[feat](Authenticator) Pluginization of Authenticator #40113

CalvinKirs · 2024-08-29T08:21:34Z

abstract

introduces the pluginization of the Authenticator component, enabling greater flexibility and modularity within the authentication system. By refactoring the Authenticator into a pluggable SPI (Service Provider Interface), we allow for custom authentication mechanisms to be seamlessly integrated and managed.

Key Changes

AuthenticatorFactory Interface:

This interface defines the create method, which is used to create an Authenticator instance based on initialization properties, enabling support for various authentication mechanisms.
The factoryIdentifier method provides an identifier for the factory, allowing differentiation between various AuthenticatorFactory implementations (e.g., LDAP, default).
Implemented Specific Authentication Factories:

We have implemented factories for different authentication mechanisms (such as LDAP), providing the necessary configuration support for each.

eg

In your Maven pom.xml, add the fe-core dependency:

        <dependency>
            <groupId>org.apache.doris</groupId>
            <artifactId>fe-core</artifactId>
            <version>1.2-SNAPSHOT</version>
            <scope>provided</scope>
        </dependency>

import org.apache.doris.common.ConfigBase;

public class LocalAuthenticatorFactory implements AuthenticatorFactory {


    @Override
    public LocalAuthenticator create(Properties initProps) {
        return new LocalAuthenticator();
    }

    @Override
    public String factoryIdentifier() {
        return "local";
    }
}
import java.util.HashMap;
import java.util.Map;

public class LocalAuthenticator implements Authenticator {
    private Map<String, String> userStore = new HashMap<>();

    public LocalAuthenticator() {
        // Hardcoded usernames and passwords
        userStore.put("user1", "password1");
        userStore.put("user2", "password2");
        userStore.put("admin", "adminpass");
    }

    @Override
    public boolean authenticate(String username, String password) {
        // Authenticate by checking the hardcoded user store
        String storedPassword = userStore.get(username);
        return storedPassword != null && storedPassword.equals(password);
    }
}

To integrate with the SPI (Service Provider Interface) mechanism, we created a file at src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory containing org.example.LocalAuthenticatorFactory, which allows the system to dynamically load and utilize the LocalAuthenticatorFactory implementation.

Your plugin needs to include all necessary dependencies, and it is generally recommended to package them into an Uber JAR (also known as a Fat JAR) to ensure that the plugin can run independently without additional dependency management. Once packaged, this JAR can be placed directly in the fe/custom_lib directory.

introduces the pluginization of the Authenticator component, enabling greater flexibility and modularity within the authentication system. By refactoring the Authenticator into a pluggable SPI (Service Provider Interface), we allow for custom authentication mechanisms to be seamlessly integrated and managed. Key Changes AuthenticatorFactory Interface: Defined a new AuthenticatorFactory interface to standardize the creation of Authenticator instances. The interface includes methods to create Authenticator instances based on configuration (ConfigBase) and to return a unique identifier for each factory (e.g., "ldap", "default"). The interface also provides a method getAuthenticatorConfig() to retrieve default configuration templates, aiding in the initialization process. Factory Identifier: Each AuthenticatorFactory implementation must provide a unique identifier. This allows for easy registration and retrieval of specific Authenticator implementations based on the factory identifier. Configuration Management: The getAuthenticatorConfig() method returns a ConfigBase instance, providing a default configuration that can be used or modified before creating an Authenticator. Benefits Modularity: Authentication logic is now decoupled from the core system, making it easier to extend and maintain. Flexibility: Different authentication strategies (e.g., LDAP, default, etc.) can be easily added or swapped without altering the core codebase. Customization: Users can define custom Authenticator implementations and configure them as needed, enabling a more tailored authentication process.

doris-robot · 2024-08-29T08:21:38Z

Thank you for your contribution to Apache Doris.
Don't know what should be done next? See How to process your PR

Since 2024-03-18, the Document has been moved to doris-website.
See Doris Document.

