[jira] [Commented] (KYLIN-2960) Support user/group and role authentication for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361832#comment-16361832 ] ASF GitHub Bot commented on KYLIN-2960: --- yiming187 closed pull request #102: KYLIN-2960, modify the default LDAP admin group config. URL: https://github.com/apache/kylin/pull/102 This is a PR merged from a forked repository. As GitHub hides the original diff on merge, it is displayed below for the sake of provenance: As this is a foreign pull request (from a fork), the diff is supplied below (as it won't show otherwise due to GitHub magic): diff --git a/core-common/src/main/resources/kylin-defaults.properties b/core-common/src/main/resources/kylin-defaults.properties index a79728a78f..37520ef899 100644 --- a/core-common/src/main/resources/kylin-defaults.properties +++ b/core-common/src/main/resources/kylin-defaults.properties @@ -243,7 +243,7 @@ kylin.query.transformers=org.apache.kylin.query.util.DefaultQueryTransformer,org kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin # LDAP authentication configuration kylin.security.ldap.connection-server=ldap://ldap_server:389 diff --git a/examples/test_case_data/localmeta/kylin.properties b/examples/test_case_data/localmeta/kylin.properties index 1e3f2ff72c..b9dfc387fa 100644 --- a/examples/test_case_data/localmeta/kylin.properties +++ b/examples/test_case_data/localmeta/kylin.properties @@ -93,7 +93,7 @@ kylin.query.transformers=org.apache.kylin.query.util.DefaultQueryTransformer,org kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin # LDAP authentication configuration kylin.security.ldap.connection-server=ldap://ldap_server:389 diff --git a/examples/test_case_data/sandbox/kylin.properties b/examples/test_case_data/sandbox/kylin.properties index b5f8657cce..ae9dad24b3 100644 --- a/examples/test_case_data/sandbox/kylin.properties +++ b/examples/test_case_data/sandbox/kylin.properties @@ -141,7 +141,7 @@ kylin.query.security-enabled=true kylin.security.profile=testing # Admin roles in LDAP, for ldap and saml -kylin.security.acl.admin-role=ROLE_ADMIN +kylin.security.acl.admin-role=admin ### MAIL ### This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Support user/group and role authentication for LDAP > --- > > Key: KYLIN-2960 > URL: https://issues.apache.org/jira/browse/KYLIN-2960 > Project: Kylin > Issue Type: New Feature > Components: Security >Reporter: peng.jianhua >Assignee: jiatao.tao >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch > > > Currently, the user authentication interface that was provided by kylin to > the third party only supports user and role authentication. However only user > and group have authentication function when we use the LDAP authentication. > In fact the authentication for user and role and the authentication for user > and group have the same functional characteristics between different > appplication system. So we should submit a new feature that it support the > authentication for user and role and the authentication for user and group > when the LDAP authentication was enabled. > We supplied the checkPermission interface to implement the new feature. In > the interface we set user groups information to the userRoles parameter when > the LDAP was enabled, on the contrary we set user roles information to the > userRoles parameter. The interface is as following: > /** > * Checks if a user has permission on an entity. > * > * @param user > * @param userRoles > * @param entityType String constants defined in AclEntityType > * @param entityUuid > * @param permission > * > * @return true if has permission > */ > abstract public boolean checkPermission(String user, List userRoles, > // > String entityType, String entityUuid, Permission permission); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-2960) Support user/group and role authentication for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16361833#comment-16361833 ] ASF GitHub Bot commented on KYLIN-2960: --- yiming187 commented on issue #102: KYLIN-2960, modify the default LDAP admin group config. URL: https://github.com/apache/kylin/pull/102#issuecomment-365153978 merged This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org > Support user/group and role authentication for LDAP > --- > > Key: KYLIN-2960 > URL: https://issues.apache.org/jira/browse/KYLIN-2960 > Project: Kylin > Issue Type: New Feature > Components: Security >Reporter: peng.jianhua >Assignee: jiatao.tao >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch > > > Currently, the user authentication interface that was provided by kylin to > the third party only supports user and role authentication. However only user > and group have authentication function when we use the LDAP authentication. > In fact the authentication for user and role and the authentication for user > and group have the same functional characteristics between different > appplication system. So we should submit a new feature that it support the > authentication for user and role and the authentication for user and group > when the LDAP authentication was enabled. > We supplied the checkPermission interface to implement the new feature. In > the interface we set user groups information to the userRoles parameter when > the LDAP was enabled, on the contrary we set user roles information to the > userRoles parameter. The interface is as following: > /** > * Checks if a user has permission on an entity. > * > * @param user > * @param userRoles > * @param entityType String constants defined in AclEntityType > * @param entityUuid > * @param permission > * > * @return true if has permission > */ > abstract public boolean checkPermission(String user, List userRoles, > // > String entityType, String entityUuid, Permission permission); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (KYLIN-2960) Support user/group and role authentication for LDAP
[ https://issues.apache.org/jira/browse/KYLIN-2960?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16336910#comment-16336910 ] Billy Liu commented on KYLIN-2960: -- Hello [~peng.jianhua], could you describe how to enable this feature in JIRA? > Support user/group and role authentication for LDAP > --- > > Key: KYLIN-2960 > URL: https://issues.apache.org/jira/browse/KYLIN-2960 > Project: Kylin > Issue Type: New Feature > Components: General >Reporter: peng.jianhua >Assignee: jiatao.tao >Priority: Major > Labels: patch > Fix For: v2.3.0 > > Attachments: > 0001-KYLIN-2960-Submit-a-new-feature-that-it-supports-the.patch > > > Currently, the user authentication interface that was provided by kylin to > the third party only supports user and role authentication. However only user > and group have authentication function when we use the LDAP authentication. > In fact the authentication for user and role and the authentication for user > and group have the same functional characteristics between different > appplication system. So we should submit a new feature that it support the > authentication for user and role and the authentication for user and group > when the LDAP authentication was enabled. > We supplied the checkPermission interface to implement the new feature. In > the interface we set user groups information to the userRoles parameter when > the LDAP was enabled, on the contrary we set user roles information to the > userRoles parameter. The interface is as following: > /** > * Checks if a user has permission on an entity. > * > * @param user > * @param userRoles > * @param entityType String constants defined in AclEntityType > * @param entityUuid > * @param permission > * > * @return true if has permission > */ > abstract public boolean checkPermission(String user, List userRoles, > // > String entityType, String entityUuid, Permission permission); -- This message was sent by Atlassian JIRA (v7.6.3#76005)
