Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

authenticator求助 #706

Closed
chobits102 opened this issue Oct 9, 2019 · 17 comments
Closed

authenticator求助 #706

chobits102 opened this issue Oct 9, 2019 · 17 comments
Labels
inactive

Comments

@chobits102
Copy link

配置了默认的
auth.admin_token162f7848-0b6d-4faf-b557-3a0797869c55
auth.user_tokens [hugegraph:9fd95c9c-711b-415b-b85f-d4df46ba5c31]

如何用linux的curl 和 HugeGraph-Studio 进行访问
@chobits102
Copy link
Author

who can help me . thx

@javeme
Copy link
Contributor

javeme commented Oct 9, 2019

@chobits102 请参考 https://github.com/hugegraph/hugegraph/issues/125#issuecomment-432902640

@chobits102
Copy link
Author

@javeme 感谢你的回复,我已经看过了#125 (comment)
但是还是不行,这是我的配置

# authentication
auth.require_authentication=com.baidu.hugegraph.auth.StandardAuthenticator
admin=162f7848-0b6d-4faf-b557-3a0797869c55
user=[hugegraph:9fd95c9c-711b-415b-b85f-d4df46ba5c31]

authentication: {
  authenticator: com.baidu.hugegraph.auth.StandardAuthenticator,
  config: {
    tokens: /opt/hugegraph-0.9.2/conf/rest-server.properties
  }
}

gremlin.graph=com.baidu.hugegraph.auth.HugeFactoryAuthProxy
请求语句:
curl -v -X GET http://167.179.83.104:8080/graphs/hugegraph -u admin:162f7848-0b6d-4faf-b557-3a0797869c55
返回信息:
Note: Unnecessary use of -X or --request, GET is already inferred.

  • Trying 167.179.83.104...
  • TCP_NODELAY set
  • Connected to 167.179.83.104 (167.179.83.104) port 8080 (#0)
  • Server auth using Basic with user 'admin'

GET /graphs/hugegraph HTTP/1.1
Host: 167.179.83.104:8080
Authorization: Basic YWRtaW46MTYyZjc4NDgtMGI2ZC00ZmFmLWI1NTctM2EwNzk3ODY5YzU1
User-Agent: curl/7.58.0
Accept: /

< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json
< Date: Thu, 10 Oct 2019 01:45:28 GMT
< Connection: close
< Content-Length: 154
<

  • Closing connection 0
    {"exception":"class java.lang.IllegalStateException","message":"Missing authentication context when accessing a Graph with permission control","cause":""}

我已经尝试几天了,请帮帮忙谢谢

@imbajin
Copy link
Member

imbajin commented Oct 10, 2019
edited
Loading

你的auth配置是过时的, 所以没有生效吧, 正确的参数auth.authenticator, 详情参考权限配置

PS : 这个似乎很早就改了, 上次更新配置文件的时候我忘记更新这里了... (顺便提醒开启权限后loader导入也需传入对应参数)

