[dolphinscheduler] branch dev updated: [Feature-14802][api] Use Casdoor SSO to log in, add admin user configuration (#14814)

Sun, 03 Sep 2023 22:25:50 -0700 

This is an automated email from the ASF dual-hosted git repository.

wangyang pushed a commit to branch dev
in repository https://gitbox.apache.org/repos/asf/dolphinscheduler.git


The following commit(s) were added to refs/heads/dev by this push:
     new adf49fd23f [Feature-14802][api] Use Casdoor SSO to log in, add admin 
user configuration (#14814)
adf49fd23f is described below

commit adf49fd23f6bcafa1ded60da7bc8bdf1a3575fd3
Author: gaopeng <50567478+gaopeng...@users.noreply.github.com>
AuthorDate: Mon Sep 4 13:25:40 2023 +0800

    [Feature-14802][api] Use Casdoor SSO to log in, add admin user 
configuration (#14814)
    
    * [Feature-14802][feat] Use Casdoor SSO to log in, add admin user 
configuration
    
        Use Casdoor SSO to log in, add admin user configuration
    
    This closes #14802
    
    * [Feature-14802][feat] Use Casdoor SSO to log in, add admin user 
configuration
    
        Use Casdoor SSO to log in, add admin user configuration
    
    This closes #14802
    
    * update doc
    
    * [Feature-14802][feat] Use Casdoor SSO to log in, add admin user 
configuration
    
        Use Casdoor SSO to log in, add admin user configuration
    
    This closes #14802
    
    ---------
    
    Co-authored-by: Eric Gao <ericgao.apa...@gmail.com>
    Co-authored-by: 旺阳 <qing...@cisco.com>
---
 docs/docs/en/architecture/configuration.md              |  8 ++++++++
 docs/docs/en/guide/security/authentication-type.md      | 16 ++++++++++++++++
 docs/docs/zh/architecture/configuration.md              |  8 ++++++++
 docs/docs/zh/guide/security/authentication-type.md      | 16 ++++++++++++++++
 .../api/security/impl/sso/CasdoorAuthenticator.java     |  9 ++++++++-
 .../src/main/resources/application.yaml                 | 17 +++++++++++++++++
 .../api/security/impl/sso/CasdoorAuthenticatorTest.java |  3 ++-
 .../src/test/resources/application.yaml                 |  3 +++
 .../src/main/resources/application.yaml                 | 17 ++++++++++++++++-
 9 files changed, 94 insertions(+), 3 deletions(-)

