docs/version-1.0.2/api/login-api.md | 2 +-
versioned_docs/version-1.0.3/api/login-api.md | 2 +-
versioned_docs/version-1.1.0/api/login-api.md | 2 +-
versioned_docs/version-1.1.1/api/login-api.md | 2 +-
versioned_docs/version-1.1.2/api/login-api.md | 2 +-
versioned_docs/version-1.1.3/api/login-api.md | 2 +-
versioned_docs/version-1.2.0/api/login-api.md | 2 +-
versioned_docs/version-1.3.0/api/login-api.md | 2 +-
39 files changed, 1732 insertions(+), 26 deletions(-)
diff --git a/docs/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
b/docs/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
index dcc2f137d8..301ef2708c 100644
--- a/docs/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
+++ b/docs/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
@@ -121,4 +121,456 @@ No
"method": "",
"status": 0
}
-````
\ No newline at end of file
+````
+
+
+## rollback
+
+**Interface address**: `/api/rest_j/v1/engineplugin/rollBack`
+
+**Request method**:`POST`
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Roll back the material version of the current engine plugin
+
+**Request parameters**:
+
+| Parameter name | Parameter description | Request type | Required | Data type
| schema |
+| --------------------- | ------------------------- | - ------- | -------- |
--------------------- | ------ |
+| engineConnBmlResource | EngineConnBmlResource entity | body | true |
EngineConnBmlResource | |
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | dataset | object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {}
+}
+```
+
+## Get all versions of the engine in the material
+
+**Interface address**:/api/rest_j/v1/engineplugin/getVersionList
+
+**Request method**: GET
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Get all versions of the engine plugin in the material management system
+
+**Request parameters**:
+
+| Parameter name | Parameter description | Request type | Required | Data type
| schema |
+| ------------- | ---------------- | -------- | -------- |
--------------------- | ------ |
+| bmlResourceId | engine material resource id | body | true |
EngineConnBmlResource | |
+| ecType | engine name | body | false | String | |
+| version | engine version | body | false | String | |
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | dataset | object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {}
+}
+```
+
+
+
+## Get all engine names
+
+**Interface address**:/api/rest_j/v1/engineplugin/getTypeList
+
+**Request method**: GET
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Get all types of engine names
+
+**Request parameters**
+
+
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | dataset | object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "typeList": [
+ "hive",
+ "io_file",
+ "jdbc",
+ "open look",
+ "python",
+ "shell",
+ "spark"
+ ]
+ }
+}
+```
+
+
+
+## Get all versions of the engine
+
+**Interface address**: /api/rest_j/v1/engineplugin/getTypeVersionList/{type}
+
+**Request method**: GET
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Get all types of engine names
+
+**Request parameters**:
+
+| Parameter name | Parameter description | Request type | Required | Data type
| schema |
+| -------- | -------------- | -------- | -------- | ------- - | ------ |
+| type | type name of the engine | path | true | String | |
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | dataset | object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "queryList": [
+ "v4"
+ ]
+ }
+}
+```
+
+
+
+## Update engine plugin
+
+**Interface address**:/api/rest_j/v1/engineplugin/updateEnginePluginBML
+
+**Request method**: POST
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Update specific engine plugins
+
+**Request parameters**:
+
+| Parameter name | Parameter description | Request type | Required | Data type
| schema |
+| -------- | ------------ | -------- | -------- | --------- ---- | ------ |
+| file | engine material file | body | true | MultipartFile | |
+| ecType | engine type name | body | true | String| |
+| version | engine version | body | true | String | |
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | dataset | object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "mess": "upload file success"
+ }
+}
+```
+
+
+
+## Engine Plugins
+
+**Interface address**: /api/rest_j/v1/engineplugin/list
+
+**Request method**: GET
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Request all engine plugin information
+
+**Request parameters**:
+
+| Parameter name | Parameter description | Request type | Required | Data type
| schema |
+| ----------- | ------------ | -------- | -------- | ------ -------- | ------ |
+| currentPage | current page | qurey | true | integer(int32) | |
+| ecType | engine type name | qurey | false | String | |
+| version | engine version | qurey | false | String | |
+| pageSize | page size | qurey | true | integer(int32) | |
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | dataset | object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "totalPage": 17,
+ "queryList": [
+ {
+ "id": 239,
+ "engineConnType": "python",
+ "version": "vpython2",
+ "fileName": "lib.zip",
+ "lastModified": 1661950452000,
+ "fileSize": 6093507,
+ "bmlResourceId": "8edb8e88-fc75-4ce3-a330-3ece9ec533cb",
+ "bmlResourceVersion": "v000001",
+ "createTime": "2022-08-31 20:56:59",
+ "lastUpdateTime": "2022-08-31 20:56:59"
+ },
+ {
+ "id": 238,
+ "engineConnType": "python",
+ "version": "vpython2",
+ "fileName": "conf.zip",
+ "lastModified": 1661950450000,
+ "fileSize": 43841,
+ "bmlResourceId": "a46beb9b-7368-4900-a2a6-241f1ec49002",
+ "bmlResourceVersion": "v000001",
+ "createTime": "2022-08-31 20:56:54",
+ "lastUpdateTime": "2022-08-31 20:56:54"
+ }
+ ]
+ }
+}
+```
+
+
+
+## New engine plugin
+
+**Interface address**:/api/rest_j/v1/engineplugin/uploadEnginePluginBML
+
+**Request method**: POST
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Upload a new engine plugin
+
+**Request parameters**:
+
+| Parameter name | Parameter description | Request type | Required | Data type
| schema |
+| -------- | ------------------ | -------- | -------- | --- ---------- |
------ |
+| file | engine material file compression package | body | true |
MultipartFile | |
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | dataset | object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "mess": "upload file success"
+ }
+}
+```
+
+
+
+## Remove engine plugins
+
+**Interface address**:/api/rest_j/v1/engineplugin/deleteEnginePluginBML
+
+**Request method**: GET
+
+**Request data type**: `application/x-www-form-urlencoded`
+
+**Response data type**:`*/*`
+
+**Interface Description**:
+
+Delete the specified engine plugin
+
+**Request parameters**:
+
+| Parameter name | Parameter description | Request type | Required | Data type
| schema |
+| -------- | ------------ | -------- | -------- | -------- | ------ |
+| ecType | engine type name | qurey | true | String | |
+| version | engine version | qurey | false | String | |
+
+**Response Status**:
+
+| status code | description | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**Response parameters**:
+
+| parameter name | parameter description | type | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | data set| object | |
+| message | description | string | |
+| method | request url | string | |
+| status | status | integer(int32) | integer(int32) |
+
+**Response Example**:
+
+```
+{"method":null,"status":0,"message":"OK","data":{"msg":"delete successfully"}}
+```
\ No newline at end of file
diff --git a/docs/api/login-api.md b/docs/api/login-api.md
index b44d9ae3cb..26c29f0dd6 100644
--- a/docs/api/login-api.md
+++ b/docs/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/docs/auth/_category_.json b/docs/auth/_category_.json
new file mode 100644
index 0000000000..fc663db2a7
--- /dev/null
+++ b/docs/auth/_category_.json
@@ -0,0 +1,4 @@
+{
+ "label": "Security Authentication",
+ "position": 6.0
+}
\ No newline at end of file
diff --git a/docs/auth/kerberos.md b/docs/auth/kerberos.md
new file mode 100644
index 0000000000..5a1ecea8eb
--- /dev/null
+++ b/docs/auth/kerberos.md
@@ -0,0 +1,97 @@
+---
+title: Kerberos
+sidebar_position: 5
+---
+
+## Kerberos authentication
+
+## Scenario 1 HDFS storage
+If the hadoop cluster is used, such as the file used to store the result set
+```shell script
+# Result set logs and other file paths, used to store the result set files of
the Job wds.linkis.filesystem.hdfs.root.path(linkis.properties)
+HDFS_USER_ROOT_PATH=hdfs:///tmp/linkis
+```
+And kerberos authentication is enabled, corresponding kerberos configuration
is required
+
+Modify the corresponding configuration of `linkis.properties` as follows
+```properties
+#Whether the kerberos authentication mode is enabled
+wds.linkis.keytab.enable=true
+#keytab places the directory, which stores the files of username.keytab of
multiple users
+wds.linkis.keytab.file=/appcom/keytab/
+#Whether to bring principle client authentication, the default value is false
+wds.linkis.keytab.host.enabled=false
+#principle authentication needs to bring the client IP
+wds.linkis.keytab.host=127.0.0.1
+```
+Restart the service after modification
+
+
+## Scenario 2 HDFS storage kerberos proxy authentication
+
+Hadoop2.0 version began to support the ProxyUser mechanism. The meaning is to
use the user authentication information of User A to access the hadoop cluster
in the name of User B.