CalvinKirs · 2024-08-29T10:32:58Z

run buildall

doris-robot · 2024-08-29T11:13:49Z

TPC-H: Total hot run time: 38207 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit a40d7a1b4b2dd2bdac69680ca9015c6dcd720b86, data reload: false

------ Round 1 ----------------------------------
q1	17613	4950	4369	4369
q2	2012	186	181	181
q3	11719	954	1074	954
q4	10528	715	709	709
q5	7751	2839	2785	2785
q6	236	137	141	137
q7	978	610	605	605
q8	9317	2069	2027	2027
q9	7164	6517	6524	6517
q10	7015	2226	2199	2199
q11	446	245	240	240
q12	397	225	233	225
q13	18509	3053	3039	3039
q14	284	242	236	236
q15	532	496	501	496
q16	601	523	527	523
q17	974	653	697	653
q18	7279	6917	6874	6874
q19	1394	1029	1005	1005
q20	687	336	340	336
q21	4243	3153	3074	3074
q22	1159	1047	1023	1023
Total cold run time: 110838 ms
Total hot run time: 38207 ms

----- Round 2, with runtime_filter_mode=off -----
q1	4361	4333	4264	4264
q2	375	281	277	277
q3	2897	2705	2669	2669
q4	1906	1602	1679	1602
q5	5696	5636	5732	5636
q6	241	145	151	145
q7	2267	1857	1803	1803
q8	3271	3410	3482	3410
q9	8837	8859	8827	8827
q10	3630	3376	3361	3361
q11	609	532	498	498
q12	822	678	638	638
q13	13610	3221	3238	3221
q14	321	280	290	280
q15	551	495	484	484
q16	607	586	572	572
q17	1853	1607	1563	1563
q18	8185	7796	7915	7796
q19	1735	1655	1500	1500
q20	2175	1891	1882	1882
q21	5732	5521	5437	5437
q22	1116	1071	1069	1069
Total cold run time: 70797 ms
Total hot run time: 56934 ms

doris-robot · 2024-08-29T11:26:11Z

TPC-DS: Total hot run time: 194082 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit a40d7a1b4b2dd2bdac69680ca9015c6dcd720b86, data reload: false

query1	1242	902	854	854
query2	6333	2002	1919	1919
query3	10619	4025	4065	4025
query4	59770	26226	23297	23297
query5	5358	534	525	525
query6	411	169	187	169
query7	5803	303	301	301
query8	292	214	208	208
query9	9037	2505	2502	2502
query10	479	301	266	266
query11	18314	15085	15421	15085
query12	159	105	101	101
query13	1560	395	400	395
query14	11144	7502	7403	7403
query15	219	188	191	188
query16	7539	477	491	477
query17	1127	601	578	578
query18	2083	325	306	306
query19	289	158	155	155
query20	129	110	117	110
query21	220	103	106	103
query22	4459	4433	4427	4427
query23	34508	33709	33343	33343
query24	6020	2920	2860	2860
query25	557	407	399	399
query26	687	167	162	162
query27	1771	286	286	286
query28	3681	2120	2108	2108
query29	724	432	434	432
query30	243	165	161	161
query31	950	753	761	753
query32	88	58	57	57
query33	430	297	295	295
query34	871	479	490	479
query35	862	753	719	719
query36	1075	918	956	918
query37	160	95	90	90
query38	3972	3994	3981	3981
query39	1469	1386	1416	1386
query40	203	119	118	118
query41	50	50	46	46
query42	117	98	101	98
query43	517	464	474	464
query44	1119	755	764	755
query45	203	166	172	166
query46	1104	762	766	762
query47	1907	1778	1820	1778
query48	382	307	295	295
query49	774	452	455	452
query50	823	423	423	423
query51	7218	7000	7033	7000
query52	100	93	96	93
query53	259	186	188	186
query54	567	468	471	468
query55	82	78	82	78
query56	299	276	278	276
query57	1159	1060	1054	1054
query58	225	233	238	233
query59	2929	2810	2891	2810
query60	306	287	287	287
query61	128	117	119	117
query62	755	677	674	674
query63	231	199	199	199
query64	2935	839	665	665
query65	3255	3156	3206	3156
query66	704	343	345	343
query67	15617	15212	15289	15212
query68	4454	570	577	570
query69	430	280	277	277
query70	1153	1119	1103	1103
query71	396	277	279	277
query72	6631	4102	4033	4033
query73	792	338	334	334
query74	9410	8776	8962	8776
query75	3416	2738	2739	2738
query76	1759	1014	985	985
query77	565	339	337	337
query78	11081	9433	9373	9373
query79	1529	536	529	529
query80	777	514	506	506
query81	569	235	286	235
query82	311	158	146	146
query83	224	154	149	149
query84	262	74	84	74
query85	773	288	283	283
query86	408	305	272	272
query87	4446	4170	4395	4170
query88	3444	2356	2341	2341
query89	395	286	291	286
query90	1995	205	200	200
query91	128	140	98	98
query92	67	53	53	53
query93	1110	544	547	544
query94	778	299	304	299
query95	356	269	265	265
query96	597	269	268	268
query97	3238	3072	3065	3065
query98	219	215	195	195
query99	1519	1270	1272	1270
Total cold run time: 311854 ms
Total hot run time: 194082 ms

