class
ConfigFileBasedAuthenticator extends Authenticator
Instance Constructors
-
new
ConfigFileBasedAuthenticator(config: Config)
Value Members
-
final
def
!=(arg0: AnyRef): Boolean
-
final
def
!=(arg0: Any): Boolean
-
final
def
##(): Int
-
final
def
==(arg0: AnyRef): Boolean
-
final
def
==(arg0: Any): Boolean
-
final
def
asInstanceOf[T0]: T0
-
def
authenticate(user: String, password: String, ec: ExecutionContext): Future[AuthenticationResult]
-
def
clone(): AnyRef
-
final
def
eq(arg0: AnyRef): Boolean
-
def
equals(arg0: Any): Boolean
-
def
finalize(): Unit
-
final
def
getClass(): Class[_]
-
def
hashCode(): Int
-
final
def
isInstanceOf[T0]: Boolean
-
final
def
ne(arg0: AnyRef): Boolean
-
final
def
notify(): Unit
-
final
def
notifyAll(): Unit
-
final
def
synchronized[T0](arg0: ⇒ T0): T0
-
def
toString(): String
-
final
def
wait(): Unit
-
final
def
wait(arg0: Long, arg1: Int): Unit
-
final
def
wait(arg0: Long): Unit
Inherited from AnyRef
Inherited from Any
UI dashboard authenticator based on configuration file.
It has three categories of users: admins, users, and guests. admins have unlimited permission, like shutdown a cluster, add/remove machines. users have limited permission to submit an application and etc.. guests can not submit/kill applications, but can view the application status.
see conf/gear.conf section gearpump.ui-security.config-file-based-authenticator to find information about how to configure this authenticator.
[Security consideration] It will keep one-way sha1 digest of password instead of password itself. The original password is NOT kept in any way, so generally it is safe.
digesting flow (from original password to digest): random salt byte array of length 8 -> byte array of (salt + sha1(salt, password)) -> base64Encode
verification user input password with stored digest: base64Decode -> extract salt -> do sha1(salt, password) -> generate digest: salt + sha1 -> compare the generated digest with the stored digest.