+For the server, it is considered that User B is accessing the cluster at this
time, and the corresponding authentication of access requests (including the
permissions of the HDFS file system and the permissions of YARN submitting task
queues) is performed by User B.
+User A is considered a superuser.
+
+The main difference from Scenario 1 is that it can solve the problem that each
user needs to generate a keytab file. If kerberos proxy authentication is set,
the proxy user's keytab file can be used for authentication.
+Modify the corresponding configuration of `linkis.properties` as follows
+
+```properties
+#Whether the kerberos authentication mode is enabled
+wds.linkis.keytab.enable=true
+#keytab places the directory, which stores the files of username.keytab of
multiple users
+wds.linkis.keytab.file=/appcom/keytab/
+#Whether to bring principle client authentication, the default value is false
+wds.linkis.keytab.host.enabled=false
+#principle authentication needs to bring the client IP
+wds.linkis.keytab.host=127.0.0.1
+
+#Enable kerberos proxy authentication
+wds.linkis.keytab.proxyuser.enable=true
+
+#Use superuser to verify user authentication information
+wds.linkis.keytab.proxyuser.superuser=hadoop
+
+
+
+```
+Restart the service after modification
+
+## Scenario 3 Queue manager checks yarn resource information
+
+Will access the REST API interface provided by Yarn to provide ResourceManager
+If the ResourceManager of yarn has enabled kerberos authentication, you need
to configure kerberos-related authentication information
+
+Database table linkis_cg_rm_external_resource_provider
+Insert yarn data information
+```sql
+INSERT INTO `linkis_cg_rm_external_resource_provider`
+(`resource_type`, `name`, `labels`, `config`) VALUES
+('Yarn', 'sit', NULL,
+'
+ {
+ "rmWebAddress": "http://xx.xx.xx.xx:8088";,
+ "hadoopVersion": "2.7.2",
+ "authorEnable": false,
+ "user":"hadoop","pwd":"123456",
+ "kerberosEnable":@YARN_KERBEROS_ENABLE,
+ "principalName": "@YARN_PRINCIPAL_NAME",
+ "keytabPath": "@YARN_KEYTAB_PATH"
+ "krb5Path": "@YARN_KRB5_PATH"
+ }
+'
+);
+
+```
+After the update, because the cache is used in the program, if you want to
take effect immediately, you need to restart the `linkis-cg-linkismanager`
service
+
+```shell script
+sh sbin/linkis-daemon.sh restart cg-linkismanager
+```
+
+
+
+## Scenario 4 The hive data source in the data source function
+
+If the hive data source that needs to be connected and the corresponding hive
cluster environment has kerberos authentication enabled, you need to upload the
kerberos and keytab authentication file information when configuring the
cluster environment.
+
\ No newline at end of file
diff --git a/docs/auth/ldap.md b/docs/auth/ldap.md
new file mode 100644
index 0000000000..844a8095e2
--- /dev/null
+++ b/docs/auth/ldap.md
@@ -0,0 +1,50 @@
+---
+title: LDAP
+sidebar_position: 1
+---
+> LDAP (Lightweight Directory Access Protocol) configuration, after the
default installation and deployment, only supports configured static user and
password login (only one can be configured), if you need to support multi-user
login, you can use LDAP
+
+## 1. Implementation logic introduction
+
+The default way to configure `linkis-mg-gateway.properties`
+
+```properties
+#default username
+wds.linkis.admin.user=hadoop
+#default password
+wds.linkis.admin.password=123456
+```
+
+`org.apache.linkis.gateway.security.UserPwdAbstractUserRestful#tryLogin`
during login request processing,
+If the login user name/user password is inconsistent with the configured
default value, LDAP mode will be used.
+LDAP core processing
`org.apache.linkis.gateway.security.LDAPUserRestful#login` is authenticated by
calling jdk general ldap tool class.
+`javax.naming.ldap.InitialLdapContext#InitialLdapContext(java.util.Hashtable<?,?>,
javax.naming.ldap.Control[])`
+
+
+## 2. How to use
+
+> The premise is that there is an available LDAP service
+
+### 2.1 Step1 Enable ladp login password verification method
+
+Modify `linkis-mg-gateway.properties` configuration
+
+Fill in LDAP related parameters
+```properties
+##LDAP
+#ldap service address
+wds.linkis.ldap.proxy.url=ldap://localhost:1389/
+#Directory Name(DN) Directory composition of ldap
+wds.linkis.ldap.proxy.baseDN==dc=linkis,dc=org
+#Username formatting Generally, no configuration is required
+wds.linkis.ldap.proxy.userNameFormat=
+```
+### 2.2 Step2 Restart the service of linkis-mg-gateway
+
+After modifying the configuration, you need to restart the `linkis-mg-gateway`
service `sh sbin/linkis-daemon.sh start mg-mgtaeway` to take effect
+
+## 3 Notes
+
+- The authentication type uses the simple mode in
`java.naming.security.authentication` (security type, three values: none,
simple or strong.)
+
+- For the introduction of ldap, please refer to [LDAP directory server
introduction] (https://juejin.cn/post/6844903857311449102)
\ No newline at end of file
diff --git a/docs/auth/proxy.md b/docs/auth/proxy.md
new file mode 100644
index 0000000000..65187a0e89
--- /dev/null
+++ b/docs/auth/proxy.md
@@ -0,0 +1,57 @@
+---
+title: proxy authentication
+sidebar_position: 4
+---
+
+
+> This method allows the login user to be different from the actual user. The
main function is to control that the user must be a real-name user when logging
in, but a non-real-name user when actually using the big data platform. It is
convenient to verify and control permissions.
+> For example: when linkis executes the task submitted by the user, the linkis
main process service will switch to the corresponding user through sudo -u
${submit user}, and then execute the corresponding engine start command,
+> This requires creating a corresponding system user for each ${submit user}
in advance, and configuring related environment variables. For new users, a
series of environment initialization preparations are required,
+> Frequent user changes will increase the cost of operation and maintenance,
and there are too many users, it is impossible to configure resources for a
single user, and resources cannot be well controlled. If A proxy can be
implemented for the specified proxy user to execute, the execution entry can be
uniformly converged to solve the problem of needing to initialize the
environment.
