Thanks guojiwei and sheng Currently, I have added jwt verification of SHA and RSA algorithms and provided complete test cases. The following is a brief description of the three verification methods. 1. PASSWORD:Is a mysql-based authentication method, using the username and password to retrieve the user and generate a session 2. JWT_KEY:Using HMAC-SHA algorithm, the user provides a Secret Key to symmetrically encrypt user information to generate jwt 3. JWT_RSA: Using RSA algorithm, support user local private key file to generation jwt or remote server to generate jwt Please continue to help review
> On Dec 19, 2019, at 2:06 PM, Sheng Wu <[email protected]> wrote: > > guo jiwei <[email protected]> 于2019年12月19日周四 下午1:18写道: > >> Hi, bro >> I have take a look at your pull request. For ur implementation, I have >> some different ideas. >> 1. Current implementation is using RSA to encrypt , this seems a little >> heavy for internal scheduling system. >> > > Please be advised, if the encryption algorithm is included in the source > codes, you are required some paper wok. > You should search the Apache documentation to get how to write this. > A reference(not sure whether it is right) from ServiceComb project, > https://github.com/apache/servicecomb-pack#export-notice > > > Sheng Wu 吴晟 > Twitter, wusheng1108 > > >> But, it's useful in another view, the highest security for a system >> is preferred. So what we should do is to let JWT configurable. >> 2. As ur implementation, User have to setup a center authentication node >> for authenticating the JWT, it looks not a nice way. >> Can we authenticate this by the process server via MySQL? For public >> key, username, pwd are all stored in MySQL. >> 3. How about supporting a simple JWT secret key ? >> DS is using JWT for clustered api-server authenticating , like SSO. >> >> Scenario : User1 login in N1, and later request to N2, but N2 has >> no session about user1, but cookie has JWT, validate JWT to check if user1 >> has logined >> >> On Wed, Dec 18, 2019 at 8:06 PM Elon Lo <[email protected]> wrote: >> >>> Hi,All >>> I have implement to the jwt method for user authentication verify, who >> can >>> help review this pr? >>> pr address: >> https://github.com/apache/incubator-dolphinscheduler/pull/1502 >>