doris-robot · 2024-08-29T11:31:49Z

ClickBench: Total hot run time: 31.79 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit a40d7a1b4b2dd2bdac69680ca9015c6dcd720b86, data reload: false

query1	0.04	0.04	0.04
query2	0.08	0.04	0.04
query3	0.22	0.05	0.05
query4	1.67	0.08	0.08
query5	0.51	0.50	0.49
query6	1.15	0.73	0.72
query7	0.02	0.02	0.02
query8	0.06	0.04	0.05
query9	0.55	0.49	0.49
query10	0.55	0.54	0.54
query11	0.16	0.12	0.12
query12	0.15	0.12	0.13
query13	0.61	0.58	0.58
query14	2.06	2.10	2.08
query15	0.85	0.81	0.81
query16	0.38	0.35	0.36
query17	0.99	1.05	1.05
query18	0.22	0.23	0.21
query19	1.81	1.79	1.74
query20	0.01	0.02	0.01
query21	15.42	0.68	0.67
query22	3.38	9.67	1.48
query23	18.22	1.38	1.32
query24	2.15	0.22	0.23
query25	0.15	0.09	0.08
query26	0.27	0.18	0.17
query27	0.08	0.09	0.08
query28	13.21	1.02	1.00
query29	12.64	3.33	3.32
query30	0.24	0.06	0.06
query31	2.87	0.40	0.39
query32	3.26	0.48	0.48
query33	2.96	3.02	3.04
query34	17.08	4.40	4.40
query35	4.44	4.41	4.52
query36	0.66	0.48	0.48
query37	0.20	0.16	0.16
query38	0.16	0.15	0.15
query39	0.04	0.04	0.04
query40	0.17	0.13	0.13
query41	0.10	0.05	0.05
query42	0.07	0.06	0.06
query43	0.05	0.05	0.04
Total cold run time: 109.91 s
Total hot run time: 31.79 s

morningman

LGTM

github-actions · 2024-09-02T07:19:52Z

PR approved by at least one committer and no changes requested.

github-actions · 2024-09-02T07:19:54Z

PR approved by anyone and no changes requested.

