This is an automated email from the ASF dual-hosted git repository.
github-bot pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/incubator-hugegraph-doc.git
The following commit(s) were added to refs/heads/asf-site by this push:
new e057a058 fix: warn user to update or change the default jwt value
(#364)
e057a058 is described below
commit e057a058e66d01df453d6fa043de5c253d4246f7
Author: imbajin <[email protected]>
AuthorDate: Thu Jul 11 07:30:45 2024 +0000
fix: warn user to update or change the default jwt value (#364)
Note: 1.5.0 has not been released yet
---------
Co-authored-by: imbajin <[email protected]>
72b37f7507422a42b4e9a70671f763c5811353d9
---
cn/docs/_print/index.html | 5 ++++-
cn/docs/config/_print/index.html | 5 ++++-
cn/docs/config/config-authentication/index.html | 13 ++++++++-----
cn/docs/config/index.xml | 8 +++++++-
cn/docs/index.xml | 8 +++++++-
cn/sitemap.xml | 2 +-
docs/_print/index.html | 6 +++++-
docs/config/_print/index.html | 6 +++++-
docs/config/config-authentication/index.html | 12 ++++++++----
docs/config/index.xml | 8 +++++++-
docs/index.xml | 8 +++++++-
en/sitemap.xml | 2 +-
sitemap.xml | 2 +-
13 files changed, 65 insertions(+), 20 deletions(-)
diff --git a/cn/docs/_print/index.html b/cn/docs/_print/index.html
index ba15dcf6..ba51168a 100644
--- a/cn/docs/_print/index.html
+++ b/cn/docs/_print/index.html
@@ -1883,7 +1883,10 @@ HugeGraph Toolchain
版本:toolchain-1.0.0</p></blockquote><p><code>spark-load
</span></span></code></pre></div><h3 id=配置用户认证>配置用户认证</h3><p>HugeGraph
目前默认<strong>未启用</strong>用户认证功能,需通过修改配置文件来启用该功能。(Note: 如果在生产环境/外网使用,
请使用 <strong>Java11</strong> 版本 +
开启权限避免安全相关隐患)</p><p>目前已内置实现了<code>StandardAuthenticator</code>模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现<code>HugeAuthenticator</code>接口来对接自身的权限系统。</p><p>用户认证方式均采用
<a
href=https://zh.wikipedia.org/wiki/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81>HTTP
Basic Authentication</a> ,简单说就是在发送 HTTP 请求时在 <code>Authentication</code> 设置选择
<code>Basic</code> 然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :</p><div class=highlight><pre
tabindex=0 style=background-color:#f8f8f8;-moz-tab-size:4;-o- [...]
</span></span></span><span style=display:flex><span><span
style=color:#a40000>Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id=standardauthenticator-模式>StandardAuthenticator
模式</h4><p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p><p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p><div
class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=ya [...]
+</span></span></span></code></pre></div><p><strong>警告</strong>:在 1.5.0 之前版本的
HugeGraph-Server 在鉴权模式下存在 JWT 相关的安全隐患,请务必使用新版本或自行修改 JWT token 的
secretKey。</p><p>修改方式为在配置文件<code>rest-server.properties</code>中重写<code>auth.token_secret</code>信息:(1.5.0
后会默认生成随机值则无需配置)</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span
style=display:flex><span>auth.token_secret=XXXX #这里为 32 位 Str [...]
+</span></span></code></pre></div><p>也可以通过下面的命令实现:</p><div class=highlight><pre
tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-shell data-lang=shell><span style=display:flex><span><span
style=color:#000>RANDOM_STRING</span><span
style=color:#ce5c00;font-weight:700>=</span><span
style=color:#204a87;font-weight:700>$(</span>head /dev/urandom <span
style=color:#000;font-weight:700>|</span> tr -dc A-Za-z0-9 <span
style=color:#000;font-w [...]
+</span></span><span style=display:flex><span><span
style=color:#204a87>echo</span> <span
style=color:#4e9a06>"auth.token_secret=</span><span
style=color:#4e9a06>${</span><span style=color:#000>RANDOM_STRING</span><span
style=color:#4e9a06>}</span><span style=color:#4e9a06>"</span> >>
rest-server.properties
+</span></span></code></pre></div><h4
id=standardauthenticator-模式>StandardAuthenticator
模式</h4><p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p><p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p><div
class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=yaml><spa [...]
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticator</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.StandardAuthenticator,</span><span
style=color:#f8f8f8;text-decoration:underline>
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticationHandler</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.WsAndHttpBasicAuthHandler,</span><span
style=color:#f8f8f8;text-decoration:underline>
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>config</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span>{<span
style=color:#204a87;font-weight:700>tokens</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>conf/rest-server.properties}</s [...]
diff --git a/cn/docs/config/_print/index.html b/cn/docs/config/_print/index.html
index a2e6f16c..2b68d56f 100644
--- a/cn/docs/config/_print/index.html
+++ b/cn/docs/config/_print/index.html
@@ -265,7 +265,10 @@
</span></span></code></pre></div><h3 id=配置用户认证>配置用户认证</h3><p>HugeGraph
目前默认<strong>未启用</strong>用户认证功能,需通过修改配置文件来启用该功能。(Note: 如果在生产环境/外网使用,
请使用 <strong>Java11</strong> 版本 +
开启权限避免安全相关隐患)</p><p>目前已内置实现了<code>StandardAuthenticator</code>模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现<code>HugeAuthenticator</code>接口来对接自身的权限系统。</p><p>用户认证方式均采用
<a
href=https://zh.wikipedia.org/wiki/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81>HTTP
Basic Authentication</a> ,简单说就是在发送 HTTP 请求时在 <code>Authentication</code> 设置选择
<code>Basic</code> 然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :</p><div class=highlight><pre
tabindex=0 style=background-color:#f8f8f8;-moz-tab-size:4;-o- [...]
</span></span></span><span style=display:flex><span><span
style=color:#a40000>Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id=standardauthenticator-模式>StandardAuthenticator
模式</h4><p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p><p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p><div
class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=ya [...]
+</span></span></span></code></pre></div><p><strong>警告</strong>:在 1.5.0 之前版本的
HugeGraph-Server 在鉴权模式下存在 JWT 相关的安全隐患,请务必使用新版本或自行修改 JWT token 的
secretKey。</p><p>修改方式为在配置文件<code>rest-server.properties</code>中重写<code>auth.token_secret</code>信息:(1.5.0
后会默认生成随机值则无需配置)</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span
style=display:flex><span>auth.token_secret=XXXX #这里为 32 位 Str [...]