+
+## 1. Implementation logic introduction
+
+
+- Login users: users who directly log in to the system through username and
password
+- Proxy user: The user who actually performs operations as a login user is
called a proxy user, and the proxy login user performs related operations
+
+For login cookie processing, parse out the login user and proxy user
+
+```html
+The key of the proxy user's cookie is: linkis_user_session_proxy_ticket_id_v1
+Login user cookie: linkis_user_session_ticket_id_v1
+
+```
+The relevant interface of linkis can identify the proxy user information based
on the UserName information, and use the proxy user to perform various
operations. And record the audit log, including the user's task execution
operation, download operation
+When the task is submitted for execution, the entrance entry service modifies
the executed user as the proxy user
+
+## 2. How to use
+
+### 2.1 Step1 Turn on proxy mode
+Specify the following parameters in `linkis.properties`:
+```shell script
+# Turn on proxy mode
+ wds.linkis.gateway.conf.enable.proxy.user=true
+ # Specify the proxy configuration file
+ wds.linkis.gateway.conf.proxy.user.config=proxy.properties
+```
+
+
+In the conf directory, create a `proxy.properties` file with the following
content:
+```shell script
+# The format is as follows:
+ ${LOGIN_USER}=${PROXY_USER}
+ # For example:
+ enjoyyin=hadoop
+```
+If the existing proxy mode cannot meet your needs, you can also further
modify: `org.apache.linkis.gateway.security.ProxyUserUtils`.
+
+### 2.2 Step2 Restart the service of linkis-mg-gateway
+
+After modifying the configuration, you need to restart the `linkis-mg-gateway`
service `sh sbin/linkis-daemon.sh start mg-mgtaeway` to take effect
+
+## 3 Notes
+
+- Users are divided into proxy users and non-proxy users. Proxy users cannot
be proxied to other users for execution
+- It is necessary to control the list of login users and system users who can
be proxied, prohibit any proxy, and avoid uncontrollable permissions. It is
best to support the configuration of the database table, and it can be directly
modified to take effect without restarting the service
+- A separate record log file contains the operations of the proxy user, such
as proxy execution, function update, etc. PublicService proxy user operations
are all recorded in the log, which is convenient for auditing
\ No newline at end of file
diff --git a/docs/auth/test.md b/docs/auth/test.md
new file mode 100644
index 0000000000..1ac134498d
--- /dev/null
+++ b/docs/auth/test.md
@@ -0,0 +1,76 @@
+---
+title: Password-Free
+sidebar_position: 3
+---
+> In some scenarios, in order to facilitate development and debugging, and to
access pages and interfaces conveniently, you can enable test mode
configuration for secret-free authentication
+
+## 1. Implementation logic introduction
+
+Control through unified authentication processing filter:
`org.apache.linkis.server.security.SecurityFilter`
+
+configuration item
+```properties
+# Whether to enable test mode
+wds.linkis.test.mode=true
+# Simulated user name for test mode
+wds.linkis.test.user=hadoop
+```
+Implemented pseudocode
+```scala
+val BDP_TEST_USER = CommonVars("wds.linkis.test.user", "")
+val IS_TEST_MODE = CommonVars("wds. linkis. test. mode", false)
+
+if (IS_TEST_MODE. getValue) {
+ logger.info("test mode! login for uri: " + request.getRequestURI)
+ // Set the login user information to the user specified in the
configuration
+ SecurityFilter.setLoginUser(response, BDP_TEST_USER)
+ true
+}
+```
+
+## 2. How to use
+
+### 2.1 Step1 Open the test mode
+Directly modify the configuration file `linkis.properties` (effective for all
linkis services), modify the corresponding configuration as follows
+```shell script
+# Whether to enable test mode
+wds.linkis.test.mode=true
+# Simulated user name for test mode
+wds.linkis.test.user=hadoop
+```
+
+If you only need to enable the test mode of a certain service, you can modify
the corresponding service configuration item.
+For example: only enable the test mode of `entrance` service
+Directly modify the configuration file `linkis-cg-entrance.properties`
(effective for the entry service of linkis), modify the corresponding
configuration as follows
+```shell script
+# Whether to enable test mode
+wds.linkis.test.mode=true
+# Simulated user name for test mode
+wds.linkis.test.user=hadoop
+```
+
+### 2.2 Step2 Restart the corresponding service
+
+After modifying the configuration, you need to restart the service to take
effect
+
+
+### 2.3 Step3 request verification
+
+After successfully restarting the service, you can directly request the http
interface that originally required authentication, and you can request normally
without additional authentication.
+The management console can also access the content page without login
authentication
+
+
+## 3 Notes
+
+### 3.1 Value setting of wds.linkis.test.user
+Because some interfaces will perform permission verification of user roles,
such as: [Search historical EC information] interface:
`/api/rest_j/v1/linkisManager/ecinfo/ecrHistoryList`
+The roles are:
+
+|role name | permission description | configuration item | default value |
+| -------- | -------- | ----- |----- |
+|Administrator role|The highest authority, has all authority
operations|`wds.linkis.governance.station.admin`|`hadoop`|
+|Historical task role|Compared with ordinary users, you can also view all task
list information of other users|`wds.linkis.jobhistory.admin`|`hadoop`|
+|Normal role|Default role|||
+
+For tests in different scenarios, the set value of `wds.linkis.test.user` will
be different and needs to be set according to the actual scenario.
