This is an automated email from the ASF dual-hosted git repository.
vgalaxies pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-hugegraph.git
The following commit(s) were added to refs/heads/master by this push:
new a93cc218d chore(server): remove outdated ConfigAuthenticator (#2927)
a93cc218d is described below
commit a93cc218d98b85a17eee7eae089d7789ac0b0b4e
Author: ChoHee <[email protected]>
AuthorDate: Sun Jan 4 16:28:51 2026 +0800
chore(server): remove outdated ConfigAuthenticator (#2927)
---
docker/configs/server1-conf/rest-server.properties | 5 +-
docker/configs/server2-conf/rest-server.properties | 5 +-
docker/configs/server3-conf/rest-server.properties | 5 +-
.../static/conf/rest-server.properties.template | 9 +-
.../apache/hugegraph/auth/ConfigAuthenticator.java | 111 ---------------------
.../hugegraph/auth/HugeFactoryAuthProxy.java | 2 -
.../org/apache/hugegraph/config/ServerOptions.java | 26 +----
.../org/apache/hugegraph/core/GraphManager.java | 4 +-
.../org/apache/hugegraph/config/AuthOptions.java | 21 +---
.../org/apache/hugegraph/options/AuthOptions.java | 22 +---
10 files changed, 19 insertions(+), 191 deletions(-)
diff --git a/docker/configs/server1-conf/rest-server.properties
b/docker/configs/server1-conf/rest-server.properties
index 6e2257ce9..1fd064d88 100644
--- a/docker/configs/server1-conf/rest-server.properties
+++ b/docker/configs/server1-conf/rest-server.properties
@@ -12,9 +12,10 @@ arthas.ip=127.0.0.1
arthas.disabled_commands=jad
# authentication configs
-# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or
-# 'org.apache.hugegraph.auth.ConfigAuthenticator'
+# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or a custom
implementation
#auth.authenticator=
+# for admin password, By default, it is pa and takes effect upon the first
startup
+#auth.admin_pa=pa
# rpc server configs for multi graph-servers or raft-servers
rpc.server_host=127.0.0.1
diff --git a/docker/configs/server2-conf/rest-server.properties
b/docker/configs/server2-conf/rest-server.properties
index e55fb6b63..cff9405f5 100644
--- a/docker/configs/server2-conf/rest-server.properties
+++ b/docker/configs/server2-conf/rest-server.properties
@@ -12,9 +12,10 @@ arthas.ip=127.0.0.1
arthas.disabled_commands=jad
# authentication configs
-# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or
-# 'org.apache.hugegraph.auth.ConfigAuthenticator'
+# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or a custom
implementation
#auth.authenticator=
+# for admin password, By default, it is pa and takes effect upon the first
startup
+#auth.admin_pa=pa
# rpc server configs for multi graph-servers or raft-servers
rpc.server_host=127.0.0.1
diff --git a/docker/configs/server3-conf/rest-server.properties
b/docker/configs/server3-conf/rest-server.properties
index af1d7301d..6c158e623 100644
--- a/docker/configs/server3-conf/rest-server.properties
+++ b/docker/configs/server3-conf/rest-server.properties
@@ -12,9 +12,10 @@ arthas.ip=127.0.0.1
arthas.disabled_commands=jad
# authentication configs
-# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or
-# 'org.apache.hugegraph.auth.ConfigAuthenticator'
+# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or a custom
implementation
#auth.authenticator=
+# for admin password, By default, it is pa and takes effect upon the first
startup
+#auth.admin_pa=pa
# rpc server configs for multi graph-servers or raft-servers
rpc.server_host=127.0.0.1
diff --git
a/hugegraph-cluster-test/hugegraph-clustertest-dist/src/assembly/static/conf/rest-server.properties.template
b/hugegraph-cluster-test/hugegraph-clustertest-dist/src/assembly/static/conf/rest-server.properties.template
index 8f4e9bf61..106b17176 100644
---