+</span></span></code></pre></div><p>也可以通过下面的命令实现:</p><div class=highlight><pre
tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-shell data-lang=shell><span style=display:flex><span><span
style=color:#000>RANDOM_STRING</span><span
style=color:#ce5c00;font-weight:700>=</span><span
style=color:#204a87;font-weight:700>$(</span>head /dev/urandom <span
style=color:#000;font-weight:700>|</span> tr -dc A-Za-z0-9 <span
style=color:#000;font-w [...]
+</span></span><span style=display:flex><span><span
style=color:#204a87>echo</span> <span
style=color:#4e9a06>"auth.token_secret=</span><span
style=color:#4e9a06>${</span><span style=color:#000>RANDOM_STRING</span><span
style=color:#4e9a06>}</span><span style=color:#4e9a06>"</span> >>
rest-server.properties
+</span></span></code></pre></div><h4
id=standardauthenticator-模式>StandardAuthenticator
模式</h4><p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p><p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p><div
class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=yaml><spa [...]
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticator</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.StandardAuthenticator,</span><span
style=color:#f8f8f8;text-decoration:underline>
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticationHandler</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.WsAndHttpBasicAuthHandler,</span><span
style=color:#f8f8f8;text-decoration:underline>
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>config</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span>{<span
style=color:#204a87;font-weight:700>tokens</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>conf/rest-server.properties}</s [...]
diff --git a/cn/docs/config/config-authentication/index.html
b/cn/docs/config/config-authentication/index.html
index aae109fa..ca4d0e34 100644
--- a/cn/docs/config/config-authentication/index.html
+++ b/cn/docs/config/config-authentication/index.html
@@ -6,19 +6,19 @@ StandardAuthenticator 模式的几个核心设计:
// 场景:某用户只有北京地区的数据读取权限 user(name=xx) -belong-> group(name=xx) -access(read)->
target(graph=graph1, resource={label: person, city: Beijing}) 配置用户认证 HugeGraph
目前默认未启用用户认证功能,需通过修改配置文件来启用该功能。(Note: 如果在生产环境/外网使用, 请使用 Java11 版本 + 开启权限避免安全相关隐患)
目前已内置实现了StandardAuthenticator模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现HugeAuthenticator接口来对接自身的权限系统。
用户认证方式均采用 HTTP Basic Authentication ,简单说就是在发送 HTTP 请求时在 Authentication 设置选择
Basic 然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :
-GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization:
Basic admin xxxx StandardAuthenticator 模式
StandardAuthenticator模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):"><meta
property="og:type" content="article"><meta property="og:url"
content="/cn/docs/config/config-authentication/"><meta
property="article:section" content="docs"><meta
property="article:modified_time" content="2024-03-27T17:40:31+08:00"><meta
prope [...]
+GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization:
Basic admin xxxx 警告:在 1."><meta property="og:type" content="article"><meta
property="og:url" content="/cn/docs/config/config-authentication/"><meta
property="article:section" content="docs"><meta
property="article:modified_time" content="2024-07-11T15:30:07+08:00"><meta
property="og:site_name" content="HugeGraph"><meta itemprop=name
content="HugeGraph 内置用户权限与扩展权限配置及使用"><meta itemprop=description content="概述 Hug
[...]
StandardAuthenticator 模式的几个核心设计:
初始化时创建超级管理员 (admin) 用户,后续通过超级管理员创建其它用户,新创建的用户被分配足够权限后,可以创建或管理更多的用户
支持动态创建用户、用户组、资源,支持动态分配或取消权限
用户可以属于一个或多个用户组,每个用户组可以拥有对任意个资源的操作权限,操作类型包括:读、写、删除、执行等种类 “资源”
描述了图数据库中的数据,比如符合某一类条件的顶点,每一个资源包括 type、label、properties三个要素,共有 18 种类型、任意
label、任意 properties 可组合形成的资源,一个资源的内部条件是且关系,多个资源之间的条件是或关系 举例说明:
// 场景:某用户只有北京地区的数据读取权限 user(name=xx) -belong-> group(name=xx) -access(read)->
target(graph=graph1, resource={label: person, city: Beijing}) 配置用户认证 HugeGraph
目前默认未启用用户认证功能,需通过修改配置文件来启用该功能。(Note: 如果在生产环境/外网使用, 请使用 Java11 版本 + 开启权限避免安全相关隐患)
目前已内置实现了StandardAuthenticator模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现HugeAuthenticator接口来对接自身的权限系统。
用户认证方式均采用 HTTP Basic Authentication ,简单说就是在发送 HTTP 请求时在 Authentication 设置选择
Basic 然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :
-GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization:
Basic admin xxxx StandardAuthenticator 模式
StandardAuthenticator模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):"><meta
itemprop=dateModified content="2024-03-27T17:40:31+08:00"><meta
itemprop=wordCount content="254"><meta itemprop=keywords content><meta
name=twitter:card content="summary"><meta name=twitter:title content="HugeGraph
内置用户权限与扩展权限配置及使用"><meta name= [...]
+GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization:
Basic admin xxxx 警告:在 1."><meta itemprop=dateModified
content="2024-07-11T15:30:07+08:00"><meta itemprop=wordCount
content="291"><meta itemprop=keywords content><meta name=twitter:card
content="summary"><meta name=twitter:title content="HugeGraph
内置用户权限与扩展权限配置及使用"><meta name=twitter:description content="概述 HugeGraph
为了方便不同用户场景下的鉴权使用,目前内置了完备的StandardAuthenticator权限模式,支持多用户认证、
以及细粒度的权限访问控制,采用基于“用户 - 用户组 - 操作 - 资源 [...]