CalvinKirs · 2024-09-05T02:45:45Z

run buildall

doris-robot · 2024-09-05T03:21:49Z

TPC-H: Total hot run time: 37851 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpch-tools
Tpch sf100 test result on commit 0ab34db0f8d9a7560a502c6384d040ae49df0dc1, data reload: false

------ Round 1 ----------------------------------
q1	17617	4404	4258	4258
q2	2019	183	176	176
q3	11908	964	1148	964
q4	10529	707	737	707
q5	7747	2826	2813	2813
q6	226	138	136	136
q7	958	613	601	601
q8	9335	2050	2072	2050
q9	7250	6527	6573	6527
q10	6977	2235	2173	2173
q11	445	233	237	233
q12	412	221	224	221
q13	18023	3096	3078	3078
q14	271	236	243	236
q15	528	500	486	486
q16	589	508	524	508
q17	976	685	738	685
q18	7326	6791	6922	6791
q19	1387	998	995	995
q20	670	341	334	334
q21	3877	2865	2890	2865
q22	1136	1029	1014	1014
Total cold run time: 110206 ms
Total hot run time: 37851 ms

----- Round 2, with runtime_filter_mode=off -----
q1	4336	4284	4303	4284
q2	374	271	284	271
q3	2906	2674	2638	2638
q4	1965	1664	1627	1627
q5	5603	5684	5692	5684
q6	220	134	138	134
q7	2249	1826	1834	1826
q8	3335	3408	3432	3408
q9	8920	8870	8834	8834
q10	3565	3396	3394	3394
q11	608	524	517	517
q12	803	664	663	663
q13	13637	3417	3271	3271
q14	330	293	282	282
q15	541	497	483	483
q16	653	581	581	581
q17	1849	1539	1558	1539
q18	8221	7808	7893	7808
q19	1747	1495	1555	1495
q20	2180	1884	1923	1884
q21	5912	5620	5408	5408
q22	1124	1030	1060	1030
Total cold run time: 71078 ms
Total hot run time: 57061 ms

doris-robot · 2024-09-05T03:34:06Z

TPC-DS: Total hot run time: 193271 ms

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/tpcds-tools
TPC-DS sf100 test result on commit 0ab34db0f8d9a7560a502c6384d040ae49df0dc1, data reload: false

query1	1238	904	866	866
query2	6321	1891	1880	1880
query3	10740	4051	4140	4051
query4	60099	26474	23436	23436
query5	5352	503	483	483
query6	405	179	162	162
query7	5761	296	288	288
query8	293	200	206	200
query9	9086	2500	2448	2448
query10	478	267	274	267
query11	17445	14993	15519	14993
query12	157	106	101	101
query13	1560	400	387	387
query14	10979	7251	7571	7251
query15	243	172	170	170
query16	7585	495	475	475
query17	1125	599	568	568
query18	1804	290	281	281
query19	291	146	166	146
query20	123	115	110	110
query21	212	104	108	104
query22	4644	4307	4665	4307
query23	34393	33691	33286	33286
query24	5966	2871	2810	2810
query25	531	387	387	387
query26	685	150	152	150
query27	1824	272	276	272
query28	3809	2042	2044	2042
query29	690	438	403	403
query30	227	151	148	148
query31	927	748	782	748
query32	81	48	53	48
query33	455	279	289	279
query34	857	478	457	457
query35	836	738	709	709
query36	1054	927	955	927
query37	150	92	90	90
query38	4011	3864	3881	3864
query39	1446	1396	1392	1392
query40	186	114	112	112
query41	46	46	43	43
query42	111	97	92	92
query43	507	472	472	472
query44	1054	735	729	729
query45	195	163	163	163
query46	1075	769	733	733
query47	1912	1840	1811	1811
query48	364	299	292	292
query49	763	428	450	428
query50	818	417	407	407
query51	7070	6835	6783	6783
query52	97	88	86	86
query53	253	182	179	179
query54	575	487	468	468
query55	76	76	77	76
query56	287	268	260	260
query57	1232	1113	1118	1113
query58	231	225	244	225
query59	3019	2973	3012	2973
query60	309	277	276	276
query61	126	121	122	121
query62	746	649	652	649
query63	211	188	192	188
query64	2968	764	751	751
query65	3227	3148	3141	3141
query66	701	350	352	350
query67	15364	15336	15219	15219
query68	3025	589	585	585
query69	413	292	284	284
query70	1210	1100	1064	1064
query71	372	272	271	271
query72	6306	4225	4004	4004
query73	740	322	326	322
query74	9102	8883	8777	8777
query75	3344	2647	2676	2647
query76	1452	973	994	973
query77	569	311	309	309
query78	9808	9636	10589	9636
query79	1068	537	519	519
query80	893	498	496	496
query81	568	235	235	235
query82	336	144	145	144
query83	167	150	152	150
query84	264	76	73	73
query85	845	294	281	281
query86	330	261	300	261
query87	4373	4363	4278	4278
query88	2884	2357	2335	2335
query89	379	283	278	278
query90	1867	188	184	184
query91	126	95	100	95
query92	68	50	47	47
query93	1048	533	530	530
query94	793	299	300	299
query95	343	257	249	249
query96	586	269	268	268
query97	3202	3102	3089	3089
query98	221	235	206	206
query99	1555	1286	1256	1256
Total cold run time: 305663 ms
Total hot run time: 193271 ms

