security
Authenticator for UI dashboard.
UI dashboard authenticator based on configuration file.
UI dashboard authenticator based on configuration file.
It has three categories of users: admins, users, and guests. admins have unlimited permission, like shutdown a cluster, add/remove machines. users have limited permission to submit an application and etc.. guests can not submit/kill applications, but can view the application status.
see conf/gear.conf section gearpump.ui-security.config-file-based-authenticator to find information about how to configure this authenticator.
[Security consideration] It will keep one-way sha1 digest of password instead of password itself. The original password is NOT kept in any way, so generally it is safe.
digesting flow (from original password to digest):
random salt byte array of length 8 -> byte array of (salt + sha1(salt, password)) ->
base64Encode.Verification user input password with stored digest:
base64Decode -> extract salt -> do sha1(salt, password) -> generate digest: salt + sha1 -> compare the generated digest with the stored digest.
Util to verify whether user input password is valid or not.
Util to verify whether user input password is valid or not. It use sha1 to do the digesting.
Authenticator for UI dashboard.
Sub Class must implement a constructor with signature like this: this(config: Config)