@chobits102
Copy link
Author

@imbajin 非常感谢你的回复,用您提供给的参数果然成功了,也可以用API获取数据。
但是,连接服务器超时,不过不妨碍用API获取数据
在用到hugegraph studio的时候就报错误
Error!
Failed to connect HugeGraphServer
请问这个是正常现象吗
以下是连接服务器的日记
2019-10-10 04:48:01 926 [main] [INFO ] com.baidu.hugegraph.dist.HugeGremlinServer [] - Configuring Gremlin Server from conf/gremlin-server.yaml
2019-10-10 04:48:01 1160 [main] [INFO ] com.baidu.hugegraph.HugeGraph [] - Opening backend store 'rocksdb' for graph 'hugegraph'
2019-10-10 04:48:01 1190 [main] [INFO ] com.baidu.hugegraph.HugeGraph [] - Wrap graph 'hugegraph' with HugeGraphAuthProxy
2019-10-10 04:48:01 1191 [main] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Graph [hugegraph] was successfully configured via [conf/hugegraph.properties].
2019-10-10 04:48:01 1191 [main] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Graph [hugegraph] was successfully configured via [conf/hugegraph.properties].
2019-10-10 04:48:01 1191 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.ServerGremlinExecutor [] - Initialized Gremlin thread pool. Threads in pool named with pattern gremlin-*
2019-10-10 04:48:01 1191 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.ServerGremlinExecutor [] - Initialized Gremlin thread pool. Threads in pool named with pattern gremlin-*
2019-10-10 04:48:02 1737 [main] [INFO ] org.apache.tinkerpop.gremlin.groovy.engine.ScriptEngines [] - Loaded gremlin-groovy ScriptEngine
2019-10-10 04:48:02 1737 [main] [INFO ] org.apache.tinkerpop.gremlin.groovy.engine.ScriptEngines [] - Loaded gremlin-groovy ScriptEngine
2019-10-10 04:48:03 2423 [main] [INFO ] org.apache.tinkerpop.gremlin.groovy.engine.GremlinExecutor [] - Initialized gremlin-groovy ScriptEngine with scripts/empty-sample.groovy
2019-10-10 04:48:03 2423 [main] [INFO ] org.apache.tinkerpop.gremlin.groovy.engine.GremlinExecutor [] - Initialized gremlin-groovy ScriptEngine with scripts/empty-sample.groovy
2019-10-10 04:48:03 2424 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.ServerGremlinExecutor [] - Initialized GremlinExecutor and preparing GremlinScriptEngines instances.
2019-10-10 04:48:03 2424 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.ServerGremlinExecutor [] - Initialized GremlinExecutor and preparing GremlinScriptEngines instances.
2019-10-10 04:48:03 2465 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.ServerGremlinExecutor [] - Initialized gremlin-groovy GremlinScriptEngine and registered metrics
2019-10-10 04:48:03 2465 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.ServerGremlinExecutor [] - Initialized gremlin-groovy GremlinScriptEngine and registered metrics
2019-10-10 04:48:03 2475 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.MetricManager [] - Configured Metrics CsvReporter configured with report interval=180000ms to fileName=/tmp/gremlin-server-metrics.csv
2019-10-10 04:48:03 2475 [main] [INFO ] org.apache.tinkerpop.gremlin.server.util.MetricManager [] - Configured Metrics CsvReporter configured with report interval=180000ms to fileName=/tmp/gremlin-server-metrics.csv
2019-10-10 04:48:03 2504 [main] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Executing start up LifeCycleHook
2019-10-10 04:48:03 2504 [main] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Executing start up LifeCycleHook
2019-10-10 04:48:03 2517 [main] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Executed once at startup of Gremlin Server.
2019-10-10 04:48:03 2517 [main] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Executed once at startup of Gremlin Server.
2019-10-10 04:48:03 2605 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v1.0+gryo-lite with org.apache.tinkerpop.gremlin.driver.ser.GryoLiteMessageSerializerV1d0
2019-10-10 04:48:03 2605 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v1.0+gryo-lite with org.apache.tinkerpop.gremlin.driver.ser.GryoLiteMessageSerializerV1d0
2019-10-10 04:48:03 2606 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v1.0+gryo-stringd with org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0
2019-10-10 04:48:03 2606 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v1.0+gryo-stringd with org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0
2019-10-10 04:48:03 2776 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v1.0+json with org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerGremlinV1d0
2019-10-10 04:48:03 2776 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v1.0+json with org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerGremlinV1d0
2019-10-10 04:48:03 2803 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v2.0+json with org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerGremlinV2d0
2019-10-10 04:48:03 2803 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/vnd.gremlin-v2.0+json with org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerGremlinV2d0
2019-10-10 04:48:03 2804 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/json with org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0
2019-10-10 04:48:03 2804 [main] [INFO ] org.apache.tinkerpop.gremlin.server.AbstractChannelizer [] - Configured application/json with org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0
2019-10-10 04:48:03 2883 [gremlin-server-boss-1] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Gremlin Server configured with worker thread pool of 1, gremlin pool of 2 and boss thread pool of 1.
2019-10-10 04:48:03 2883 [gremlin-server-boss-1] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Gremlin Server configured with worker thread pool of 1, gremlin pool of 2 and boss thread pool of 1.
2019-10-10 04:48:03 2884 [gremlin-server-boss-1] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Channel started at port 8182.
2019-10-10 04:48:03 2884 [gremlin-server-boss-1] [INFO ] org.apache.tinkerpop.gremlin.server.GremlinServer [] - Channel started at port 8182.
2019-10-10 04:48:03 2889 [main] [INFO ] com.baidu.hugegraph.server.RestServer [] - RestServer starting...
Oct 10, 2019 4:48:04 AM org.glassfish.grizzly.http.server.NetworkListener start
INFO: Started listener bound to [167.179.83.104:8080]
2019-10-10 04:48:04 3997 [main] [INFO ] com.baidu.hugegraph.HugeGraph [] - Wrap graph 'hugegraph' with HugeGraphAuthProxy
2019-10-10 04:48:04 3997 [main] [INFO ] com.baidu.hugegraph.server.RestServer [] - Graph 'hugegraph' was successfully configured via 'conf/hugegraph.properties'

@imbajin
Copy link
Member

imbajin commented Oct 10, 2019

因为不管是studio还是loader, 本质都是调用client, 然后用HTTP请求带验证的方式去访问server的, 跟你说的API配置校验后可以访问, 是一样的原理,

但是你如果使用其它组件(loader/studio...)时没有传入校验参数, 那它默认就等于是没带校验的HTTP请求, 自然是不能连接成功的,

不过studio目前默认没有提供带校验参数的配置, 所以你急用可以自己改一下studio源码调用HugeClient的那个地方, 自行传入, 或者还是等官方的新前端Hubble发布吧.