a/hugegraph-cluster-test/hugegraph-clustertest-dist/src/assembly/static/conf/rest-server.properties.template
+++
b/hugegraph-cluster-test/hugegraph-clustertest-dist/src/assembly/static/conf/rest-server.properties.template
@@ -34,19 +34,16 @@ arthas.ip=127.0.0.1
arthas.disabled_commands=jad
# authentication configs
-# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or
-# 'org.apache.hugegraph.auth.ConfigAuthenticator'
+# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or a custom
implementation
#auth.authenticator=
+# for admin password, By default, it is pa and takes effect upon the first
startup
+#auth.admin_pa=pa
# for StandardAuthenticator mode
#auth.graph_store=hugegraph
# auth client config
#auth.remote_url=127.0.0.1:8899,127.0.0.1:8898,127.0.0.1:8897
-# for ConfigAuthenticator mode
-#auth.admin_token=
-#auth.user_tokens=[]
-
# rpc server configs for multi graph-servers or raft-servers
rpc.server_host=127.0.0.1
rpc.server_port=$RPC_PORT$
diff --git
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/ConfigAuthenticator.java
b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/ConfigAuthenticator.java
deleted file mode 100644
index eaad573d5..000000000
---
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/ConfigAuthenticator.java
+++ /dev/null
@@ -1,111 +0,0 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.apache.hugegraph.auth;
-
-import java.net.InetAddress;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Objects;
-
-import org.apache.commons.lang.NotImplementedException;
-import org.apache.hugegraph.HugeGraph;
-import org.apache.hugegraph.backend.id.IdGenerator;
-import org.apache.hugegraph.config.HugeConfig;
-import org.apache.hugegraph.config.ServerOptions;
-import org.apache.hugegraph.util.E;
-import
org.apache.tinkerpop.gremlin.groovy.jsr223.dsl.credential.CredentialGraphTokens;
-
-import jakarta.ws.rs.core.SecurityContext;
-
-public class ConfigAuthenticator implements HugeAuthenticator {
-
- public static final String KEY_USERNAME =
CredentialGraphTokens.PROPERTY_USERNAME;
- public static final String KEY_PASSWORD =
CredentialGraphTokens.PROPERTY_PASSWORD;
-
- private final Map<String, String> tokens;
-
- public ConfigAuthenticator() {
- this.tokens = new HashMap<>();
- }
-
- @Override
- public void setup(HugeConfig config) {
- this.tokens.putAll(config.getMap(ServerOptions.AUTH_USER_TOKENS));
- assert !this.tokens.containsKey(USER_ADMIN);
- this.tokens.put(USER_ADMIN,
config.get(ServerOptions.AUTH_ADMIN_TOKEN));
- }
-
- /**
- * Verify if a user is legal
- *
- * @param username the username for authentication
- * @param password the password for authentication
- * @return String No permission if return ROLE_NONE else return a role
- */
- @Override
- public UserWithRole authenticate(final String username,
- final String password,
- final String token) {
- E.checkArgumentNotNull(username,
- "The username parameter can't be null");
- E.checkArgumentNotNull(password,
- "The password parameter can't be null");
- E.checkArgument(token == null, "The token must be null");
-
- RolePermission role;
- if (password.equals(this.tokens.get(username))) {
- if (username.equals(USER_ADMIN)) {
- role = ROLE_ADMIN;
- } else {
- // Return role with all permission, set username as owner graph
- role = RolePermission.all(username);
- }
- } else {
- role = ROLE_NONE;
- }
-
- return new UserWithRole(IdGenerator.of(username), username, role);
- }
-
- @Override
- public void unauthorize(SecurityContext context) {
- }
-
- @Override
- public AuthManager authManager() {
- throw new NotImplementedException("AuthManager is unsupported by
ConfigAuthenticator");
- }
-
- @Override
- public HugeGraph graph() {
- throw new NotImplementedException("graph() is unsupported by