StandardAuthenticator 模式的几个核心设计:
初始化时创建超级管理员 (admin) 用户,后续通过超级管理员创建其它用户,新创建的用户被分配足够权限后,可以创建或管理更多的用户
支持动态创建用户、用户组、资源,支持动态分配或取消权限
用户可以属于一个或多个用户组,每个用户组可以拥有对任意个资源的操作权限,操作类型包括:读、写、删除、执行等种类 “资源”
描述了图数据库中的数据,比如符合某一类条件的顶点,每一个资源包括 type、label、properties三个要素,共有 18 种类型、任意
label、任意 properties 可组合形成的资源,一个资源的内部条件是且关系,多个资源之间的条件是或关系 举例说明:
// 场景:某用户只有北京地区的数据读取权限 user(name=xx) -belong-> group(name=xx) -access(read)->
target(graph=graph1, resource={label: person, city: Beijing}) 配置用户认证 HugeGraph
目前默认未启用用户认证功能,需通过修改配置文件来启用该功能。(Note: 如果在生产环境/外网使用, 请使用 Java11 版本 + 开启权限避免安全相关隐患)
目前已内置实现了StandardAuthenticator模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现HugeAuthenticator接口来对接自身的权限系统。
用户认证方式均采用 HTTP Basic Authentication ,简单说就是在发送 HTTP 请求时在 Authentication 设置选择
Basic 然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :
-GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization:
Basic admin xxxx StandardAuthenticator 模式
StandardAuthenticator模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):"><link
rel=preload
href=/scss/main.min.14ea575cb35d93d46ff8681b2334f40fd46243c100c5c39f5a841b931fae2d40.css
as=style><link
href=/scss/main.min.14ea575cb35d93d46ff8681b2334f40fd46243c100c5c39f5a841b931fae2d40.css
rel=stylesheet integrity><script src=ht [...]
+GET http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization:
Basic admin xxxx 警告:在 1."><link rel=preload
href=/scss/main.min.14ea575cb35d93d46ff8681b2334f40fd46243c100c5c39f5a841b931fae2d40.css
as=style><link
href=/scss/main.min.14ea575cb35d93d46ff8681b2334f40fd46243c100c5c39f5a841b931fae2d40.css
rel=stylesheet integrity><script
src=https://code.jquery.com/jquery-3.5.1.min.js
integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0="
crossorigin=anonymous></script>
<link rel=stylesheet href=/css/prism.css><script
type=application/javascript>var
doNotTrack=!1;doNotTrack||(window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)},ga.l=+new
Date,ga("create","UA-00000000-0","auto"),ga("send","pageview"))</script><script
async src=https://www.google-analytics.com/analytics.js></script></head><body
class=td-page><header><nav class="js-navbar-scroll navbar navbar-expand
navbar-dark flex-column flex-md-row td-navbar"><a class=navbar-brand href=/cn/>
[...]
<a
href=https://github.com/apache/incubator-hugegraph-doc/edit/master/content/cn/docs/config/config-authentication.md
class=td-page-meta--edit target=_blank rel=noopener><i class="fa fa-edit
fa-fw"></i> Edit this page</a>
<a
href="https://github.com/apache/incubator-hugegraph-doc/new/master/content/cn/docs/config/config-authentication.md?filename=change-me.md&value=---%0Atitle%3A+%22Long+Page+Title%22%0AlinkTitle%3A+%22Short+Nav+Title%22%0Aweight%3A+100%0Adescription%3A+%3E-%0A+++++Page+description+for+heading+and+indexes.%0A---%0A%0A%23%23+Heading%0A%0AEdit+this+template+to+create+your+new+page.%0A%0A%2A+Give+it+a+good+name%2C+ending+in+%60.md%60+-+e.g.+%60getting-started.md%60%0A%2A+Edit+the+%22front+ma
[...]
@@ -30,7 +30,10 @@ GET
http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization: Ba
</span></span></code></pre></div><h3 id=配置用户认证>配置用户认证</h3><p>HugeGraph
目前默认<strong>未启用</strong>用户认证功能,需通过修改配置文件来启用该功能。(Note: 如果在生产环境/外网使用,
请使用 <strong>Java11</strong> 版本 +
开启权限避免安全相关隐患)</p><p>目前已内置实现了<code>StandardAuthenticator</code>模式,该模式支持多用户认证与细粒度权限控制。此外,开发者可以自定义实现<code>HugeAuthenticator</code>接口来对接自身的权限系统。</p><p>用户认证方式均采用
<a
href=https://zh.wikipedia.org/wiki/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81>HTTP
Basic Authentication</a> ,简单说就是在发送 HTTP 请求时在 <code>Authentication</code> 设置选择
<code>Basic</code> 然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :</p><div class=highlight><pre
tabindex=0 style=background-color:#f8f8f8;-moz-tab-size:4;-o- [...]
</span></span></span><span style=display:flex><span><span
style=color:#a40000>Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id=standardauthenticator-模式>StandardAuthenticator
模式</h4><p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p><p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p><div
class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=ya [...]
+</span></span></span></code></pre></div><p><strong>警告</strong>:在 1.5.0 之前版本的
HugeGraph-Server 在鉴权模式下存在 JWT 相关的安全隐患,请务必使用新版本或自行修改 JWT token 的
secretKey。</p><p>修改方式为在配置文件<code>rest-server.properties</code>中重写<code>auth.token_secret</code>信息:(1.5.0
后会默认生成随机值则无需配置)</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span
style=display:flex><span>auth.token_secret=XXXX #这里为 32 位 Str [...]
+</span></span></code></pre></div><p>也可以通过下面的命令实现:</p><div class=highlight><pre
tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-shell data-lang=shell><span style=display:flex><span><span
style=color:#000>RANDOM_STRING</span><span
style=color:#ce5c00;font-weight:700>=</span><span
style=color:#204a87;font-weight:700>$(</span>head /dev/urandom <span
style=color:#000;font-weight:700>|</span> tr -dc A-Za-z0-9 <span
style=color:#000;font-w [...]
+</span></span><span style=display:flex><span><span
style=color:#204a87>echo</span> <span
style=color:#4e9a06>"auth.token_secret=</span><span
style=color:#4e9a06>${</span><span style=color:#000>RANDOM_STRING</span><span
style=color:#4e9a06>}</span><span style=color:#4e9a06>"</span> >>
rest-server.properties
+</span></span></code></pre></div><h4
id=standardauthenticator-模式>StandardAuthenticator
模式</h4><p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p><p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p><div
class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=yaml><spa [...]
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticator</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.StandardAuthenticator,</span><span
style=color:#f8f8f8;text-decoration:underline>
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticationHandler</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.WsAndHttpBasicAuthHandler,</span><span
style=color:#f8f8f8;text-decoration:underline>
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>config</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span>{<span
style=color:#204a87;font-weight:700>tokens</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>conf/rest-server.properties}</s [...]