+If you need to access all interfaces, you need to configure it to the same
value as `wds.linkis.governance.station.admin`, usually `hadoop`
\ No newline at end of file
diff --git a/docs/auth/token.md b/docs/auth/token.md
new file mode 100644
index 0000000000..aaac0e3f0a
--- /dev/null
+++ b/docs/auth/token.md
@@ -0,0 +1,113 @@
+---
+title: Token
+sidebar_position: 2
+---
+
+> Usually when the third-party system calls the linkis service, it usually
authenticates through token
+
+## 1. Implementation logic introduction
+
+Control through unified authentication processing filter:
`org.apache.linkis.server.security.SecurityFilter`
+
+Implemented pseudocode
+```scala
+
+val TOKEN_KEY = "Token-Code"
+val TOKEN_USER_KEY = "Token-User"
+
+/* TokenAuthentication.isTokenRequest by judging the request request:
+ 1. Whether the request header contains TOKEN_KEY and TOKEN_USER_KEY:
getHeaders.containsKey(TOKEN_KEY) && getHeaders.containsKey(TOKEN_USER_KEY)
+ 2. Or request whether TOKEN_KEY and TOKEN_USER_KEY are included in the
cookies: getCookies.containsKey(TOKEN_KEY)
&&getCookies.containsKey(TOKEN_USER_KEY)
+*/
+
+if (TokenAuthentication.isTokenRequest(gatewayContext)) {
+ /* Perform token authentication
+ 1. Confirm whether to enable the token authentication configuration
item `wds.linkis.gateway.conf.enable.token.auth`
+ 2. Extract the token tokenUser host information for authentication
and verify the validity
+ */
+ TokenAuthentication. tokenAuth(gatewayContext)
+ } else {
+ //Common username and password authentication
+}
+```
+Available tokens and corresponding ip-related information data are stored in
the table `linkis_mg_gateway_auth_token`,
+see [table analysis description]
(../development/table/all#16-linkis_mg_gateway_auth_token) for details,
non-real-time update,
+Periodically `wds.linkis.token.cache.expire.hour` (default interval 12 hours)
is refreshed into the service memory
+
+
+## 2. How to use
+
+### 2.1 New Token
+
+Management console `Basic Data Management > Token Management` to add
+
+```text
+Name: token name corresponds to Token-Code, such as: TEST-AUTH
+User: The username corresponding to the token, that is, the perceived
requesting user, will be used for log auditing. If there is no limit, it can be
configured as *
+Host: The host that can be accessed will perform the IP verification and
filtering of the requester. If there is no limit, it can be configured as *
+Valid days: If it is permanently valid, configure it as -1
+```
+
+### 2.2 Native way
+The constructed http request method needs to add `Token-Code`, `Token-User`
parameters in the request header,
+
+#### Example
+
+Request address:
+`http://127.0.0.1:9001/api/rest_j/v1/entrance/submit`
+
+body parameter:
+```json
+{
+ "executionContent": {"code": "sleep 5s;echo pwd", "runType": "shell"},
+ "params": {"variable": {}, "configuration": {}},
+ "source": {"scriptPath": "file:///mnt/bdp/hadoop/1.hql"},
+ "labels": {
+ "engineType": "shell-1",
+ "userCreator": "hadoop-IDE",
+ "executeOnce": "false"
+ }
+}
+```
+
+Request header header:
+```text
+Content-Type: application/json
+Token-Code: BML-AUTH
+Token-User: hadoop
+```
+
+### 2.3 The client uses token authentication
+
+The client authentication methods provided by linkis all support the Token
strategy mode `new TokenAuthenticationStrategy()`
+
+For details, please refer to [SDK method](../user-guide/sdk-manual)
+
+#### Example
+```java
+// 1. build config: linkis gateway url
+ DWSClientConfig clientConfig = ((DWSClientConfigBuilder)
(DWSClientConfigBuilder.newBuilder()
+ .addServerUrl("http://127.0.0.1:9001/";) //set linkis-mg-gateway url:
http://{ip}:{port}
+ .connectionTimeout(30000) //connectionTimeOut
+ .discoveryEnabled(false) //disable discovery
+ .discoveryFrequency(1, TimeUnit.MINUTES) // discovery frequency
+ .loadbalancerEnabled(true) // enable loadbalance
+ .maxConnectionSize(5) // set max Connection
+ .retryEnabled(false) // set retry
+ .readTimeout(30000) //set read timeout
+ .setAuthenticationStrategy(new TokenAuthenticationStrategy()) //
AuthenticationStrategy Linkis auth Token
+ .setAuthTokenKey("Token-Code") // set token key
+ .setAuthTokenValue("DSM-AUTH") // set token value
+ .setDWSVersion("v1") //linkis rest version v1
+ .build();
+```
+
+## 3 Notes
+
+### 3.1 token configuration
+Supported tokens, the corresponding available users/applicable requester ip
are controlled by the table `linkis_mg_gateway_auth_token`,
+the loading is not updated in real time, and the caching mechanism is used
+
+### 3.2 Administrator permission token
+For the restriction of high-risk operations, the token of the administrator
role is required to operate,
+and the format of the administrator token is `admin-xxx`
\ No newline at end of file
diff --git a/download/release-notes-1.3.1.md b/download/release-notes-1.3.1.md
index a2cb758639..6ed50aa770 100644
--- a/download/release-notes-1.3.1.md
+++ b/download/release-notes-1.3.1.md
@@ -103,4 +103,8 @@ Abbreviations:
## Thanks
The release of Apache Linkis 1.3.1 is inseparable from the contributors of the
Linkis community, thanks to all community contributors, including but not
limited to the following Contributors (in no particular order):
-AaronLinOops, Alexkun, jacktao007, legendtkl, peacewong, casionone,
QuintinTao, cydenghua, jackxu2011, ruY9527, huiyuanjjjjuice, binbinCheng,
yyuser5201314, Beacontownfc, duhanmin, whiterxine, aiceflower, weipengfei-sj,
zhaoyun006, CCweixiao, Beacontownfc, mayinrain
\ No newline at end of file
+Alexkun, Beacontownfc, Davidhua1996, GuoPhilipse, KangTomwk, QuintinTao,
aiceflower, aiceflower,
+binbinCheng, casionone, chenmutime, dingsheng339, dlimeng, gdams, guoshupei,
huangKai-2323,
+huangxiaopingRD, hunter-cloud09, hzdhgf, jacktao007, jackxu2011, jefftlin,
legendtkl, liuzhuang2017,
+lvjianhui, mayinrain, peacewong, pjfanning, ruY9527, utopianet, ws00428637,
yyuser5201314,
+zhangwejun, zhangxn8, zhaoyun006,
\ No newline at end of file
diff --git a/faq/main.md b/faq/main.md
index 86b153c954..b8de189a0e 100644
--- a/faq/main.md
+++ b/faq/main.md
@@ -246,7 +246,7 @@ solution:
sure. Deployment users are for convenience only. linkis-mg-gateway supports
access by configuring LDAP service and SSO service. It does not have a user
