incubator-hugegraph
incubator-hugegraph copied to clipboard
apache
Gremlin console 不能连接启用了用户验证与授权的HugeGraph 0.11.2
Problem Type (问题类型)
configs (配置项 / 文档相关)
Before submit
Environment (环境信息)
- Server Version: v0.11.x
- Backend: RocksDB x nodes, HDD or SSD
- OS: windows11 wsl -ubutun20.03,x86 8-core CPU, 16 G RAM
- Data Size: 6000 vertices, 60000 edges
Your Question (问题描述)
不启用验证与授权,console是可以正常访问server的。启用验证与授权后,console不能正常访问server。(curl/postman两种情况下都是可以正常访问server的) Gremlin Server 配置
authentication
authentication: { authenticator: com.baidu.hugegraph.auth.StandardAuthenticator, authenticationHandler: com.baidu.hugegraph.auth.WsAndHttpBasicAuthHandler, config: {tokens: conf/rest-server.properties} } rest Server 配置
authentication:StandardAuthenticator
auth.authenticator=com.baidu.hugegraph.auth.StandardAuthenticator auth.graph_store=hugegraph
console配置:remote-secure.yaml hosts: [localhost] port: 8182 username: admin password: hugeadmin serializer: { className: org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0, config: { serializeResultToString: false, ioRegistries: [com.baidu.hugegraph.io.HugeGraphIoRegistry] } } 其它根据文档描述配置。 1、init-store.sh启动正常,设置admin密码。 2、启动Server正常。使用curl/postman工具进行验证授权等的使用是正常的。但是hubble工具只能使用admin进行操作,如果使用创建好的其它用户是不能连接访问的,总是提示用户验证和授权错误。 3、启动Console $ bin/gremlin-console.sh
\,,,/
(o o)
-----oOOo-(3)-oOOo----- plugin activated: HugeGraph plugin activated: tinkerpop.server plugin activated: tinkerpop.utilities plugin activated: tinkerpop.tinkergraph gremlin> :remote connect tinkerpop.server conf/remote-secure.yaml ==>Configured localhost/127.0.0.1:8182 gremlin> :remote console ==>All scripts will now be sent to Gremlin Server - [localhost/127.0.0.1:8182] - type ':remote console' to return to local mode gremlin> hugegraph Authenticator is not ready to handle requests Type ':help' or ':h' for help. Display stack trace? [yN] gremlin>
Vertex/Edge example (问题点 / 边数据举例)
No response
Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)
No response
环境:windows11 WSL2-ubutun 版本:hugegraph 0.11.2 多图配置 根据Tinkerpop文档来配置gremlin console访问 启用用户验证与授权的server。不知hugegraph是否有相关文档说明(console访问hugegraph server,原有文档说不能同时通过console和http方式访问:事实上配置WsAndHttpChannel协议时可以的。) 问题:Authenticator is not ready to handle requests 操作过程:
~/hg11.2/hugegraph-0.11.2$ bin/start-hugegraph.sh Starting HugeGraphServer... Connecting to HugeGraphServer (http://0.0.0.0:8080/graphs)........OK Started [pid 2359] ~/hg11.2/hugegraph-0.11.2$ bin/gremlin-console.sh
\,,,/
(o o)
-----oOOo-(3)-oOOo----- plugin activated: HugeGraph plugin activated: tinkerpop.server plugin activated: tinkerpop.utilities plugin activated: tinkerpop.tinkergraph gremlin> gremlin> :remote connect tinkerpop.server conf/remote-secure.yaml ==>Configured localhost/127.0.0.1:8182 gremlin> gremlin> :remote console ==>All scripts will now be sent to Gremlin Server - [localhost/127.0.0.1:8182] - type ':remote console' to return to local mode gremlin> hugegraph Authenticator is not ready to handle requests Type ':help' or ':h' for help. Display stack trace? [yN] gremlin> hugegraph.traversal().V() Authenticator is not ready to handle requests Type ':help' or ':h' for help. Display stack trace? [yN] gremlin>
查看后台server消息: 2022-07-04 17:46:15 283707 [gremlin-server-worker-1] [ERROR] org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler [] - StandardAuthenticator is not ready to handle requests - check it's configuration or related services 是不是后台有啥特别的配置吗?
另外:curl访问时可以的。 C:>curl -u admin:cirroadmin http://localhost:8080/graphs/hugegraph/schema/propertykeys {"propertykeys": [{"id":6,"name":"weight","data_type":"FLOAT","cardinality":"SINGLE","aggregate_type":"NONE","properties":[],"status":"CREATED","user_data":{"~create_time":"2022-06-28 11:59:45.228"}},{"id":3,"name":"addr","data_type":"TEXT","cardinality":"SINGLE","aggregate_type":"NONE","properties":[],"status":"CREATED","user_data":{"~create_time":"2022-06-28 11:59:45.224"}},{"id":2,"name":"age","data_type":"INT","cardinality":"SINGLE","aggregate_type":"NONE","properties":[],"status":"CREATED","user_data":{"~create_time":"2022-06-28 11:59:45.223"}},{"id":5,"name":"tag","data_type":"TEXT","cardinality":"SINGLE","aggregate_type":"NONE","properties":[],"status":"CREATED","user_data":{"~create_time":"2022-06-28 11:59:45.226"}},{"id":4,"name":"lang","data_type":"TEXT","cardinality":"SINGLE","aggregate_type":"NONE","properties":[],"status":"CREATED","user_data":{"~create_time":"2022-06-28 11:59:45.225"}},{"id":1,"name":"name","data_type":"TEXT","cardinality":"SINGLE","aggregate_type":"NONE","properties":[],"status":"CREATED","user_data":{"~create_time":"2022-06-28 11:59:45.218"}}]} C:>
感谢反馈,经过分析发现是StandardAuthenticator未实现Authenticator.newSaslNegotiator()方法导致的,欢迎贡献代码。
具体实现流程可参考:
实现方法 Authenticator.newSaslNegotiator(),并返回 PlainTextSaslNegotiator:
// StandardAuthenticator.newSaslNegotiator()
@Override
public SaslNegotiator newSaslNegotiator(InetAddress remoteAddress) {
throw new StandardAuthenticator.PlainTextSaslNegotiator();
}
PlainTextSaslNegotiator 可参考如下TinkerPop的 SimpleAuthenticator.PlainTextSaslAuthenticator 代码:
// SimpleAuthenticator.PlainTextSaslAuthenticator
private class PlainTextSaslAuthenticator implements Authenticator.SaslNegotiator {
// ...
}