doris-robot · 2024-09-05T03:39:44Z

ClickBench: Total hot run time: 32.47 s

machine: 'aliyun_ecs.c7a.8xlarge_32C64G'
scripts: https://github.com/apache/doris/tree/master/tools/clickbench-tools
ClickBench test result on commit 0ab34db0f8d9a7560a502c6384d040ae49df0dc1, data reload: false

query1	0.04	0.05	0.04
query2	0.07	0.04	0.04
query3	0.23	0.06	0.05
query4	1.66	0.09	0.08
query5	0.51	0.48	0.51
query6	1.12	0.72	0.74
query7	0.02	0.01	0.02
query8	0.05	0.05	0.04
query9	0.56	0.49	0.49
query10	0.54	0.54	0.56
query11	0.16	0.12	0.12
query12	0.15	0.12	0.12
query13	0.60	0.59	0.59
query14	2.09	2.13	2.06
query15	0.91	0.85	0.81
query16	0.37	0.38	0.39
query17	1.03	1.02	1.02
query18	0.21	0.20	0.21
query19	1.98	1.86	1.77
query20	0.01	0.01	0.01
query21	15.40	0.65	0.65
query22	4.14	7.26	2.21
query23	18.26	1.33	1.38
query24	2.07	0.22	0.22
query25	0.14	0.08	0.07
query26	0.27	0.18	0.18
query27	0.08	0.07	0.08
query28	13.31	1.01	1.00
query29	12.67	3.37	3.38
query30	0.24	0.06	0.05
query31	2.88	0.39	0.39
query32	3.26	0.48	0.47
query33	3.04	3.01	3.07
query34	17.21	4.39	4.48
query35	4.51	4.54	4.42
query36	0.66	0.47	0.48
query37	0.19	0.16	0.16
query38	0.15	0.14	0.14
query39	0.05	0.04	0.04
query40	0.16	0.12	0.14
query41	0.09	0.05	0.05
query42	0.05	0.05	0.05
query43	0.05	0.04	0.04
Total cold run time: 111.19 s
Total hot run time: 32.47 s

CalvinKirs · 2024-09-05T05:16:23Z

run feut

morningman

LGTM

github-actions · 2024-09-05T13:48:32Z

PR approved by at least one committer and no changes requested.