verification system. For example, to enable LDAP service access, you only need
to configure linkis-mg-gateway.properties. The configuration of your LDAP
server is as follows:
```
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/#Your LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/#Your LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com#Configuration of your LDAP
service
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs-download/current/release-notes-1.3.1.md
b/i18n/zh-CN/docusaurus-plugin-content-docs-download/current/release-notes-1.3.1.md
index 9b4e242ca0..26159ac567 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs-download/current/release-notes-1.3.1.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs-download/current/release-notes-1.3.1.md
@@ -106,6 +106,8 @@ Linkis 1.3.1 版本主要支持 Trino 引擎 和 SeaTunnel 引擎。增加了管
## 致谢
Apache Linkis 1.3.1 的发布离不开 Linkis 社区的贡献者,感谢所有的社区贡献者,包括但不仅限于以下
Contributors(排名不发先后):
-AaronLinOops, Alexkun, jacktao007, legendtkl, peacewong, casionone,
QuintinTao, cydenghua, jackxu2011, ruY9527,
-huiyuanjjjjuice, binbinCheng, yyuser5201314, Beacontownfc, duhanmin,
whiterxine, aiceflower, weipengfei-sj,
-zhaoyun006, CCweixiao, Beacontownfc, mayinrain
\ No newline at end of file
+Alexkun, Beacontownfc, Davidhua1996, GuoPhilipse, KangTomwk, QuintinTao,
aiceflower, aiceflower,
+binbinCheng, casionone, chenmutime, dingsheng339, dlimeng, gdams, guoshupei,
huangKai-2323,
+huangxiaopingRD, hunter-cloud09, hzdhgf, jacktao007, jackxu2011, jefftlin,
legendtkl, liuzhuang2017,
+lvjianhui, mayinrain, peacewong, pjfanning, ruY9527, utopianet, ws00428637,
yyuser5201314,
+zhangwejun, zhangxn8, zhaoyun006,
\ No newline at end of file
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs-faq/current/main.md
b/i18n/zh-CN/docusaurus-plugin-content-docs-faq/current/main.md
index 22ed595a7f..cc6c7a631f 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs-faq/current/main.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs-faq/current/main.md
@@ -246,7 +246,7 @@ wds.linkis.keytab.host=127.0.0.1 #principle认证需要带上的客户端IP
当然可以。部署用户只是为了方便使用的用户。linkis-mg-gateway支持通过配置LDAP服务和SSO服务进行访问,本身没有用户校验体系,比如要开启LDAP服务访问,你只要在配置linkis-mg-gateway.properties您的LDAP服务端的配置如下:
```
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/#您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/#您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com#您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
index 8e34e4cda8..2e686017d7 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/http/linkis-cg-engineplugin-api/engine-plugin-api.md
@@ -123,3 +123,454 @@ sidebar_position: 3
}
```
+
+## 回滚
+
+**接口地址**:`/api/rest_j/v1/engineplugin/rollBack`
+
+**请求方式**:`POST`
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+回滚当前引擎插件的物料版本
+
+**请求参数**:
+
+| 参数名称 | 参数说明 | 请求类型 | 是否必须 | 数据类型
| schema |
+| --------------------- | ------------------------- | -------- | -------- |
--------------------- | ------ |
+| engineConnBmlResource | EngineConnBmlResource实体 | body | true |
EngineConnBmlResource | |
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {}
+}
+```
+
+## 获取引擎在物料中的所有版本
+
+**接口地址**:/api/rest_j/v1/engineplugin/getVersionList
+
+**请求方式**:GET
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+获取引擎插件在物料管理系统中的所有版本
+
+**请求参数**:
+
+| 参数名称 | 参数说明 | 请求类型 | 是否必须 | 数据类型 | schema |
+| ------------- | ---------------- | -------- | -------- |
--------------------- | ------ |
+| bmlResourceId | 引擎的物料资源id | body | true | EngineConnBmlResource |
|
+| ecType | 引擎名称 | body | false | String |
|
+| version | 引擎版本 | body | false | String |
|
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {}
+}
+```
+
+
+
+## 获取所有引擎名称
+
+**接口地址**:/api/rest_j/v1/engineplugin/getTypeList
+
+**请求方式**:GET
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+获取所有类型的引擎名称
+
+**请求参数**
+
+
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "typeList": [
+ "hive",
+ "io_file",
+ "jdbc",
+ "openlookeng",
+ "python",
+ "shell",
+ "spark"
+ ]
+ }
+}
+```
+
+
+
+## 获取引擎的所有版本
+
+**接口地址**:/api/rest_j/v1/engineplugin/getTypeVersionList/{type}
+
+**请求方式**:GET
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+获取所有类型的引擎名称
+
+**请求参数**:
+
+| 参数名称 | 参数说明 | 请求类型 | 是否必须 | 数据类型 | schema |
+| -------- | -------------- | -------- | -------- | -------- | ------ |
+| type | 引擎的类型名称 | path | true | String | |
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "queryList": [
+ "v4"
+ ]
+ }
+}
+```
+
+
+
+## 更新引擎插件
+
+**接口地址**:/api/rest_j/v1/engineplugin/updateEnginePluginBML
+
+**请求方式**:POST
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+更新指定引擎插件
+
+**请求参数**:
+
+| 参数名称 | 参数说明 | 请求类型 | 是否必须 | 数据类型 | schema |
+| -------- | ------------ | -------- | -------- | ------------- | ------ |
+| file | 引擎物料文件 | body | true | MultipartFile | |
+| ecType | 引擎类型名称 | body | true | String | |
+| version | 引擎版本 | body | true | String | |
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "mes": "upload file success"
+ }
+}
+```
+
+
+
+## 引擎插件
+
+**接口地址**:/api/rest_j/v1/engineplugin/list
+
+**请求方式**:GET
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+请求所有引擎插件信息
+
+**请求参数**:
+
+| 参数名称 | 参数说明 | 请求类型 | 是否必须 | 数据类型 | schema |
+| ----------- | ------------ | -------- | -------- | -------------- | ------ |
+| currentPage | 当前页面 | qurey | true | integer(int32) | |
+| ecType | 引擎类型名称 | qurey | false | String | |
+| version | 引擎版本 | qurey | false | String | |
+| pageSize | 页面大小 | qurey | true | integer(int32) | |
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "totalPage": 17,
+ "queryList": [
+ {
+ "id": 239,
+ "engineConnType": "python",
+ "version": "vpython2",
+ "fileName": "lib.zip",
+ "lastModified": 1661950452000,
+ "fileSize": 6093507,
+ "bmlResourceId": "8edb8e88-fc75-4ce3-a330-3ece9ec533cb",
+ "bmlResourceVersion": "v000001",
+ "createTime": "2022-08-31 20:56:59",
+ "lastUpdateTime": "2022-08-31 20:56:59"
+ },
+ {
+ "id": 238,
+ "engineConnType": "python",
+ "version": "vpython2",
+ "fileName": "conf.zip",
+ "lastModified": 1661950450000,
+ "fileSize": 43841,
+ "bmlResourceId": "a46beb9b-7368-4900-a2a6-241f1ec49002",
+ "bmlResourceVersion": "v000001",
+ "createTime": "2022-08-31 20:56:54",
+ "lastUpdateTime": "2022-08-31 20:56:54"
+ }
+ ]
+ }
+}
+```
+
+
+
+## 新增引擎插件
+