@@ -67,7 +70,7 @@ GET
http://localhost:8080/graphs/hugegraph/schema/vertexlabels Authorization: Ba
</span></span></span></code></pre></div><h4 id=3-进入容器后重新开启鉴权模式>3.
进入容器后重新开启鉴权模式</h4><p>首先进入容器:</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-bash data-lang=bash><span style=display:flex><span>docker <span
style=color:#204a87>exec</span> -it server bash
</span></span><span style=display:flex><span><span
style=color:#8f5902;font-style:italic># 用于快速修改配置, 修改前的文件被保存在conf-bak文件夹下</span>
</span></span><span style=display:flex><span>bin/enable-auth.sh
-</span></span></code></pre></div><p>之后参照 <a
href=#%E5%9F%BA%E4%BA%8E%E9%89%B4%E6%9D%83%E6%A8%A1%E5%BC%8F%E5%90%AF%E5%8A%A8>基于鉴权模式启动</a>
即可</p><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><script>const
yesButton=document.querySelector(".feedback--answer-yes"),noButton=document.querySelector(".feedback--answer-no"),yesResponse=document.querySelector(".fee
[...]
+</span></span></code></pre></div><p>之后参照 <a
href=#%E5%9F%BA%E4%BA%8E%E9%89%B4%E6%9D%83%E6%A8%A1%E5%BC%8F%E5%90%AF%E5%8A%A8>基于鉴权模式启动</a>
即可</p><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><script>const
yesButton=document.querySelector(".feedback--answer-yes"),noButton=document.querySelector(".feedback--answer-no"),yesResponse=document.querySelector(".fee
[...]
<script
src=https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js
integrity="sha512-UR25UO94eTnCVwjbXozyeVd6ZqpaAE9naiEUBK/A+QDbfSTQFhPGj5lOR6d8tsgbBk84Ggb5A3EkjsOgPRPcKA=="
crossorigin=anonymous></script>
<script src=/js/tabpane-persist.js></script>
<script
src=/js/main.min.aa9f4c5dae6a98b2c46277f4c56f1673a2b000d1756ce4ffae93784cab25e6d5.js
integrity="sha256-qp9MXa5qmLLEYnf0xW8Wc6KwANF1bOT/rpN4TKsl5tU="
crossorigin=anonymous></script>
diff --git a/cn/docs/config/index.xml b/cn/docs/config/index.xml
index 5434b002..3993eebc 100644
--- a/cn/docs/config/index.xml
+++ b/cn/docs/config/index.xml
@@ -1520,7 +1520,13 @@
<p>用户认证方式均采用 <a
href="https://zh.wikipedia.org/wiki/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81";>HTTP
Basic Authentication</a> ,简单说就是在发送 HTTP 请求时在
<code>Authentication</code> 设置选择 <code>Basic</code>
然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :</p>
<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-http" data-lang="http"><span
style="display:flex;"><span><span style="color:#a40000">GET
http://localhost:8080/graphs/hugegraph/schema/vertexlabels
</span></span></span><span style="display:flex;"><span><span
style="color:#a40000">Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id="standardauthenticator-模式">StandardAuthenticator 模式</h4>
+</span></span></span></code></pre></div><p><strong>警告</strong>:在
1.5.0 之前版本的 HugeGraph-Server 在鉴权模式下存在 JWT 相关的安全隐患,请务必使用新版本或自行修改 JWT token 的
secretKey。</p>
+<p>修改方式为在配置文件<code>rest-server.properties</code>中重写<code>auth.token_secret</code>信息:(1.5.0
后会默认生成随机值则无需配置)</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>auth.token_secret=XXXX #这里为 32 位 String,由
a-z,A-Z 和 0-9 组成
+</span></span></code></pre></div><p>也可以通过下面的命令实现:</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-shell" data-lang="shell"><span
style="display:flex;"><span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#ce5c00;font-weight:bold">=</span><span
style="color:#204a87;font-weight:bold">$(</span>head /dev/urandom <span
style="color:#000;font-weight:bold">|</span> tr -dc A-Za-z0-9 <span
style="co [...]
+</span></span><span style="display:flex;"><span><span
style="color:#204a87">echo</span> <span
style="color:#4e9a06">&#34;auth.token_secret=</span><span
style="color:#4e9a06">${</span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#4e9a06">}</span><span
style="color:#4e9a06">&#34;</span> &gt;&gt;
rest-server.properties
+</span></span></code></pre></div><h4
id="standardauthenticator-模式">StandardAuthenticator 模式</h4>
<p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p>
<p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p>
<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-yaml" data-lang="yaml"><span
style="display:flex;"><span><span
style="color:#204a87;font-weight:bold">authentication</span><span
style="color:#000;font-weight:bold">:</span><span
style="color:#f8f8f8;text-decoration:underline"> </span>{<span
style="color:#f8f8f8;text-decoration:underline">
diff --git a/cn/docs/index.xml b/cn/docs/index.xml
index a5d5ba3b..bf3922b1 100644
--- a/cn/docs/index.xml
+++ b/cn/docs/index.xml
@@ -7963,7 +7963,13 @@ HugeGraph目前采用EdgeCut的分区方案。</p>
<p>用户认证方式均采用 <a
href="https://zh.wikipedia.org/wiki/HTTP%E5%9F%BA%E6%9C%AC%E8%AE%A4%E8%AF%81";>HTTP
Basic Authentication</a> ,简单说就是在发送 HTTP 请求时在
<code>Authentication</code> 设置选择 <code>Basic</code>
然后输入对应的用户名和密码,对应 HTTP 明文如下所示 :</p>
<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-http" data-lang="http"><span
style="display:flex;"><span><span style="color:#a40000">GET
http://localhost:8080/graphs/hugegraph/schema/vertexlabels
</span></span></span><span style="display:flex;"><span><span
style="color:#a40000">Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id="standardauthenticator-模式">StandardAuthenticator 模式</h4>
+</span></span></span></code></pre></div><p><strong>警告</strong>:在
1.5.0 之前版本的 HugeGraph-Server 在鉴权模式下存在 JWT 相关的安全隐患,请务必使用新版本或自行修改 JWT token 的
secretKey。</p>
+<p>修改方式为在配置文件<code>rest-server.properties</code>中重写<code>auth.token_secret</code>信息:(1.5.0
后会默认生成随机值则无需配置)</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>auth.token_secret=XXXX #这里为 32 位 String,由
a-z,A-Z 和 0-9 组成
+</span></span></code></pre></div><p>也可以通过下面的命令实现:</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-shell" data-lang="shell"><span
style="display:flex;"><span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#ce5c00;font-weight:bold">=</span><span
style="color:#204a87;font-weight:bold">$(</span>head /dev/urandom <span
style="color:#000;font-weight:bold">|</span> tr -dc A-Za-z0-9 <span
style="co [...]
