-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.html
163 lines (162 loc) · 9.4 KB
/
auth.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<meta name="description" content="JobStreamer : JobStreamer site."/>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/semantic-ui/2.1.8/semantic.min.css" type="text/css"/>
<link rel="stylesheet" href="css/basic.css" type="text/css"/>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/prism/1.5.0/themes/prism.css" type="text/css"/>
</head>
<body>
<div class="ui fixed inverted teal menu">
<div class="title item"><a href="./index.html"><b>Job Streamer</b></a></div>
</div>
<div/>
<div id="main_content_wrap" class="main ui grid content">
<div class="four wide column">
<div class="ui vertical fluid tabular menu">
<a class="item" href="get-started-quickly.html">
Getting Started
</a>
<div class="item">
<div class="header">Guide</div>
<div class="menu">
<a class="item" href="auth.html">
Authentication and authorization
</a>
<a class="item" href="deploy-batch-components.html">
Deploy batch components
</a>
<a class="item" href="create-a-job.html">
Create job
</a>
<a class="item" href="execute-the-job.html">
Execute job
</a>
<a class="item" href="schedule-job.html">
Schedule job
</a>
<a class="item" href="job-config.html">
Job config
</a>
<a class="item" href="notificator-config.html">
Notificator config
</a>
<a class="item" href="import-export.html">
Import and export
</a>
<a class="item" href="test-mode.html">
Test mode
</a>
<a class="item" href="healthcheck.html">
Healthcheck
</a>
</div>
</div>
<div class="item">
<div class="header">Components</div>
<div class="menu">
<a class="item" href="control-bus.html">
Control bus
</a>
<a class="item" href="agent.html">
Agent
</a>
<a class="item" href="console.html">
Management console
</a>
<a class="item" href="notificator.html">
Notificator
</a>
</div>
</div>
<div class="item">
<div class=" header">For contributers</div>
<div class="menu">
<a class="item" href="get-started-developer.html">
Getting Started for contributers
</a>
<a class="item" href="developer-guide.html">
Developer guide for contributers
</a>
</div>
</div>
</div> </div>
<div class="twelve wide stretched column">
<h1><a href="#authentification-and-authorization" name="authentification-and-authorization">Authentification and authorization</a></h1><h2><a href="#authentification" name="authentification">Authentification</a></h2><p>Authentification is required when you use JobStreamer.<br/>If you open any URL of Console without authentification, you will be redirected to login page.<br/><a href="http://localhost:3000/login">http://localhost:3000/login</a></p><p>Login with following default ID and Passwod.</p>
<ul>
<li>ID : admin</li>
<li>Password : password123</li>
</ul><p>If you want to logout, click Logout link in the menu located in the right-hand side of header.</p><h2><a href="#authorization" name="authorization">Authorization</a></h2><p>JobStreamer has three authorities to a job for a login user.</p>
<ul>
<li>admin : All operations for job are allowed.</li>
<li>operator : Reference of job information and execution of job are allowed. But editing of job is not allowed.</li>
<li>watcher : Only reference of job information is allowed.</li>
</ul><p>Reference of job and editing of job include following operations respectively.</p>
<ul>
<li>Reference of job
<ul>
<li>Change job definition.</li>
<li>Change job configuration.</li>
<li>Delete job.</li>
</ul></li>
<li>Editing of job
<ul>
<li>Execute and stop, restart, abandon job.</li>
<li>Change job schedule.</li>
</ul></li>
</ul><p>If you do an unallowed operation on the Console, an error message will appear and the operation will be canceled.<br/>Default user, “admin” has “admin” authority.<br/>Please refer to following “User management” section, if you want to create other users who have other authority.</p><h2><a href="#user-management" name="user-management">User management</a></h2><p>Currently, login user creation and deletion are provided by API.<br/>Please execute it like following example.</p>
<pre><code class="sh"># Create login user named "test-user" with "operator" authority and password "password123"
curl -XPOST localhost:45102/user -H 'Content-Type: application/edn' -d '{:user/id "test-user" :user/password "password123" :role "operator"}'