+**接口地址**:/api/rest_j/v1/engineplugin/uploadEnginePluginBML
+
+**请求方式**:POST
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+上传新增一个引擎插件
+
+**请求参数**:
+
+| 参数名称 | 参数说明 | 请求类型 | 是否必须 | 数据类型 | schema |
+| -------- | ------------------ | -------- | -------- | ------------- | ------
|
+| file | 引擎物料文件压缩包 | body | true | MultipartFile | |
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{
+ "method": null,
+ "status": 0,
+ "message": "OK",
+ "data": {
+ "mes": "upload file success"
+ }
+}
+```
+
+
+
+## 删除引擎插件
+
+**接口地址**:/api/rest_j/v1/engineplugin/deleteEnginePluginBML
+
+**请求方式**:GET
+
+**请求数据类型**:`application/x-www-form-urlencoded`
+
+**响应数据类型**:`*/*`
+
+**接口描述**:
+
+删除指定引擎插件
+
+**请求参数**:
+
+| 参数名称 | 参数说明 | 请求类型 | 是否必须 | 数据类型 | schema |
+| -------- | ------------ | -------- | -------- | -------- | ------ |
+| ecType | 引擎类型名称 | qurey | true | String | |
+| version | 引擎版本 | qurey | false | String | |
+
+**响应状态**:
+
+| 状态码 | 说明 | schema |
+| ------ | ------------ | ------- |
+| 200 | OK | Message |
+| 401 | Unauthorized | |
+| 403 | Forbidden | |
+| 404 | Not Found | |
+
+**响应参数**:
+
+| 参数名称 | 参数说明 | 类型 | schema |
+| -------- | -------- | -------------- | -------------- |
+| data | 数据集 | object | |
+| message | 描述 | string | |
+| method | 请求url | string | |
+| status | 状态 | integer(int32) | integer(int32) |
+
+**响应示例**:
+
+```
+{"method":null,"status":0,"message":"OK","data":{"msg":"delete successfully"}}
+```
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/login-api.md
index 2341f75368..aa896f0ebd 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/_category_.json
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/_category_.json
new file mode 100644
index 0000000000..0ab705787e
--- /dev/null
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/_category_.json
@@ -0,0 +1,4 @@
+{
+ "label": "安全认证",
+ "position": 6
+}
\ No newline at end of file
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/kerberos.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/kerberos.md
new file mode 100644
index 0000000000..f729498f5d
--- /dev/null
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/kerberos.md
@@ -0,0 +1,99 @@
+---
+title: Kerberos
+sidebar_position: 5
+---
+
+## Kerberos 认证
+
+## 场景1 HDFS 存储
+
+如果使用到的hadoop集群,如用来存储的结果集的文件
+```shell script
+# 结果集日志等文件路径,用于存储Job的结果集文件
wds.linkis.filesystem.hdfs.root.path(linkis.properties)
+HDFS_USER_ROOT_PATH=hdfs:///tmp/linkis
+```
+并且 开启了kerberos认证,需要进行对应的kerberos配置
+
+修改`linkis.properties` 对应的配置如下
+```properties
+#是否开启了kerberos认证模式
+wds.linkis.keytab.enable=true
+#keytab放置目录,该目录存储的是多个用户的username.keytab的文件
+wds.linkis.keytab.file=/appcom/keytab/
+#是否带上principle客户端认证 默认值false
+wds.linkis.keytab.host.enabled=false
+#principle认证需要带上的客户端IP
+wds.linkis.keytab.host=127.0.0.1
+```
+修改后重启服务
+
+## 场景2 HDFS 存储 kerberos 代理认证
+
+Hadoop2.0版本开始支持ProxyUser的机制。含义是使用User A的用户认证信息,以User B的名义去访问hadoop集群。
+对于服务端来说就认为此时是User B在访问集群,相应对访问请求的鉴权(包括HDFS文件系统的权限,YARN提交任务队列的权限)都以用户User B来进行。
+User A被认为是superuser。
+
+和场景1主要区别是,可以解决每个用户都需要生成一个keytab文件的问题,如果设置了 kerberos
代理认证,可以使用代理用户的keytab文件进行认证。
+修改`linkis.properties` 对应的配置如下
+
+```properties
+#是否开启了kerberos认证模式
+wds.linkis.keytab.enable=true
+#keytab放置目录,该目录存储的是多个用户的username.keytab的文件
+wds.linkis.keytab.file=/appcom/keytab/
+#是否带上principle客户端认证 默认值false
+wds.linkis.keytab.host.enabled=false
+#principle认证需要带上的客户端IP
+wds.linkis.keytab.host=127.0.0.1
+
+#开启kerberos的代理认证
+wds.linkis.keytab.proxyuser.enable=true
+
+#使用superuser 来验证用户认证信息的
+wds.linkis.keytab.proxyuser.superuser=hadoop
+
+
+
+```
+修改后重启服务
+
+## 场景3 队列管理器查看yarn资源信息
+
+会访问访问Yarn提供了ResourceManager的REST API 接口
+如果yarn的ResourceManager 开启了kerberos认证,需要配置kerberos相关的认证信息
+
+数据库表 `linkis_cg_rm_external_resource_provider`
+插入yarn数据信息
+```sql
+INSERT INTO `linkis_cg_rm_external_resource_provider`
+(`resource_type`, `name`, `labels`, `config`) VALUES
+('Yarn', 'sit', NULL,
+'
+ {
+ "rmWebAddress": "http://xx.xx.xx.xx:8088";,
+ "hadoopVersion": "2.7.2",
+ "authorEnable":false,
+ "user":"hadoop","pwd":"123456",
+ "kerberosEnable":@YARN_KERBEROS_ENABLE,
+ "principalName":"@YARN_PRINCIPAL_NAME",
+ "keytabPath":"@YARN_KEYTAB_PATH"
+ "krb5Path":"@YARN_KRB5_PATH"
+ }
+'
+);
+
+```
+更新后,因为程序中有使用到缓存,想要立即生效,需要重启`linkis-cg-linkismanager`服务
+
+```shell script
+sh sbin/linkis-daemon.sh restart cg-linkismanager
+```
+
+
+
+## 场景4 数据源功能中 HIVE 数据源
+
+如果需要连接的hive数据源,对应的 hive
集群环境,有开启kerberos认证,需要在配置集群环境时,将kerberos以及keytab认证文件信息上传。
+
+
+
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/ldap.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/ldap.md
new file mode 100644
index 0000000000..2fcfb99117
--- /dev/null
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/ldap.md
@@ -0,0 +1,51 @@
+---
+title: LDAP
+sidebar_position: 1
+---
+> LDAP(Lightweight Directory Access
Protocol)配置,默认安装部署后,只支持配置的静态用户和密码登录(只能配置一个),如果需要支持多用户登录可以使用LDAP
+
+## 1. 实现逻辑介绍
+
+默认方式的配置`linkis-mg-gateway.properties`
+
+```properties
+#默认用户名
+wds.linkis.admin.user=hadoop
+#默认密码
+wds.linkis.admin.password=123456
+```
+
+登陆请求处理时`org.apache.linkis.gateway.security.UserPwdAbstractUserRestful#tryLogin`,
+如果登陆用户名/用户密码和配置的默认值不一致,会走LDAP模式。
+LDAP核心处理 `org.apache.linkis.gateway.security.LDAPUserRestful#login`
通过调用jdk通用的ldap工具类进行认证。
+`javax.naming.ldap.InitialLdapContext#InitialLdapContext(java.util.Hashtable<?,?>,
javax.naming.ldap.Control[])`
+
+
+## 2. 使用方式
+
+> 前提是有可用的LADP服务
+
+### 2.1 Step1 开启ladp登陆验密方式
+
+修改`linkis-mg-gateway.properties`配置
+
+将LDAP相关参数填入
+```properties
+##LDAP
+#ldap服务地址
+wds.linkis.ldap.proxy.url=ldap://localhost:1389/
+#Directory Name(DN) ldap的目录构成
+wds.linkis.ldap.proxy.baseDN==dc=linkis,dc=org
+#用户名格式化 一般无需要配置
+wds.linkis.ldap.proxy.userNameFormat=
+```
+### 2.2 Step2 重启linkis-mg-gateway 的服务
+
+修改配置后,需要重启`linkis-mg-gateway`服务 `sh sbin/linkis-daemon.sh start
mg-mgtaeway`,才能生效
+
+## 3 注意事项
+
+-
认证类型使用的是`java.naming.security.authentication`(安全类型,三个值:none,simple或strong。)中的simple模式
+
+- 关于ldap的介绍可以参考[LDAP目录服务器介绍](https://juejin.cn/post/6844903857311449102)
+
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/proxy.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/proxy.md
new file mode 100644
index 0000000000..2d32ae8bd1
--- /dev/null
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/proxy.md
@@ -0,0 +1,59 @@
+---
+title: 代理认证