+</span></span><span style="display:flex;"><span><span
style="color:#204a87">echo</span> <span
style="color:#4e9a06">&#34;auth.token_secret=</span><span
style="color:#4e9a06">${</span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#4e9a06">}</span><span
style="color:#4e9a06">&#34;</span> &gt;&gt;
rest-server.properties
+</span></span></code></pre></div><h4
id="standardauthenticator-模式">StandardAuthenticator 模式</h4>
<p><code>StandardAuthenticator</code>模式是通过在数据库后端存储用户信息来支持用户认证和权限控制,该实现基于数据库存储的用户的名称与密码进行认证(密码已被加密),基于用户的角色来细粒度控制用户权限。下面是具体的配置流程(重启服务生效):</p>
<p>在配置文件<code>gremlin-server.yaml</code>中配置<code>authenticator</code>及其<code>rest-server</code>文件路径:</p>
<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-yaml" data-lang="yaml"><span
style="display:flex;"><span><span
style="color:#204a87;font-weight:bold">authentication</span><span
style="color:#000;font-weight:bold">:</span><span
style="color:#f8f8f8;text-decoration:underline"> </span>{<span
style="color:#f8f8f8;text-decoration:underline">
diff --git a/cn/sitemap.xml b/cn/sitemap.xml
index 66edc398..75028baa 100644
--- a/cn/sitemap.xml
+++ b/cn/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/cn/docs/language/hugegraph-gremlin/</loc><lastmod>2023-01-01T16:16:43+08:00</lastmod><xhtml:link
rel="alternate" hreflang="en"
href="/docs/language/hugegraph-gremlin/"/><xhtml:link rel="alternate"
hreflang="cn"
href="/cn/docs/language/hugegraph-gremlin/"/></url><url><loc>/cn/docs/performance/hugegraph-benchmark-0.5.6/</lo
[...]
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/cn/docs/language/hugegraph-gremlin/</loc><lastmod>2023-01-01T16:16:43+08:00</lastmod><xhtml:link
rel="alternate" hreflang="en"
href="/docs/language/hugegraph-gremlin/"/><xhtml:link rel="alternate"
hreflang="cn"
href="/cn/docs/language/hugegraph-gremlin/"/></url><url><loc>/cn/docs/performance/hugegraph-benchmark-0.5.6/</lo
[...]
\ No newline at end of file
diff --git a/docs/_print/index.html b/docs/_print/index.html
index 8071f002..1cb4baf0 100644
--- a/docs/_print/index.html
+++ b/docs/_print/index.html
@@ -1899,7 +1899,11 @@ flexibly control user roles and permissions (supports
multiple GraphServers).</p
modifying the configuration file (Note: If used in a production environment or
over the internet,
please use a <strong>Java11</strong> version and enable
<strong>auth-system</strong> to avoid security risks.)"</p><p>You need to
modify the configuration file to enable this feature. HugeGraph provides
built-in authentication mode: <code>StandardAuthenticator</code>. This mode
supports multi-user authentication and fine-grained permission control.
Additionally, developers can implement their own <code>HugeAuthenticator</code>
interface to integrate with their existing authentication sys [...]
</span></span></span><span style=display:flex><span><span
style=color:#a40000>Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id=standardauthenticator-mode>StandardAuthenticator Mode</h4><p>The
<code>StandardAuthenticator</code> mode supports user authentication and
permission control by storing user information in the database backend. This
+</span></span></span></code></pre></div><p><strong>Warning</strong>: Versions
of HugeGraph-Server prior to 1.5.0 have a JWT-related security vulnerability in
the Auth mode.
+Users are advised to update to a newer version or manually set the JWT
token’s secretKey. It can be set in the
<code>rest-server.properties</code> file by setting the
<code>auth.token_secret</code> information:</p><div class=highlight><pre
tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span
style=display:flex><span>auth.token_secret=XXXX # should be a 32-chars
string, consist of A-Z, a-z and 0-9
+</span></span></code></pre></div><p>You can also generate it with the
following command:</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-shell data-lang=shell><span style=display:flex><span><span
style=color:#000>RANDOM_STRING</span><span
style=color:#ce5c00;font-weight:700>=</span><span
style=color:#204a87;font-weight:700>$(</span>head /dev/urandom <span
style=color:#000;font-weight:700>|</span> tr -dc [...]
+</span></span><span style=display:flex><span><span
style=color:#204a87>echo</span> <span
style=color:#4e9a06>"auth.token_secret=</span><span
style=color:#4e9a06>${</span><span style=color:#000>RANDOM_STRING</span><span
style=color:#4e9a06>}</span><span style=color:#4e9a06>"</span> >>
rest-server.properties
+</span></span></code></pre></div><h4
id=standardauthenticator-mode>StandardAuthenticator Mode</h4><p>The
<code>StandardAuthenticator</code> mode supports user authentication and
permission control by storing user information in the database backend. This
implementation authenticates users based on their names and passwords
(encrypted) stored in the database and controls user permissions based on their
roles. Below is the specific configuration process (requires service
restart):</p><p>Configure the <code>authenticator</code> and its
<code>rest-server</code> file path in the <code>gremlin-server.yaml</code>
configuration file:</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=yaml><span style=display:flex><span><span
style=color:#204a87;font-weight:700>authentication</span><span style=colo [...]
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticator</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.StandardAuthenticator,</span><span
style=color:#f8f8f8;text-decoration:underline>
diff --git a/docs/config/_print/index.html b/docs/config/_print/index.html
index c4794c77..319276a2 100644
--- a/docs/config/_print/index.html
+++ b/docs/config/_print/index.html
@@ -265,7 +265,11 @@ flexibly control user roles and permissions (supports
multiple GraphServers).</p
modifying the configuration file (Note: If used in a production environment or
over the internet,
please use a <strong>Java11</strong> version and enable
<strong>auth-system</strong> to avoid security risks.)"</p><p>You need to
modify the configuration file to enable this feature. HugeGraph provides
built-in authentication mode: <code>StandardAuthenticator</code>. This mode
supports multi-user authentication and fine-grained permission control.
