guo jiwei <[email protected]> 于2019年12月19日周四 下午1:18写道:
> Hi, bro > I have take a look at your pull request. For ur implementation, I have > some different ideas. > 1. Current implementation is using RSA to encrypt , this seems a little > heavy for internal scheduling system. > Please be advised, if the encryption algorithm is included in the source codes, you are required some paper wok. You should search the Apache documentation to get how to write this. A reference(not sure whether it is right) from ServiceComb project, https://github.com/apache/servicecomb-pack#export-notice Sheng Wu 吴晟 Twitter, wusheng1108 > But, it's useful in another view, the highest security for a system > is preferred. So what we should do is to let JWT configurable. > 2. As ur implementation, User have to setup a center authentication node > for authenticating the JWT, it looks not a nice way. > Can we authenticate this by the process server via MySQL? For public > key, username, pwd are all stored in MySQL. > 3. How about supporting a simple JWT secret key ? > DS is using JWT for clustered api-server authenticating , like SSO. > > Scenario : User1 login in N1, and later request to N2, but N2 has > no session about user1, but cookie has JWT, validate JWT to check if user1 > has logined > > On Wed, Dec 18, 2019 at 8:06 PM Elon Lo <[email protected]> wrote: > > > Hi,All > > I have implement to the jwt method for user authentication verify, who > can > > help review this pr? > > pr address: > https://github.com/apache/incubator-dolphinscheduler/pull/1502 >