+sidebar_position: 4
+---
+
+
+> 这种方式允许登录用户和实际使用的用户不同,主要作用:控制用户登录时必须为实名用户,但是实际使用大数据平台时,是非实名用户,方便进行权限的校验和管控。
+> 比如:linkis在执行用户提交的任务时,linkis主要进程服务会通过sudo -u ${submit user}
切换到对应用户下,然后执行对应的引擎启动命令,
+> 这就需要为每个${submit user} 提前创建对应的系统用户,并且配置好相关的环境变量。 对于新用户,需要一系列的环境的初始化准备工作,
+>
如果频繁的用户变化,会增大运维成本,而且用户过多,没法针对单个用户配置资源,资源之间无法很好的管控。如果能够实现A代理给指定的代理用户执行,可以将执行入口统一收敛,解决需要初始化环境的问题。
+
+## 1. 实现逻辑介绍
+
+
+- 登陆用户:通过用户名密码直接登陆系统的用户
+- 代理用户:作为登陆用户实际执行操作的用户称之为代理用户,代理登陆用户的执行相关操作
+
+对于登陆cookie处理,解析出登录用户和代理用户
+
+```html
+代理用户的cookie的key为:linkis_user_session_proxy_ticket_id_v1
+登录用户的cookie: linkis_user_session_ticket_id_v1
+
+```
+linkis的相关接口能在基于UserName信息,识别出代理用户信息,使用代理用户进行各项操作。并记录审计日志,包含用户的任务执行操作,下载操作
+任务提交执行的时候,entrance入口服务修改执行的用户为代理用户
+
+## 2. 使用方式
+
+### 2.1 Step1 开启代理模式
+在 `linkis.properties` 指定如下参数:
+```shell script
+# 打开代理模式
+ wds.linkis.gateway.conf.enable.proxy.user=true
+ # 指定代理配置文件
+ wds.linkis.gateway.conf.proxy.user.config=proxy.properties
+```
+
+
+在 conf 目录下,创建`proxy.properties` 文件,内容如下:
+```shell script
+# 格式如下:
+ ${LOGIN_USER}=${PROXY_USER}
+ # 例如:
+ enjoyyin=hadoop
+```
+如果现有的代理模式不能满足您的需求,也可以对:`org.apache.linkis.gateway.security.ProxyUserUtils`进一步改造。
+
+### 2.2 Step2 重启linkis-mg-gateway 的服务
+
+修改配置后,需要重启`linkis-mg-gateway`服务 `sh sbin/linkis-daemon.sh start
mg-mgtaeway`,才能生效
+
+## 3 注意事项
+
+- 用户分为代理用户和非代理用户,代理类型的用户不能进行再次代理到其他用户执行
+- 需要控制登陆用户与可代理的系统用户列表,禁止出现任意代理的情况,避免权限不可控。最好支持数据库表来配置,并可以直接修改生效,不需要重启服务
+- 单独记录日志文件包含代理用户的操作,如代理执行、函数更新等PublicService的代理用户操作全部记录到日志中,方便审计
+
+
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/test.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/test.md
new file mode 100644
index 0000000000..68375772e8
--- /dev/null
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/test.md
@@ -0,0 +1,76 @@
+---
+title: 免密认证
+sidebar_position: 3
+---
+> 在有些场景下,为了方便开发调试,能够方便的访问页面和接口,可以开启测试模式配置,进行免密认证
+
+## 1. 实现逻辑介绍
+
+通过统一的认证处理filter:`org.apache.linkis.server.security.SecurityFilter` 来控制
+
+配置项
+```properties
+#是否开启测试模式
+wds.linkis.test.mode=true
+#测试模式的模拟用户名
+wds.linkis.test.user=hadoop
+```
+实现的伪代码
+```scala
+val BDP_TEST_USER = CommonVars("wds.linkis.test.user", "")
+val IS_TEST_MODE = CommonVars("wds.linkis.test.mode", false)
+
+if (IS_TEST_MODE.getValue) {
+ logger.info("test mode! login for uri: " + request.getRequestURI)
+ // 设置登陆用户信息为配置指定的用户
+ SecurityFilter.setLoginUser(response, BDP_TEST_USER)
+ true
+}
+```
+
+## 2. 使用方式
+
+### 2.1 Step1 开启测试模式
+直接修改配置文件 `linkis.properties`(对linkis所有服务生效), 修改对应的配置如下
+```shell script
+#是否开启测试模式
+wds.linkis.test.mode=true
+#测试模式的模拟用户名
+wds.linkis.test.user=hadoop
+```
+
+如果只需要开启某个服务的测试模式,可以修改对应的服务配置项。
+如 只开启 `entrance` 服务的测试模式
+直接修改配置文件 `linkis-cg-entrance.properties`(对linkis的entrance服务生效), 修改对应的配置如下
+```shell script
+#是否开启测试模式
+wds.linkis.test.mode=true
+#测试模式的模拟用户名
+wds.linkis.test.user=hadoop
+```
+
+### 2.2 Step2 重启对应的服务
+
+修改配置后,需要重启对应的服务(如果是所有服务都开启,重启所有服务),才能生效
+
+
+### 2.3 Step3 请求验证
+
+重启服务成功后,可以直接请求原来需要认证的http接口,无需额外的认证,便能正常请求.
+管理台也无需登陆认证,就可以访问内容页面
+
+
+## 3 注意事项
+
+### 3.1 wds.linkis.test.user的值设置
+因为部分接口会进行用户角色的权限校验,如:
【搜索历史EC信息】的接口:`/api/rest_j/v1/linkisManager/ecinfo/ecrHistoryList`
+角色有:
+
+|角色名 | 权限说明| 配置项 | 默认值 |
+| -------- | -------- | ----- |----- |
+|管理员角色|最高权限,拥有所有权限操作|`wds.linkis.governance.station.admin`|`hadoop`|
+|历史任务角色|相对普通用户,还可以查看其他用户的所有任务列表信息|`wds.linkis.jobhistory.admin`|`hadoop`|
+|普通角色|默认的角色|||
+
+对于不同场景的测试,设置的`wds.linkis.test.user`的值,会有不同,需要按实际场景进行设置。
+如果需要访问所有接口,需要配置为和`wds.linkis.governance.station.admin`一样的值,一般是`hadoop`
\ No newline at end of file
diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/token.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/token.md
new file mode 100644
index 0000000000..9cce5e2e4a
--- /dev/null
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/auth/token.md
@@ -0,0 +1,111 @@
+---
+title: Token
+sidebar_position: 2
+---
+
+> 通常第三方系统调用linkis服务时,一般是通过token的方式进行认证
+
+## 1. 实现逻辑介绍
+
+通过统一的认证处理filter:`org.apache.linkis.server.security.SecurityFilter` 来控制
+
+实现的伪代码
+```scala
+
+val TOKEN_KEY = "Token-Code"
+val TOKEN_USER_KEY = "Token-User"
+
+/* TokenAuthentication.isTokenRequest 通过判断请求request中:
+ 1.请求头是否包含TOKEN_KEY和TOKEN_USER_KEY :getHeaders.containsKey(TOKEN_KEY) &&
getHeaders.containsKey(TOKEN_USER_KEY)
+
2.或则请求cookies中是否包含TOKEN_KEY和TOKEN_USER_KEY:getCookies.containsKey(TOKEN_KEY)
&&getCookies.containsKey(TOKEN_USER_KEY)
+*/
+
+if (TokenAuthentication.isTokenRequest(gatewayContext)) {
+ /* 进行token认证
+ 1. 确认是否开启token认证 配置项 `wds.linkis.gateway.conf.enable.token.auth`
+ 2. 提取token tokenUser host信息进行认证,校验合法性
+ */
+ TokenAuthentication.tokenAuth(gatewayContext)
+ } else {
+ //普通的用户名密码认证
+}
+```
+可用的token以及对应可使用的ip相关信息数据存储在表`linkis_mg_gateway_auth_token`中,
+详细见[表解析说明](../development/table/all#16-linkis_mg_gateway_auth_token),非实时更新,
+会定期`wds.linkis.token.cache.expire.hour`(默认间隔12小时)刷新到服务内存中
+
+
+## 2. 使用方式
+
+### 2.1 新增 Token
+
+管理台 `基础数据管理> 令牌管理`进行新增
+
+```text
+名称:token名称 对应 Token-Code,如:TEST-AUTH
+用户:该token对应的用户名,即感知到的请求用户,日志审计会使用到。如果不做限制可以配置为 *
+主机:可访问的主机,会进行请求方的ip校验过滤。如果不做限制可以配置为 *
+有效天数:如果永久有效,配置为-1
+```
+
+### 2.2 原生的方式
+构建的http请求方式,需要在请求头中添加`Token-Code`,`Token-User`参数,
+
+#### 示例
+
+请求地址:
+`http://127.0.0.1:9001/api/rest_j/v1/entrance/submit`
+
+body参数:
+```json
+{
+ "executionContent": {"code": "sleep 5s;echo pwd", "runType": "shell"},
+ "params": {"variable": {}, "configuration": {}},
+ "source": {"scriptPath": "file:///mnt/bdp/hadoop/1.hql"},
+ "labels": {
+ "engineType": "shell-1",
+ "userCreator": "hadoop-IDE",
+ "executeOnce":"false "
+ }
+}
+```
+
+请求头header:
+```text
+Content-Type:application/json
+Token-Code:BML-AUTH
+Token-User:hadoop
+```
+
+### 2.3 客户端使用token认证
+
+linkis 提供的客户端认证方式都支持Token策略模式`new TokenAuthenticationStrategy()`
+
+详细可以参考[SDK 方式](../user-guide/sdk-manual)
+
+#### 示例
+```java
+// 1. build config: linkis gateway url
+ DWSClientConfig clientConfig = ((DWSClientConfigBuilder)
(DWSClientConfigBuilder.newBuilder()
+ .addServerUrl("http://127.0.0.1:9001/";) //set linkis-mg-gateway url:
http://{ip}:{port}
+ .connectionTimeout(30000) //connectionTimeOut
+ .discoveryEnabled(false) //disable discovery
+ .discoveryFrequency(1, TimeUnit.MINUTES) // discovery frequency
+ .loadbalancerEnabled(true) // enable loadbalance
+ .maxConnectionSize(5) // set max Connection
+ .retryEnabled(false) // set retry