Additionally, developers can implement their own <code>HugeAuthenticator</code>
interface to integrate with their existing authentication sys [...]
</span></span></span><span style=display:flex><span><span
style=color:#a40000>Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id=standardauthenticator-mode>StandardAuthenticator Mode</h4><p>The
<code>StandardAuthenticator</code> mode supports user authentication and
permission control by storing user information in the database backend. This
+</span></span></span></code></pre></div><p><strong>Warning</strong>: Versions
of HugeGraph-Server prior to 1.5.0 have a JWT-related security vulnerability in
the Auth mode.
+Users are advised to update to a newer version or manually set the JWT
token’s secretKey. It can be set in the
<code>rest-server.properties</code> file by setting the
<code>auth.token_secret</code> information:</p><div class=highlight><pre
tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span
style=display:flex><span>auth.token_secret=XXXX # should be a 32-chars
string, consist of A-Z, a-z and 0-9
+</span></span></code></pre></div><p>You can also generate it with the
following command:</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-shell data-lang=shell><span style=display:flex><span><span
style=color:#000>RANDOM_STRING</span><span
style=color:#ce5c00;font-weight:700>=</span><span
style=color:#204a87;font-weight:700>$(</span>head /dev/urandom <span
style=color:#000;font-weight:700>|</span> tr -dc [...]
+</span></span><span style=display:flex><span><span
style=color:#204a87>echo</span> <span
style=color:#4e9a06>"auth.token_secret=</span><span
style=color:#4e9a06>${</span><span style=color:#000>RANDOM_STRING</span><span
style=color:#4e9a06>}</span><span style=color:#4e9a06>"</span> >>
rest-server.properties
+</span></span></code></pre></div><h4
id=standardauthenticator-mode>StandardAuthenticator Mode</h4><p>The
<code>StandardAuthenticator</code> mode supports user authentication and
permission control by storing user information in the database backend. This
implementation authenticates users based on their names and passwords
(encrypted) stored in the database and controls user permissions based on their
roles. Below is the specific configuration process (requires service
restart):</p><p>Configure the <code>authenticator</code> and its
<code>rest-server</code> file path in the <code>gremlin-server.yaml</code>
configuration file:</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=yaml><span style=display:flex><span><span
style=color:#204a87;font-weight:700>authentication</span><span style=colo [...]
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticator</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.StandardAuthenticator,</span><span
style=color:#f8f8f8;text-decoration:underline>
diff --git a/docs/config/config-authentication/index.html
b/docs/config/config-authentication/index.html
index 2c8e63c4..7dab22fb 100644
--- a/docs/config/config-authentication/index.html
+++ b/docs/config/config-authentication/index.html
@@ -1,9 +1,9 @@
<!doctype html><html lang=en class=no-js><head><meta charset=utf-8><meta
name=viewport
content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta
name=generator content="Hugo 0.102.3"><meta name=robots content="index,
follow"><link rel="shortcut icon" href=/favicons/favicon.ico><link
rel=apple-touch-icon href=/favicons/apple-touch-icon-180x180.png
sizes=180x180><link rel=icon type=image/png href=/favicons/favicon-16x16.png
sizes=16x16><link rel=icon type=image/png href=/favicons [...]
To facilitate authentication usage in different user scenarios, HugeGraph
currently provides built-in authorization StandardAuthenticator …"><meta
property="og:title" content="Built-in User Authentication and Authorization
Configuration and Usage in HugeGraph"><meta property="og:description"
content="Overview To facilitate authentication usage in different user
scenarios, HugeGraph currently provides built-in authorization
StandardAuthenticator mode, which supports multi-user authenticat [...]
Some key designs of the StandardAuthenticator mode include:
-During initialization, a super administrator (admin) user is created.
Subsequently, other users can be created by the super administrator. Once newly
created users are assigned sufficient permissions, they can create or manage
more users."><meta property="og:type" content="article"><meta property="og:url"
content="/docs/config/config-authentication/"><meta property="article:section"
content="docs"><meta property="article:modified_time"
content="2024-03-27T17:40:31+08:00"><meta property=" [...]
+During initialization, a super administrator (admin) user is created.
Subsequently, other users can be created by the super administrator. Once newly
created users are assigned sufficient permissions, they can create or manage
more users."><meta property="og:type" content="article"><meta property="og:url"
content="/docs/config/config-authentication/"><meta property="article:section"
content="docs"><meta property="article:modified_time"
content="2024-07-11T15:30:07+08:00"><meta property=" [...]
Some key designs of the StandardAuthenticator mode include:
-During initialization, a super administrator (admin) user is created.
Subsequently, other users can be created by the super administrator. Once newly
created users are assigned sufficient permissions, they can create or manage
more users."><meta itemprop=dateModified
content="2024-03-27T17:40:31+08:00"><meta itemprop=wordCount
content="851"><meta itemprop=keywords content><meta name=twitter:card
content="summary"><meta name=twitter:title content="Built-in User
Authentication and Authoriz [...]
+During initialization, a super administrator (admin) user is created.
Subsequently, other users can be created by the super administrator. Once newly
created users are assigned sufficient permissions, they can create or manage
more users."><meta itemprop=dateModified
content="2024-07-11T15:30:07+08:00"><meta itemprop=wordCount
content="932"><meta itemprop=keywords content><meta name=twitter:card
content="summary"><meta name=twitter:title content="Built-in User
Authentication and Authoriz [...]
Some key designs of the StandardAuthenticator mode include:
During initialization, a super administrator (admin) user is created.
Subsequently, other users can be created by the super administrator. Once newly
created users are assigned sufficient permissions, they can create or manage
more users."><link rel=preload
href=/scss/main.min.14ea575cb35d93d46ff8681b2334f40fd46243c100c5c39f5a841b931fae2d40.css
as=style><link
href=/scss/main.min.14ea575cb35d93d46ff8681b2334f40fd46243c100c5c39f5a841b931fae2d40.css
rel=stylesheet integrity><script src=http [...]
<link rel=stylesheet href=/css/prism.css><script
type=application/javascript>var
doNotTrack=!1;doNotTrack||(window.ga=window.ga||function(){(ga.q=ga.q||[]).push(arguments)},ga.l=+new
Date,ga("create","UA-00000000-0","auto"),ga("send","pageview"))</script><script
async src=https://www.google-analytics.com/analytics.js></script></head><body
class=td-page><header><nav class="js-navbar-scroll navbar navbar-expand
navbar-dark flex-column flex-md-row td-navbar"><a class=navbar-brand href=/><sp
[...]