# Delete login user whose id is "test-user".
curl -XDELETE localhost:45102/user/test-user
</code></pre><h3><a href="#authentification-in-api-execution" name="authentification-in-api-execution">Authentification in API execution</a></h3><p>You also need authentification when you use Control-bus REST API.<br/>At first you need to get authentification token by executing login API.</p>
<pre><code class="sh"># username : Login user id
# password : Login user password
curl -XPOST localhost:45102/auth -H "Content-Type: application/edn" -d '{:user/id "admin" :user/password "password123"}' -v
{:token "5f080f9c-3023-4a6a-89fb-de983f768c4d"}
</code></pre><p>In this case, 5f080f9c-3023-4a6a-89fb-de983f768c4d is the authentification token.<br/>Next, request with “Authorization: Token 5f080f9c-3023-4a6a-89fb-de983f768c4d” header and you can execute any APIs you are allowed.</p>
<pre><code class="sh">curl -XGET -H 'Content-Type: application/edn' -H 'Authorization: Token 5f080f9c-3023-4a6a-89fb-de983f768c4d' http://localhost:45102/default/jobs
{:results [...]}
</code></pre><h2>OAuth2.0 Authentication</h2><p>You can use OAuth2.0 as authentication in JobStreamer.<br/>If you login to JobStreamer by using OAuth2.0, You will get the “operator” role.</p><h3><a href="#how-to-use" name="how-to-use">How to use</a></h3><p>To Use OAuth2.0, You have to locate a configuration file on your class path.</p>
<pre><code class="edn">;; resources/job-streamer-control-bus/config.edn
{:auth {:console-url "http://xxx.yyy.z.ww:3000"
:control-bus-url "http://xxx.yyy.z.ww:45102"
:oauth-providers {"yahoo" {:name "Yahoo" ;; Required. Name in button
:class-name "yahoo" ;; Option. Class name in button
:domain "https://auth.login.yahoo.co.jp" ;; Required. Authorization server domain in OAuth2.0
:client-id "xxxx" ;; Required. Client id in OAuth2.0
:client-secret "xxxx" ;; Required. Client secret in OAuth2.0
:scope "openid" ;; Option. Scope in OAuth2.0
:auth-endpoint "yconnect/v2/authorization" ;; Required. Authorization endpoint in OAuth2.0
:token-endpoint "yconnect/v2/token"} ;; Required. Token endpoint in OAuth2.0
"github" {:name "Github"
:class-name "github"
:domain "https://github.com"
:client-id "xxxx"
:client-secret "xxxx"
:auth-endpoint "login/oauth/authorize"
:token-endpoint "login/oauth/access_token"}}}}
</code></pre><p>And you have to configure the OAuth2.0 authorization server.</p><p>We confirmed that it works with the following OAuth2.0 services.<br/>* Github<br/>* Yahoo! ID connect</p>
</div>
</div>
<div class="ui inverted teal footer vertical segment">
<div class="container">
<div class="ui stackable divided relaxed grid">
<div class="sixteen wide column">
<p>Copyright @ 2015-2016 kawasima & contributors.</p>
<p>Released under the EPL license.</p>
</div>
</div>
</div>
</div>
<script src="https://cdn.jsdelivr.net/jquery/1.12.3/jquery.min.js"></script>
<script src="https://cdn.jsdelivr.net/prism/1.5.0/prism.js"></script>
<script src="https://cdn.jsdelivr.net/prism/1.5.0/components/prism-java.min.js"></script>
<script src="https://cdn.jsdelivr.net/prism/1.5.0/components/prism-bash.min.js"></script>
<script src="https://cdn.jsdelivr.net/prism/1.5.0/plugins/line-numbers/prism-line-numbers.min.js"></script>
<script src="https://cdn.jsdelivr.net/semantic-ui/2.1.8/semantic.min.js"> </script>
</body>
</html>