补充: : http-basic认证安全性也很弱, 明文传输校验随时都能被截取, 所以我觉得不如你自己在业务上层做封装, 在前端隐藏图server的直接调用API

@chobits102
Copy link
Author

@imbajin 非常感谢,我明白,多谢

@SuperXiaoxiong
Copy link

I met the problem too

rest-server.properties

restserver.url=http://0.0.0.0:8080

# graphs list with pair NAME:CONF_PATH
graphs=[hugegraph:conf/hugegraph.properties]

gremlineserver.url=http://0.0.0.0:8182
#  authentication
auth.authentication=com.baidu.hugegraph.auth.StandardAuthenticator
auth.admin_token=162f7848-0b6d-4faf-b557-3a0797869c55
auth.user_tokens=[hugegraph:9fd95c9c-711b-415b-b85f-d4df46ba5c31]

conf/hugegraph.properties

gremlin.graph=com.baidu.hugegraph.auth.HugeFactoryAuthProxy

gremlin-server.yaml

host: 0.0.0.0
port: 8182

authentication: {
  authenticator: com.baidu.hugegraph.auth.StandardAuthenticator,
  config: {tokens: /home/toor/hugegraph-0.10.4/conf/rest-server.properties}
}

and post the request

Note: Unnecessary use of -X or --request, GET is already inferred.
*   Trying x...
* Connected to x (x) port 8080 (#0)
* Server auth using Basic with user 'hugegraph'
> GET /graphs/hugegraph HTTP/1.1
> Host: x:8080
> Authorization: Basic aHVnZWdyYXBoOjlmZDk1YzljLTcxMWItNDE1Yi1iODVmLWQ0ZGY0NmJhNWMzMQ==
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 500 Internal Server Error
< Content-Type: application/json
< Date: Tue, 19 May 2020 09:21:41 GMT
< Connection: close
< Content-Length: 154
< 
* Closing connection 0
{"exception":"class java.lang.IllegalStateException","message":"Missing authentication context when accessing a Graph with permission control","cause":""}

@imbajin
Copy link
Member

imbajin commented May 19, 2020
edited
Loading

@SuperXiaoxiong
Seems u ignored my reply here. The auth key in your rest-server.properties is wrong, need to correct it. (should be auth.authenticator, not auth.authentication)

PS: This default value will be updated later

@imbajin imbajin mentioned this issue May 19, 2020
Merged
@dyhyao6
Copy link

dyhyao6 commented Oct 28, 2020

顶一下这个,admin用户怎么无法通过认证 ,出现401
@javeme @wenzhenghu
企业微信截图_20201028095305
企业微信截图_20201028095337

@dyhyao6
Copy link

dyhyao6 commented Oct 28, 2020

你好,开启认证后,管理员对用户user的增删改查,权限管理等,使用哪种api呢?HugeCient好像没提供方法 @javeme @SuperXiaoxiong
企业微信截图_20201028164330

@javeme
Copy link
Contributor

javeme commented Oct 28, 2020

@javeme 最新版本的client提供了,请参考:https://github.com/hugegraph/hugegraph-client/blob/master/src/main/java/com/baidu/hugegraph/driver/AuthManager.java

@mygithello
Copy link

@dyhyao6 hello,你的问题解决了吗,admin 登录问题,我也遇到相同的问题,admin 的用户密码配置怎么没有教程

@mygithello
Copy link

StandardAuthenticator 模式如何配置登录信息啊,有人知道不
GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels
Authorization: Basic admin xxxx

@javeme
Copy link
Contributor

javeme commented Dec 7, 2021

StandardAuthenticator 模式如何配置登录信息啊,有人知道不 GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization: Basic admin xxxx

Authorization的信息是需要经过base64编码的,比如:Authorization: Basic aHVnZWdyYXBoOnAw==,可以参考下HTTP头的规范:https://developer.mozilla.org/zh-CN/docs/Web/HTTP/Headers/Authorization

@mygithello
Copy link

mygithello commented Dec 7, 2021 via email

@github-actions
Copy link

github-actions bot commented Jan 1, 2022

Due to the lack of activity, the current issue is marked as stale and will be closed after 20 days, any update will remove the stale label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
inactive
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@javeme @imbajin @SuperXiaoxiong @mygithello @chobits102 @dyhyao6