@@ -19,7 +19,11 @@ flexibly control user roles and permissions (supports
multiple GraphServers).</p
modifying the configuration file (Note: If used in a production environment or
over the internet,
please use a <strong>Java11</strong> version and enable
<strong>auth-system</strong> to avoid security risks.)"</p><p>You need to
modify the configuration file to enable this feature. HugeGraph provides
built-in authentication mode: <code>StandardAuthenticator</code>. This mode
supports multi-user authentication and fine-grained permission control.
Additionally, developers can implement their own <code>HugeAuthenticator</code>
interface to integrate with their existing authentication sys [...]
</span></span></span><span style=display:flex><span><span
style=color:#a40000>Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id=standardauthenticator-mode>StandardAuthenticator Mode</h4><p>The
<code>StandardAuthenticator</code> mode supports user authentication and
permission control by storing user information in the database backend. This
+</span></span></span></code></pre></div><p><strong>Warning</strong>: Versions
of HugeGraph-Server prior to 1.5.0 have a JWT-related security vulnerability in
the Auth mode.
+Users are advised to update to a newer version or manually set the JWT
token’s secretKey. It can be set in the
<code>rest-server.properties</code> file by setting the
<code>auth.token_secret</code> information:</p><div class=highlight><pre
tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-fallback data-lang=fallback><span
style=display:flex><span>auth.token_secret=XXXX # should be a 32-chars
string, consist of A-Z, a-z and 0-9
+</span></span></code></pre></div><p>You can also generate it with the
following command:</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-shell data-lang=shell><span style=display:flex><span><span
style=color:#000>RANDOM_STRING</span><span
style=color:#ce5c00;font-weight:700>=</span><span
style=color:#204a87;font-weight:700>$(</span>head /dev/urandom <span
style=color:#000;font-weight:700>|</span> tr -dc [...]
+</span></span><span style=display:flex><span><span
style=color:#204a87>echo</span> <span
style=color:#4e9a06>"auth.token_secret=</span><span
style=color:#4e9a06>${</span><span style=color:#000>RANDOM_STRING</span><span
style=color:#4e9a06>}</span><span style=color:#4e9a06>"</span> >>
rest-server.properties
+</span></span></code></pre></div><h4
id=standardauthenticator-mode>StandardAuthenticator Mode</h4><p>The
<code>StandardAuthenticator</code> mode supports user authentication and
permission control by storing user information in the database backend. This
implementation authenticates users based on their names and passwords
(encrypted) stored in the database and controls user permissions based on their
roles. Below is the specific configuration process (requires service
restart):</p><p>Configure the <code>authenticator</code> and its
<code>rest-server</code> file path in the <code>gremlin-server.yaml</code>
configuration file:</p><div class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-yaml data-lang=yaml><span style=display:flex><span><span
style=color:#204a87;font-weight:700>authentication</span><span style=colo [...]
</span></span></span><span style=display:flex><span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#204a87;font-weight:700>authenticator</span><span
style=color:#000;font-weight:700>:</span><span
style=color:#f8f8f8;text-decoration:underline> </span><span
style=color:#000>org.apache.hugegraph.auth.StandardAuthenticator,</span><span
style=color:#f8f8f8;text-decoration:underline>
@@ -62,7 +66,7 @@ it is temporarily <strong>not possible</strong> to directly
convert the authenti
</span></span></span></code></pre></div><h4
id=3-enter-the-container-to-enable-authentication-mode>3. Enter the container
to enable authentication mode</h4><p>Enter the container first:</p><div
class=highlight><pre tabindex=0
style=background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4><code
class=language-bash data-lang=bash><span style=display:flex><span>docker <span
style=color:#204a87>exec</span> -it server bash
</span></span><span style=display:flex><span><span
style=color:#8f5902;font-style:italic># Modify the config quickly, the modified
file are save in the conf-bak folder</span>
</span></span><span style=display:flex><span>bin/enable-auth.sh
-</span></span></code></pre></div><p>Then follow <a
href=#switching-authentication-mode>Switching authentication
mode</a></p><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><script>const
yesButton=document.querySelector(".feedback--answer-yes"),noButton=document.querySelector(".feedback--answer-no"),yesResponse=document.querySelector(".feedback--response-ye
[...]
+</span></span></code></pre></div><p>Then follow <a
href=#switching-authentication-mode>Switching authentication
mode</a></p><style>.feedback--answer{display:inline-block}.feedback--answer-no{margin-left:1em}.feedback--response{display:none;margin-top:1em}.feedback--response__visible{display:block}</style><script>const
yesButton=document.querySelector(".feedback--answer-yes"),noButton=document.querySelector(".feedback--answer-no"),yesResponse=document.querySelector(".feedback--response-ye
[...]
<script
src=https://cdn.jsdelivr.net/npm/[email protected]/dist/js/bootstrap.min.js
integrity="sha512-UR25UO94eTnCVwjbXozyeVd6ZqpaAE9naiEUBK/A+QDbfSTQFhPGj5lOR6d8tsgbBk84Ggb5A3EkjsOgPRPcKA=="
crossorigin=anonymous></script>
<script src=/js/tabpane-persist.js></script>
<script
src=/js/main.min.aa9f4c5dae6a98b2c46277f4c56f1673a2b000d1756ce4ffae93784cab25e6d5.js
integrity="sha256-qp9MXa5qmLLEYnf0xW8Wc6KwANF1bOT/rpN4TKsl5tU="
crossorigin=anonymous></script>
diff --git a/docs/config/index.xml b/docs/config/index.xml
index 7c92114a..8035f6ff 100644
--- a/docs/config/index.xml
+++ b/docs/config/index.xml
@@ -1520,7 +1520,13 @@ please use a <strong>Java11</strong> version and
enable <strong>auth-sy
<p>HugeGraph authentication modes adopt <a
href="https://en.wikipedia.org/wiki/Basic_access_authentication";>HTTP Basic
Authentication</a>. In simple terms, when sending an HTTP request, you need
to set the <code>Authentication</code> header to <code>Basic</code>
and provide the corresponding username and password. The corresponding HTTP
plaintext format is as follows:</p>
<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-http" data-lang="http"><span
style="display:flex;"><span><span style="color:#a40000">GET
http://localhost:8080/graphs/hugegraph/schema/vertexlabels
</span></span></span><span style="display:flex;"><span><span
style="color:#a40000">Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id="standardauthenticator-mode">StandardAuthenticator Mode</h4>
+</span></span></span></code></pre></div><p><strong>Warning</strong>:
Versions of HugeGraph-Server prior to 1.5.0 have a JWT-related security
vulnerability in the Auth mode.