ConfigAuthenticator");
- }
-
- @Override
- public void initAdminUser(String password) {
- String adminToken = this.tokens.get(USER_ADMIN);
- E.checkArgument(Objects.equals(adminToken, password),
- "The password can't be changed for " +
- "ConfigAuthenticator");
- }
-
- @Override
- public SaslNegotiator newSaslNegotiator(InetAddress remoteAddress) {
- throw new NotImplementedException("SaslNegotiator is unsupported by
ConfigAuthenticator");
- }
-}
diff --git
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeFactoryAuthProxy.java
b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeFactoryAuthProxy.java
index 41e9186d7..57486a407 100644
---
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeFactoryAuthProxy.java
+++
b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/auth/HugeFactoryAuthProxy.java
@@ -129,7 +129,6 @@ public final class HugeFactoryAuthProxy {
Reflection.registerFieldsToFilter(StandardAuthenticator.class,
"graph");
Reflection.registerMethodsToFilter(StandardAuthenticator.class,
"initAdminUser",
"inputPassword", "graph");
- Reflection.registerFieldsToFilter(ConfigAuthenticator.class, "tokens");
Reflection.registerFieldsToFilter(HugeFactoryAuthProxy.class,
"PROTECT_METHODS");
Reflection.registerMethodsToFilter(HugeFactoryAuthProxy.class,
"genRegisterPrivateActions",
"registerClass",
"registerPrivateActions",
@@ -508,7 +507,6 @@ public final class HugeFactoryAuthProxy {
registerPrivateActions(InheritableThreadLocal.class);
registerPrivateActions(StandardAuthenticator.class);
- registerPrivateActions(ConfigAuthenticator.class);
registerPrivateActions(HugeFactoryAuthProxy.class);
registerPrivateActions(HugeAuthenticator.User.class);
diff --git
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java
b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java
index 5a785eef4..c94725737 100644
---
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java
+++
b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/config/ServerOptions.java
@@ -462,8 +462,7 @@ public class ServerOptions extends OptionHolder {
new ConfigOption<>(
"auth.authenticator",
"The class path of authenticator implementation. " +
- "e.g., org.apache.hugegraph.auth.StandardAuthenticator, " +
- "or org.apache.hugegraph.auth.ConfigAuthenticator.",
+ "e.g., org.apache.hugegraph.auth.StandardAuthenticator.",
null,
""
);
@@ -471,31 +470,12 @@ public class ServerOptions extends OptionHolder {
public static final ConfigOption<String> ADMIN_PA =
new ConfigOption<>(
"auth.admin_pa",
- "The class path of authenticator implementation. " +
- "e.g., org.apache.hugegraph.auth.StandardAuthenticator, " +
- "or org.apache.hugegraph.auth.ConfigAuthenticator.",
+ "The default password for built-in admin account, " +
+ "takes effect on first startup.",
null,
"pa"
);
- public static final ConfigOption<String> AUTH_ADMIN_TOKEN =
- new ConfigOption<>(
- "auth.admin_token",
- "Token for administrator operations, " +
- "only for org.apache.hugegraph.auth.ConfigAuthenticator.",
- disallowEmpty(),
- "162f7848-0b6d-4faf-b557-3a0797869c55"
- );
-
- public static final ConfigListOption<String> AUTH_USER_TOKENS =
- new ConfigListOption<>(
- "auth.user_tokens",
- "The map of user tokens with name and password, " +
- "only for org.apache.hugegraph.auth.ConfigAuthenticator.",
- disallowEmpty(),
- "hugegraph:9fd95c9c-711b-415b-b85f-d4df46ba5c31"
- );
-
public static final ConfigOption<String> SSL_KEYSTORE_FILE =
new ConfigOption<>(
"ssl.keystore_file",
diff --git
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java
b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java
index a2659641b..eda050e16 100644
---
a/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java
+++