diff --git a/docs/docs/en/architecture/configuration.md 
b/docs/docs/en/architecture/configuration.md
index 469b44ffdb..b59935d83a 100644
--- a/docs/docs/en/architecture/configuration.md
+++ b/docs/docs/en/architecture/configuration.md
@@ -261,6 +261,14 @@ Location: `api-server/conf/application.yaml`
 |security.authentication.ldap.ssl.enable|false|LDAP switch|
 |security.authentication.ldap.ssl.trust-store|ldapkeystore.jks|LDAP jks file 
absolute path|
 |security.authentication.ldap.ssl.trust-store-password|password|LDAP jks 
password|
+|security.authentication.casdoor.user.admin||admin user account when you 
log-in with Casdoor|
+|casdoor.endpoint||Casdoor server url|
+|casdoor.client-id||id in Casdoor|
+|casdoor.client-secret||secret in Casdoor|
+|casdoor.certificate||certificate in Casdoor|
+|casdoor.organization-name||organization name in Casdoor|
+|casdoor.application-name||application name in Casdoor|
+|casdoor.redirect-url||doplhinscheduler login url|
 |api.traffic.control.global.switch|false|traffic control global switch|
 |api.traffic.control.max-global-qps-rate|300|global max request number per 
second|
 |api.traffic.control.tenant-switch|false|traffic control tenant switch|
diff --git a/docs/docs/en/guide/security/authentication-type.md 
b/docs/docs/en/guide/security/authentication-type.md
index d6431ffe8b..31c8d05de3 100644
--- a/docs/docs/en/guide/security/authentication-type.md
+++ b/docs/docs/en/guide/security/authentication-type.md
@@ -30,6 +30,9 @@ security:
         # jks file absolute path && password
         trust-store: "/ldapkeystore.jks"
         trust-store-password: "password"
+    casdoor:
+      user:
+        admin: ""
     oauth2:
       enable: false
       provider:
@@ -53,6 +56,19 @@ security:
           callbackUrl: ""
           iconUri: ""
           provider: google
+casdoor:
+   # Your Casdoor server url
+   endpoint: ""
+   client-id: ""
+   client-secret: ""
+   # The certificate may be multi-line, you can use `|-` for ease
+   certificate: ""
+   # Your organization name added in Casdoor
+   organization-name: ""
+   # Your application name added in Casdoor
+   application-name: ""
+   # Doplhinscheduler login url
+   redirect-url: ""
 ```
 
 For detailed explanation of specific fields, please see: [Api-server related 
configuration](../../architecture/configuration.md)
diff --git a/docs/docs/zh/architecture/configuration.md 
b/docs/docs/zh/architecture/configuration.md
index 87bcc882ce..b058f1f358 100644
--- a/docs/docs/zh/architecture/configuration.md
+++ b/docs/docs/zh/architecture/configuration.md
@@ -260,6 +260,14 @@ common.properties配置文件目前主要是配置hadoop/s3/yarn/applicationId
 |security.authentication.ldap.ssl.enable|false|LDAP ssl开关|
 |security.authentication.ldap.ssl.trust-store|ldapkeystore.jks|LDAP jks文件绝对路径|
 |security.authentication.ldap.ssl.trust-store-password|password|LDAP jks密码|
+|security.authentication.casdoor.user.admin||Casdoor登陆时,系统管理员账号|
+|casdoor.endpoint||Casdoor服务器URL|
+|casdoor.client-id||Casdoor中的ID|
+|casdoor.client-secret||Casdoor中的密钥|
+|casdoor.certificate||Casdoor中的证书|
+|casdoor.organization-name||Casdoor中的组织名称|
+|casdoor.application-name||Casdoor中的应用名称|
+|casdoor.redirect-url||dolphinscheduler登录URL|
 |api.traffic.control.global.switch|false|流量控制全局开关|
 |api.traffic.control.max-global-qps-rate|300|全局最大请求数/秒|
 |api.traffic.control.tenant-switch|false|流量控制租户开关|
diff --git a/docs/docs/zh/guide/security/authentication-type.md 
b/docs/docs/zh/guide/security/authentication-type.md
index c87b411881..b32e13b46b 100644
--- a/docs/docs/zh/guide/security/authentication-type.md
+++ b/docs/docs/zh/guide/security/authentication-type.md
@@ -30,6 +30,9 @@ security:
         # jks file absolute path && password
         trust-store: "/ldapkeystore.jks"
         trust-store-password: "password"
+    casdoor:
+      user:
+        admin: ""
     oauth2:
       enable: false
       provider:
@@ -53,6 +56,19 @@ security:
           callbackUrl: ""
           iconUri: ""
           provider: google
+casdoor:
+   # Your Casdoor server url
+   endpoint: ""
+   client-id: ""
+   client-secret: ""
+   # The certificate may be multi-line, you can use `|-` for ease
+   certificate: ""
+   # Your organization name added in Casdoor
+   organization-name: ""
+   # Your application name added in Casdoor
+   application-name: ""
+   # Doplhinscheduler login url
+   redirect-url: ""
 ```
 
 具体字段解释详见:[Api-server相关配置](../../architecture/configuration.md)
diff --git 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticator.java
 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticator.java
index 77ff420424..2acbabbd56 100644
--- 
a/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticator.java
+++ 
b/dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticator.java
@@ -42,6 +42,8 @@ public class CasdoorAuthenticator extends 
AbstractSsoAuthenticator {
     private CasdoorAuthService casdoorAuthService;
     @Value("${casdoor.redirect-url}")
     private String redirectUrl;
+    @Value("${security.authentication.casdoor.user.admin:#{null}}")
+    private String adminUserName;
 
     @Override
     public User login(String state, String code, String extra) {
@@ -66,12 +68,17 @@ public class CasdoorAuthenticator extends 
AbstractSsoAuthenticator {
             // check if user exist
             user = usersService.getUserByUserName(casdoorUser.getName());
             if (user == null) {
-                user = usersService.createUser(UserType.GENERAL_USER, 
casdoorUser.getName(), casdoorUser.getEmail());
+                user = 
usersService.createUser(getUserType(casdoorUser.getName()), 
casdoorUser.getName(),
+                        casdoorUser.getEmail());
             }
         }
         return user;
     }
 
