User authentication and authorization
Since 3.0.1, Saturn Console supports user authentication and authorization.
1 certification
Starting from Saturn 3.0.0, Console supports user login authentication. But the user registration function is not in the scope, which means that user registration needs to be implemented by the user.
1.1 Enable authentication function
The console does not enable the authentication function by default. If you want to enable it, please add the parameter -Dauthentication.enabled=true in the startup console
The system adds 2 users by default for demo purposes:
| Username | Password |
|---|---|
| admin | admin |
| guest | guest |
1.2 Supported authentication methods
Saturn currently supports 2 types of authentication methods: plaintext and PBKDF2WithHmacSHA1.
The algorithm can be changed by setting the JVM property "-Dauthentication.hash", the default is plaintext . If authentication.hash is not the above two types, an exception will be returned.
Note that the plaintext is only for testing purposes and is not recommended for production.
1.3 User password and format
When customizing the user registration function, please ensure that the user information is persisted in the user table of the database. Among them, the password field is used to save the password.
The password storage format needs to be combined with the authentication method.
If it is plaintext authentication, the password is stored in plaintext.
If PBKDF2WithHmacSHA1 is used, the format is:
<code1>$<code2>
- code1: The hex encoded value of the password generated using PBKDF2WithHmacSHA1
- code2: The value of the salt after hex encode
- $ Is the separator between code1 and code2
1.4 User registration function realization
When implementing user registration, you can use com.vip.saturn.job.console.utils.PasswordUtils.genPassword(password, salt, algorithm) or com.vip.saturn.job.console.utils.PasswordUtils.genPassword(password, algorithm) The method generates a password and persists it to the database. Among them, password is a plaintext password, salt is a salt, and algorithm is the algorithm mentioned above.
2 authorization
2.1 Enable authorization function
The console does not enable authorization by default. If you want to enable it, please add the parameter -Dauthorization.enabled.default=true in the startup console
After the console is started, you can dynamically disable/enable the authorization function in the system configuration (no need to restart the console).
2.2. Permissions and permission sets (roles)
Saturn has set different permissions for different operations and also set 3 permission sets (roles), as shown in the following table. Saturn currently does not provide the function of adding/modifying/deleting permissions and permission sets.
| Authority | Owning permission collection |
|---|---|
| Job start and stop (batch/single job) | System management, domain management, domain development management |
| Execute immediately / terminate immediately | System management, domain management |
| Job addition (batch/single job) | System management, domain management |
| Job settings update | System management, domain management |
| Job deletion (batch/single job) | System management, domain management |
| Job import/export | System management, domain management |
| Batch job priority | System management, domain management |
| Set alarm has been read | System management, domain management |
| Restart a single executor | System management, domain management |
| Executor monitoring (dump/restart/extract traffic) | System management, domain management |
Note that domain management authority is for a single domain, while system management is for all domains.
2.3 Add user permissions
To add permissions for the user, go to the "Permission Management" page and click the "Add Permission Set" button.