@OverRide

## abstract introduces the pluginization of the Authenticator component, enabling greater flexibility and modularity within the authentication system. By refactoring the Authenticator into a pluggable SPI (Service Provider Interface), we allow for custom authentication mechanisms to be seamlessly integrated and managed. ## Key Changes AuthenticatorFactory Interface: This interface defines the create method, which is used to create an Authenticator instance based on initialization properties, enabling support for various authentication mechanisms. The factoryIdentifier method provides an identifier for the factory, allowing differentiation between various AuthenticatorFactory implementations (e.g., LDAP, default). Implemented Specific Authentication Factories: We have implemented factories for different authentication mechanisms (such as LDAP), providing the necessary configuration support for each. ## eg In your Maven pom.xml, add the fe-core dependency: ``` <dependency> <groupId>org.apache.doris</groupId> <artifactId>fe-core</artifactId> <version>1.2-SNAPSHOT</version> <scope>provided</scope> </dependency> ``` ``` import org.apache.doris.common.ConfigBase; public class LocalAuthenticatorFactory implements AuthenticatorFactory { @OverRide public LocalAuthenticator create(Properties initProps) { return new LocalAuthenticator(); } @OverRide public String factoryIdentifier() { return "local"; } } import java.util.HashMap; import java.util.Map; public class LocalAuthenticator implements Authenticator { private Map<String, String> userStore = new HashMap<>(); public LocalAuthenticator() { // Hardcoded usernames and passwords userStore.put("user1", "password1"); userStore.put("user2", "password2"); userStore.put("admin", "adminpass"); } @OverRide public boolean authenticate(String username, String password) { // Authenticate by checking the hardcoded user store String storedPassword = userStore.get(username); return storedPassword != null && storedPassword.equals(password); } } ``` To integrate with the SPI (Service Provider Interface) mechanism, we created a file at **src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory** containing **org.example.LocalAuthenticatorFactory,** which allows the system to dynamically load and utilize the LocalAuthenticatorFactory implementation. Your plugin needs to include all necessary dependencies, and it is generally recommended to package them into an Uber JAR (also known as a Fat JAR) to ensure that the plugin can run independently without additional dependency management. Once packaged, this JAR can be placed directly in the **fe/custom_lib** directory.

@OverRide

## abstract introduces the pluginization of the Authenticator component, enabling greater flexibility and modularity within the authentication system. By refactoring the Authenticator into a pluggable SPI (Service Provider Interface), we allow for custom authentication mechanisms to be seamlessly integrated and managed. ## Key Changes AuthenticatorFactory Interface: This interface defines the create method, which is used to create an Authenticator instance based on initialization properties, enabling support for various authentication mechanisms. The factoryIdentifier method provides an identifier for the factory, allowing differentiation between various AuthenticatorFactory implementations (e.g., LDAP, default). Implemented Specific Authentication Factories: We have implemented factories for different authentication mechanisms (such as LDAP), providing the necessary configuration support for each. ## eg In your Maven pom.xml, add the fe-core dependency: ``` <dependency> <groupId>org.apache.doris</groupId> <artifactId>fe-core</artifactId> <version>1.2-SNAPSHOT</version> <scope>provided</scope> </dependency> ``` ``` import org.apache.doris.common.ConfigBase; public class LocalAuthenticatorFactory implements AuthenticatorFactory { @OverRide public LocalAuthenticator create(Properties initProps) { return new LocalAuthenticator(); } @OverRide public String factoryIdentifier() { return "local"; } } import java.util.HashMap; import java.util.Map; public class LocalAuthenticator implements Authenticator { private Map<String, String> userStore = new HashMap<>(); public LocalAuthenticator() { // Hardcoded usernames and passwords userStore.put("user1", "password1"); userStore.put("user2", "password2"); userStore.put("admin", "adminpass"); } @OverRide public boolean authenticate(String username, String password) { // Authenticate by checking the hardcoded user store String storedPassword = userStore.get(username); return storedPassword != null && storedPassword.equals(password); } } ``` To integrate with the SPI (Service Provider Interface) mechanism, we created a file at **src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory** containing **org.example.LocalAuthenticatorFactory,** which allows the system to dynamically load and utilize the LocalAuthenticatorFactory implementation. Your plugin needs to include all necessary dependencies, and it is generally recommended to package them into an Uber JAR (also known as a Fat JAR) to ensure that the plugin can run independently without additional dependency management. Once packaged, this JAR can be placed directly in the **fe/custom_lib** directory.