+    public UserType getUserType(String userName) {
+        return adminUserName.equalsIgnoreCase(userName) ? UserType.ADMIN_USER 
: UserType.GENERAL_USER;
+    }
+
     @Override
     public String getSignInUrl(String state) {
         return casdoorAuthService.getSigninUrl(redirectUrl, state);
diff --git a/dolphinscheduler-api/src/main/resources/application.yaml 
b/dolphinscheduler-api/src/main/resources/application.yaml
index 081381466e..c4810eb664 100644
--- a/dolphinscheduler-api/src/main/resources/application.yaml
+++ b/dolphinscheduler-api/src/main/resources/application.yaml
@@ -181,6 +181,9 @@ security:
         # jks file absolute path && password
         trust-store: "/ldapkeystore.jks"
         trust-store-password: "password"
+    casdoor:
+      user:
+        admin: ""
     oauth2:
       enable: false
       provider:
@@ -204,6 +207,20 @@ security:
           callbackUrl: ""
           iconUri: ""
           provider: google
+casdoor:
+  # Your Casdoor server url
+  endpoint: ""
+  client-id: ""
+  client-secret: ""
+  # The certificate may be multi-line, you can use `|-` for ease
+  certificate: ""
+  # Your organization name added in Casdoor
+  organization-name: ""
+  # Your application name added in Casdoor
+  application-name: ""
+  # Doplhinscheduler login url
+  redirect-url: ""
+
 
 # Override by profile
 
diff --git 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticatorTest.java
 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticatorTest.java
index 1d8fbe89d3..c1ef0b46cd 100644
--- 
a/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticatorTest.java
+++ 
b/dolphinscheduler-api/src/test/java/org/apache/dolphinscheduler/api/security/impl/sso/CasdoorAuthenticatorTest.java
@@ -55,7 +55,8 @@ import 
org.springframework.web.context.request.ServletRequestAttributes;
         "casdoor.certificate=public-key",
         "casdoor.organization-name=built-in",
         "casdoor.application-name=app-built-in",
-        "casdoor.redirect-url=http://localhost:8888/view/login/index.html";
+        "casdoor.redirect-url=http://localhost:8888/view/login/index.html";,
+        "security.authentication.casdoor.user.admin=admin"
 })
 public class CasdoorAuthenticatorTest extends AbstractControllerTest {
 
diff --git a/dolphinscheduler-api/src/test/resources/application.yaml 
b/dolphinscheduler-api/src/test/resources/application.yaml
index d6cd8ff0af..cdd4f16eb0 100644
--- a/dolphinscheduler-api/src/test/resources/application.yaml
+++ b/dolphinscheduler-api/src/test/resources/application.yaml
@@ -87,6 +87,9 @@ security:
         # jks file absolute path && password
         trust-store: "/ldapkeystore.jks"
         trust-store-password: "password"
+    casdoor:
+      user:
+        admin: ""
     oauth2:
       enable: true
       provider:
diff --git 
a/dolphinscheduler-standalone-server/src/main/resources/application.yaml 
b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
index 7453ce81d3..fe525b45e7 100644
--- a/dolphinscheduler-standalone-server/src/main/resources/application.yaml
+++ b/dolphinscheduler-standalone-server/src/main/resources/application.yaml
@@ -111,6 +111,9 @@ security:
         # jks file absolute path && password
         trust-store: "/ldapkeystore.jks"
         trust-store-password: ""
+    casdoor:
+      user:
+        admin: admin
     oauth2:
       enable: false
       provider:
@@ -135,7 +138,19 @@ security:
           iconUri: ""
           provider: gitee
 
-
+casdoor:
+  # Your Casdoor server url
+  endpoint: http://localhost:8000
+  client-id: ""
+  client-secret: ""
+  # The certificate may be multi-line, you can use `|-` for ease
+  certificate: ""
+  # Your organization name added in Casdoor
+  organization-name: built-in
+  # Your application name added in Casdoor
+  application-name: dolphinscheduler
+  # Doplhinscheduler login url
+  redirect-url: http://localhost:5173/login

Reply via email to