+Users are advised to update to a newer version or manually set the JWT
token&rsquo;s secretKey. It can be set in the
<code>rest-server.properties</code> file by setting the
<code>auth.token_secret</code> information:</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>auth.token_secret=XXXX # should be a 32-chars
string, consist of A-Z, a-z and 0-9
+</span></span></code></pre></div><p>You can also generate it
with the following command:</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-shell" data-lang="shell"><span
style="display:flex;"><span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#ce5c00;font-weight:bold">=</span><span
style="color:#204a87;font-weight:bold">$(</span>head /dev/urandom <span
style="color:#000;font-weight:bold">|</span> tr -dc A-Za-z0-9 <span
style="co [...]
+</span></span><span style="display:flex;"><span><span
style="color:#204a87">echo</span> <span
style="color:#4e9a06">&#34;auth.token_secret=</span><span
style="color:#4e9a06">${</span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#4e9a06">}</span><span
style="color:#4e9a06">&#34;</span> &gt;&gt;
rest-server.properties
+</span></span></code></pre></div><h4
id="standardauthenticator-mode">StandardAuthenticator Mode</h4>
<p>The <code>StandardAuthenticator</code> mode supports user
authentication and permission control by storing user information in the
database backend. This
implementation authenticates users based on their names and passwords
(encrypted) stored in the database and controls user permissions based on their
roles. Below is the specific configuration process (requires service
restart):</p>
diff --git a/docs/index.xml b/docs/index.xml
index da9c2372..847923f5 100644
--- a/docs/index.xml
+++ b/docs/index.xml
@@ -6486,7 +6486,13 @@ please use a <strong>Java11</strong> version and
enable <strong>auth-sy
<p>HugeGraph authentication modes adopt <a
href="https://en.wikipedia.org/wiki/Basic_access_authentication";>HTTP Basic
Authentication</a>. In simple terms, when sending an HTTP request, you need
to set the <code>Authentication</code> header to <code>Basic</code>
and provide the corresponding username and password. The corresponding HTTP
plaintext format is as follows:</p>
<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-http" data-lang="http"><span
style="display:flex;"><span><span style="color:#a40000">GET
http://localhost:8080/graphs/hugegraph/schema/vertexlabels
</span></span></span><span style="display:flex;"><span><span
style="color:#a40000">Authorization: Basic admin xxxx
-</span></span></span></code></pre></div><h4
id="standardauthenticator-mode">StandardAuthenticator Mode</h4>
+</span></span></span></code></pre></div><p><strong>Warning</strong>:
Versions of HugeGraph-Server prior to 1.5.0 have a JWT-related security
vulnerability in the Auth mode.
+Users are advised to update to a newer version or manually set the JWT
token&rsquo;s secretKey. It can be set in the
<code>rest-server.properties</code> file by setting the
<code>auth.token_secret</code> information:</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-fallback" data-lang="fallback"><span
style="display:flex;"><span>auth.token_secret=XXXX # should be a 32-chars
string, consist of A-Z, a-z and 0-9
+</span></span></code></pre></div><p>You can also generate it
with the following command:</p>
+<div class="highlight"><pre tabindex="0"
style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code
class="language-shell" data-lang="shell"><span
style="display:flex;"><span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#ce5c00;font-weight:bold">=</span><span
style="color:#204a87;font-weight:bold">$(</span>head /dev/urandom <span
style="color:#000;font-weight:bold">|</span> tr -dc A-Za-z0-9 <span
style="co [...]
+</span></span><span style="display:flex;"><span><span
style="color:#204a87">echo</span> <span
style="color:#4e9a06">&#34;auth.token_secret=</span><span
style="color:#4e9a06">${</span><span
style="color:#000">RANDOM_STRING</span><span
style="color:#4e9a06">}</span><span
style="color:#4e9a06">&#34;</span> &gt;&gt;
rest-server.properties
+</span></span></code></pre></div><h4
id="standardauthenticator-mode">StandardAuthenticator Mode</h4>
<p>The <code>StandardAuthenticator</code> mode supports user
authentication and permission control by storing user information in the
database backend. This
implementation authenticates users based on their names and passwords
(encrypted) stored in the database and controls user permissions based on their
roles. Below is the specific configuration process (requires service
restart):</p>
diff --git a/en/sitemap.xml b/en/sitemap.xml
index 254da70b..f7b060b0 100644
--- a/en/sitemap.xml
+++ b/en/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/docs/guides/architectural/</loc><lastmod>2023-06-25T21:06:07+08:00</lastmod><xhtml:link
rel="alternate" hreflang="cn"
href="/cn/docs/guides/architectural/"/><xhtml:link rel="alternate"
hreflang="en"
href="/docs/guides/architectural/"/></url><url><loc>/docs/config/config-guide/</loc><lastmod>2023-11-01T21:52:52+08:00</last
[...]
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><urlset
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";
xmlns:xhtml="http://www.w3.org/1999/xhtml";><url><loc>/docs/guides/architectural/</loc><lastmod>2023-06-25T21:06:07+08:00</lastmod><xhtml:link
rel="alternate" hreflang="cn"
href="/cn/docs/guides/architectural/"/><xhtml:link rel="alternate"
hreflang="en"
href="/docs/guides/architectural/"/></url><url><loc>/docs/config/config-guide/</loc><lastmod>2023-11-01T21:52:52+08:00</last
[...]
\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index 3085b273..9890808a 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -1 +1 @@
-<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>/en/sitemap.xml</loc><lastmod>2024-05-29T12:54:36+08:00</lastmod></sitemap><sitemap><loc>/cn/sitemap.xml</loc><lastmod>2024-05-29T12:54:36+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
+<?xml version="1.0" encoding="utf-8" standalone="yes"?><sitemapindex
xmlns="http://www.sitemaps.org/schemas/sitemap/0.9";><sitemap><loc>/en/sitemap.xml</loc><lastmod>2024-07-11T15:30:07+08:00</lastmod></sitemap><sitemap><loc>/cn/sitemap.xml</loc><lastmod>2024-07-11T15:30:07+08:00</lastmod></sitemap></sitemapindex>
\ No newline at end of file