…40113)" This reverts commit 2d04789.

@OverRide

## abstract introduces the pluginization of the Authenticator component, enabling greater flexibility and modularity within the authentication system. By refactoring the Authenticator into a pluggable SPI (Service Provider Interface), we allow for custom authentication mechanisms to be seamlessly integrated and managed. ## Key Changes AuthenticatorFactory Interface: This interface defines the create method, which is used to create an Authenticator instance based on initialization properties, enabling support for various authentication mechanisms. The factoryIdentifier method provides an identifier for the factory, allowing differentiation between various AuthenticatorFactory implementations (e.g., LDAP, default). Implemented Specific Authentication Factories: We have implemented factories for different authentication mechanisms (such as LDAP), providing the necessary configuration support for each. ## eg In your Maven pom.xml, add the fe-core dependency: ``` <dependency> <groupId>org.apache.doris</groupId> <artifactId>fe-core</artifactId> <version>1.2-SNAPSHOT</version> <scope>provided</scope> </dependency> ``` ``` import org.apache.doris.common.ConfigBase; public class LocalAuthenticatorFactory implements AuthenticatorFactory { @OverRide public LocalAuthenticator create(Properties initProps) { return new LocalAuthenticator(); } @OverRide public String factoryIdentifier() { return "local"; } } import java.util.HashMap; import java.util.Map; public class LocalAuthenticator implements Authenticator { private Map<String, String> userStore = new HashMap<>(); public LocalAuthenticator() { // Hardcoded usernames and passwords userStore.put("user1", "password1"); userStore.put("user2", "password2"); userStore.put("admin", "adminpass"); } @OverRide public boolean authenticate(String username, String password) { // Authenticate by checking the hardcoded user store String storedPassword = userStore.get(username); return storedPassword != null && storedPassword.equals(password); } } ``` To integrate with the SPI (Service Provider Interface) mechanism, we created a file at **src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory** containing **org.example.LocalAuthenticatorFactory,** which allows the system to dynamically load and utilize the LocalAuthenticatorFactory implementation. Your plugin needs to include all necessary dependencies, and it is generally recommended to package them into an Uber JAR (also known as a Fat JAR) to ensure that the plugin can run independently without additional dependency management. Once packaged, this JAR can be placed directly in the **fe/custom_lib** directory. (cherry picked from commit 119ea59)

1： The `defaultAuthenticator` is not initialized. When a configured authentication plugin implements the `canDea`l method and returns `false`, the `defaultAuthenticator` will be used, resulting in a login failure. The client exception message is `RROR 2013 (HY000): Lost connection to MySQL server at 'reading authorization packet', system error: 2`. This issue only affects users who use non-built-in authentication plugins that implement `canDeal` and return false under certain circumstances. apache#40113 introduced this issue