b/hugegraph-server/hugegraph-api/src/main/java/org/apache/hugegraph/core/GraphManager.java
@@ -1611,9 +1611,9 @@ public final class GraphManager {
if (!hugegraph.backendStoreFeatures().supportsPersistence()) {
hugegraph.initBackend();
if (this.requireAuthentication()) {
- String token = config.get(ServerOptions.AUTH_ADMIN_TOKEN);
+ String adminPassword = config.get(ServerOptions.ADMIN_PA);
try {
- this.authenticator().initAdminUser(token);
+ this.authenticator().initAdminUser(adminPassword);
} catch (Exception e) {
throw new BackendException(
"The backend store of '%s' can't " +
diff --git
a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java
b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java
index c996082da..5653c6788 100644
---
a/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java
+++
b/hugegraph-server/hugegraph-core/src/main/java/org/apache/hugegraph/config/AuthOptions.java
@@ -44,8 +44,7 @@ public class AuthOptions extends OptionHolder {
new ConfigOption<>(
"auth.authenticator",
"The class path of authenticator implementation. " +
- "e.g., org.apache.hugegraph.auth.StandardAuthenticator, " +
- "or org.apache.hugegraph.auth.ConfigAuthenticator.",
+ "e.g., org.apache.hugegraph.auth.StandardAuthenticator.",
null,
""
);
@@ -59,24 +58,6 @@ public class AuthOptions extends OptionHolder {
"hugegraph"
);
- public static final ConfigOption<String> AUTH_ADMIN_TOKEN =
- new ConfigOption<>(
- "auth.admin_token",
- "Token for administrator operations, " +
- "only for org.apache.hugegraph.auth.ConfigAuthenticator.",
- disallowEmpty(),
- "162f7848-0b6d-4faf-b557-3a0797869c55"
- );
-
- public static final ConfigListOption<String> AUTH_USER_TOKENS =
- new ConfigListOption<>(
- "auth.user_tokens",
- "The map of user tokens with name and password, " +
- "only for org.apache.hugegraph.auth.ConfigAuthenticator.",
- disallowEmpty(),
- "hugegraph:9fd95c9c-711b-415b-b85f-d4df46ba5c31"
- );
-
public static final ConfigOption<String> AUTH_REMOTE_URL =
new ConfigOption<>(
"auth.remote_url",
diff --git
a/hugegraph-struct/src/main/java/org/apache/hugegraph/options/AuthOptions.java
b/hugegraph-struct/src/main/java/org/apache/hugegraph/options/AuthOptions.java
index 3ae732e2e..c61946ae8 100644
---
a/hugegraph-struct/src/main/java/org/apache/hugegraph/options/AuthOptions.java
+++
b/hugegraph-struct/src/main/java/org/apache/hugegraph/options/AuthOptions.java
@@ -19,7 +19,6 @@
package org.apache.hugegraph.options;
-import org.apache.hugegraph.config.ConfigListOption;
import org.apache.hugegraph.config.ConfigOption;
import org.apache.hugegraph.config.OptionHolder;
@@ -82,8 +81,7 @@ public class AuthOptions extends OptionHolder {
new ConfigOption<>(
"auth.authenticator",
"The class path of authenticator implementation. " +
- "e.g.,
org.apache.hugegraph.auth.StandardAuthenticator, " +
- "or
org.apache.hugegraph.auth.ConfigAuthenticator.",
+ "e.g.,
org.apache.hugegraph.auth.StandardAuthenticator.",
null,
""
);
@@ -97,24 +95,6 @@ public class AuthOptions extends OptionHolder {
"hugegraph"
);
- public static final ConfigOption<String> AUTH_ADMIN_TOKEN =
- new ConfigOption<>(
- "auth.admin_token",
- "Token for administrator operations, " +
- "only for
org.apache.hugegraph.auth.ConfigAuthenticator.",
- disallowEmpty(),
- "162f7848-0b6d-4faf-b557-3a0797869c55"
- );
-
- public static final ConfigListOption<String> AUTH_USER_TOKENS =
- new ConfigListOption<>(
- "auth.user_tokens",
- "The map of user tokens with name and password, " +
- "only for
org.apache.hugegraph.auth.ConfigAuthenticator.",
- disallowEmpty(),
- "hugegraph:9fd95c9c-711b-415b-b85f-d4df46ba5c31"
- );
-
public static final ConfigOption<String> AUTH_REMOTE_URL =
new ConfigOption<>(
"auth.remote_url",