+ .readTimeout(30000) //set read timeout
+ .setAuthenticationStrategy(new TokenAuthenticationStrategy()) //
AuthenticationStrategy Linkis auth Token
+ .setAuthTokenKey("Token-Code") // set token key
+ .setAuthTokenValue("DSM-AUTH") // set token value
+ .setDWSVersion("v1") //linkis rest version v1
+ .build();
+```
+
+## 3 注意事项
+
+### 3.1 token的配置
+支持的token,对应的可用的用户/可使用请求方ip
是通过表`linkis_mg_gateway_auth_token`来控制,加载是非实时更新,使用了缓存机制
+
+### 3.2 管理员权限token
+对于高危操作的限制,需要管理员角色的token才能操作,管理员token,格式为 `admin-xxx`
\ No newline at end of file
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.2/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.2/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.2/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.2/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.3/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.3/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.3/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.0.3/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.0/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.0/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.0/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.0/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.1/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.1/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.1/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.1/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.2/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.2/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.2/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.2/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.3/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.3/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.3/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.1.3/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.2.0/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.2.0/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.2.0/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.2.0/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/api/login-api.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/api/login-api.md
index b8ef6ffd64..70e2d46ef1 100644
--- a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/api/login-api.md
+++ b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/api/login-api.md
@@ -15,7 +15,7 @@ sidebar_position: 2
添加LDAP相关配置:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ # 您的LDAP服务URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ # 您的LDAP服务URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com # 您的LDAP服务的配置
```
diff --git
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/deployment/deploy-quick.md
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/deployment/deploy-quick.md
index 62a9317b19..882261f8c0 100644
---
a/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/deployment/deploy-quick.md
+++
b/i18n/zh-CN/docusaurus-plugin-content-docs/version-1.3.0/deployment/deploy-quick.md
@@ -476,7 +476,7 @@ select * from linkis_cg_engine_conn_plugin_bml_resources
登录后查看能否正常显示yarn队列资源(点击页面右下角按钮)(需要先安装前端)
正常如下图所示:
-
+
若如果无法显示:可以按以下指引调整
diff --git a/static/Images-zh/auth/dsm-kerberos.png
b/static/Images-zh/auth/dsm-kerberos.png
new file mode 100644
index 0000000000..1c68e3e113
Binary files /dev/null and b/static/Images-zh/auth/dsm-kerberos.png differ
diff --git a/static/Images-zh/auth/yarn-normal.png
b/static/Images-zh/auth/yarn-normal.png
new file mode 100644
index 0000000000..fefc311052
Binary files /dev/null and b/static/Images-zh/auth/yarn-normal.png differ
diff --git a/versioned_docs/version-1.0.2/api/login-api.md
b/versioned_docs/version-1.0.2/api/login-api.md
index 3312ce7768..4caea09b5e 100644
--- a/versioned_docs/version-1.0.2/api/login-api.md
+++ b/versioned_docs/version-1.0.2/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/versioned_docs/version-1.0.3/api/login-api.md
b/versioned_docs/version-1.0.3/api/login-api.md
index 3312ce7768..4caea09b5e 100644
--- a/versioned_docs/version-1.0.3/api/login-api.md
+++ b/versioned_docs/version-1.0.3/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/versioned_docs/version-1.1.0/api/login-api.md
b/versioned_docs/version-1.1.0/api/login-api.md
index 3312ce7768..4caea09b5e 100644
--- a/versioned_docs/version-1.1.0/api/login-api.md
+++ b/versioned_docs/version-1.1.0/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/versioned_docs/version-1.1.1/api/login-api.md
b/versioned_docs/version-1.1.1/api/login-api.md
index 3312ce7768..4caea09b5e 100644
--- a/versioned_docs/version-1.1.1/api/login-api.md
+++ b/versioned_docs/version-1.1.1/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/versioned_docs/version-1.1.2/api/login-api.md
b/versioned_docs/version-1.1.2/api/login-api.md
index 3312ce7768..4caea09b5e 100644
--- a/versioned_docs/version-1.1.2/api/login-api.md
+++ b/versioned_docs/version-1.1.2/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/versioned_docs/version-1.1.3/api/login-api.md
b/versioned_docs/version-1.1.3/api/login-api.md
index 3312ce7768..4caea09b5e 100644
--- a/versioned_docs/version-1.1.3/api/login-api.md
+++ b/versioned_docs/version-1.1.3/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/versioned_docs/version-1.2.0/api/login-api.md
b/versioned_docs/version-1.2.0/api/login-api.md
index 3312ce7768..4caea09b5e 100644
--- a/versioned_docs/version-1.2.0/api/login-api.md
+++ b/versioned_docs/version-1.2.0/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
diff --git a/versioned_docs/version-1.3.0/api/login-api.md
b/versioned_docs/version-1.3.0/api/login-api.md
index 7a8a7fa028..da75dd53b4 100644
--- a/versioned_docs/version-1.3.0/api/login-api.md
+++ b/versioned_docs/version-1.3.0/api/login-api.md
@@ -13,7 +13,7 @@ Enter the
/conf/linkis-spring-cloud-services/linkis-mg-gateway directory and exe
Add LDAP related configuration:
```bash
-wds.linkis.ldap.proxy.url=ldap://127.0.0.1:389/ #LDAP service URL
+wds.linkis.ldap.proxy.url=ldap://127.0.0.1:1389/ #LDAP service URL
wds.linkis.ldap.proxy.baseDN=dc=webank,dc=com #Configuration of LDAP service
```
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