@OverRide

## abstract introduces the pluginization of the Authenticator component, enabling greater flexibility and modularity within the authentication system. By refactoring the Authenticator into a pluggable SPI (Service Provider Interface), we allow for custom authentication mechanisms to be seamlessly integrated and managed. ## Key Changes AuthenticatorFactory Interface: This interface defines the create method, which is used to create an Authenticator instance based on initialization properties, enabling support for various authentication mechanisms. The factoryIdentifier method provides an identifier for the factory, allowing differentiation between various AuthenticatorFactory implementations (e.g., LDAP, default). Implemented Specific Authentication Factories: We have implemented factories for different authentication mechanisms (such as LDAP), providing the necessary configuration support for each. ## eg In your Maven pom.xml, add the fe-core dependency: ``` <dependency> <groupId>org.apache.doris</groupId> <artifactId>fe-core</artifactId> <version>1.2-SNAPSHOT</version> <scope>provided</scope> </dependency> ``` ``` import org.apache.doris.common.ConfigBase; public class LocalAuthenticatorFactory implements AuthenticatorFactory { @OverRide public LocalAuthenticator create(Properties initProps) { return new LocalAuthenticator(); } @OverRide public String factoryIdentifier() { return "local"; } } import java.util.HashMap; import java.util.Map; public class LocalAuthenticator implements Authenticator { private Map<String, String> userStore = new HashMap<>(); public LocalAuthenticator() { // Hardcoded usernames and passwords userStore.put("user1", "password1"); userStore.put("user2", "password2"); userStore.put("admin", "adminpass"); } @OverRide public boolean authenticate(String username, String password) { // Authenticate by checking the hardcoded user store String storedPassword = userStore.get(username); return storedPassword != null && storedPassword.equals(password); } } ``` To integrate with the SPI (Service Provider Interface) mechanism, we created a file at **src/main/resources/META-INF/services/org.apache.doris.mysql.authenticate.AuthenticatorFactory** containing **org.example.LocalAuthenticatorFactory,** which allows the system to dynamically load and utilize the LocalAuthenticatorFactory implementation. Your plugin needs to include all necessary dependencies, and it is generally recommended to package them into an Uber JAR (also known as a Fat JAR) to ensure that the plugin can run independently without additional dependency management. Once packaged, this JAR can be placed directly in the **fe/custom_lib** directory. (cherry picked from commit 119ea59)

CalvinKirs requested review from dataroaring and morningman as code owners August 29, 2024 08:21

CalvinKirs changed the title ~~[feat](Authenticator) Pluginization of Authenticator~~ [WIP][feat](Authenticator) Pluginization of Authenticator Aug 29, 2024

CalvinKirs marked this pull request as draft August 29, 2024 08:27

useing properties load plugin

a40d7a1

CalvinKirs marked this pull request as ready for review September 2, 2024 07:04

morningman previously approved these changes Sep 2, 2024

View reviewed changes

github-actions bot added the approved Indicates a PR has been approved by one committer. label Sep 2, 2024

github-actions bot added the reviewed label Sep 2, 2024

zy-kkk previously approved these changes Sep 2, 2024

View reviewed changes

add license header

0ab34db

CalvinKirs dismissed stale reviews from zy-kkk and morningman via 0ab34db September 5, 2024 02:32

github-actions bot removed the approved Indicates a PR has been approved by one committer. label Sep 5, 2024

CalvinKirs changed the title ~~[WIP][feat](Authenticator) Pluginization of Authenticator~~ [feat](Authenticator) Pluginization of Authenticator Sep 5, 2024

morningman approved these changes Sep 5, 2024

View reviewed changes

github-actions bot added the approved Indicates a PR has been approved by one committer. label Sep 5, 2024

JNSimba approved these changes Sep 6, 2024

View reviewed changes

morningman merged commit 119ea59 into apache:master Sep 6, 2024
28 of 31 checks passed

morningman added the dev/2.1.x label Sep 6, 2024

suxiaogang223 mentioned this pull request Sep 9, 2024

[cherry-pick](branch-2.1) pick hive text write from master #40537

Merged

suxiaogang223 added a commit to suxiaogang223/doris that referenced this pull request Sep 27, 2024

Revert "[feat](Authenticator) Pluginization of Authenticator (apache#…

02eaee6

…40113)" This reverts commit 2d04789.

morningman added dev/2.1.x-experimental and removed dev/2.1.x labels Sep 27, 2024

CalvinKirs mentioned this pull request Nov 1, 2024

[WIP][Fix](Authenticator)defaultAuthenticator not init #43057

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[feat](Authenticator) Pluginization of Authenticator #40113

[feat](Authenticator) Pluginization of Authenticator #40113

[feat](Authenticator) Pluginization of Authenticator #40113

[feat](Authenticator) Pluginization of Authenticator #40113

Conversation

abstract

Key Changes

eg

Choose a reason for hiding this comment

Choose a reason for hiding this comment