Date
1 - 3 of 3
Authentication All the Schema's
|
Vinayak Bali
Hi, Working on a web application using Janusgraph. We are connecting to Janusgraph using API(Java). Need to configure authentication to all the schema in use. Configured the authentication by using the following document for reference. I authentication is not working, we are getting a blank array as output using the API. Property files are as follows: gremlin-server.yaml # Copyright 2019 JanusGraph Authors # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. host: 0.0.0.0 port: 8182 scriptEvaluationTimeout: 30000 channelizer: org.apache.tinkerpop.gremlin.server.channel.WsAndHttpChannelizer graphManager: org.janusgraph.graphdb.management.JanusGraphManager graphs: { ConfigurationManagementGraph: conf/janusgraph-cql-configurationgraph.properties, graph: conf/graph.properties, graph1: conf/graph1.properties, graph2: conf/graph2.properties } authentication: { authenticator: org.janusgraph.graphdb.tinkerpop.gremlin.server.auth.SaslAndHMACAuthenticator, authenticationHandler: org.janusgraph.graphdb.tinkerpop.gremlin.server.handler.SaslAndHMACAuthenticationHandler, config: { defaultUsername: user, defaultPassword: password, hmacSecret: secret, credentialsDb: conf/janusgraph-credentials-server.properties } } scriptEngines: { gremlin-groovy: { plugins: { org.janusgraph.graphdb.tinkerpop.plugin.JanusGraphGremlinPlugin: {}, org.apache.tinkerpop.gremlin.server.jsr223.GremlinServerGremlinPlugin: {}, org.apache.tinkerpop.gremlin.tinkergraph.jsr223.TinkerGraphGremlinPlugin: {}, org.apache.tinkerpop.gremlin.jsr223.ImportGremlinPlugin: {classImports: [java.lang.Math], methodImports: [java.lang.Math#*]}, org.apache.tinkerpop.gremlin.jsr223.ScriptFileGremlinPlugin: {files: []}}}} serializers: - { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV3d0, config: { ioRegistries: [org.janusgraph.graphdb.tinkerpop.JanusGraphIoRegistry] }} # Older serialization versions for backwards compatibility: - { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0, config: { ioRegistries: [org.janusgraph.graphdb.tinkerpop.JanusGraphIoRegistry] }} - { className: org.apache.tinkerpop.gremlin.driver.ser.GryoLiteMessageSerializerV1d0, config: {ioRegistries: [org.janusgraph.graphdb.tinkerpop.JanusGraphIoRegistry] }} - { className: org.apache.tinkerpop.gremlin.driver.ser.GryoMessageSerializerV1d0, config: { serializeResultToString: true }} - { className: org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerGremlinV2d0, config: { ioRegistries: [org.janusgraph.graphdb.tinkerpop.JanusGraphIoRegistry] }} - { className: org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerGremlinV1d0, config: { ioRegistries: [org.janusgraph.graphdb.tinkerpop.JanusGraphIoRegistryV1d0] }} - { className: org.apache.tinkerpop.gremlin.driver.ser.GraphSONMessageSerializerV1d0, config: { ioRegistries: [org.janusgraph.graphdb.tinkerpop.JanusGraphIoRegistryV1d0] }} processors: - { className: org.apache.tinkerpop.gremlin.server.op.session.SessionOpProcessor, config: { sessionTimeout: 28800000 }} - { className: org.apache.tinkerpop.gremlin.server.op.traversal.TraversalOpProcessor, config: { cacheExpirationTime: 600000, cacheMaxSize: 1000 }} metrics: { consoleReporter: {enabled: true, interval: 180000}, csvReporter: {enabled: true, interval: 180000, fileName: /tmp/gremlin-server-metrics.csv}, jmxReporter: {enabled: true}, slf4jReporter: {enabled: true, interval: 180000}, gangliaReporter: {enabled: false, interval: 180000, addressingMode: MULTICAST}, graphiteReporter: {enabled: false, interval: 180000}} maxInitialLineLength: 4096 maxHeaderSize: 8192 maxChunkSize: 8192 maxContentLength: 65536 maxAccumulationBufferComponents: 1024 resultIterationBatchSize: 64 writeBufferLowWaterMark: 32768 writeBufferHighWaterMark: 65536 janusgraph-credentials-server.properties gremlin.graph=org.janusgraph.core.JanusGraphFactory storage.backend=cql storage.hostname=127.0.0.1 storage.cql.keyspace=authentication cache.db-cache = true cache.db-cache-clean-wait = 20 cache.db-cache-time = 180000 cache.db-cache-size = 0.25 index.search.backend=elasticsearch index.search.hostname=127.0.0.1 empty-sample.groovy // Copyright 2019 JanusGraph Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // an init script that returns a Map allows explicit setting of global bindings. def globals = [:] // defines a sample LifeCycleHook that prints some output to the Gremlin Server console. // note that the name of the key in the "global" map is unimportant. globals << [hook : [ onStartUp: { ctx -> ctx.logger.info("Executed once at startup of Gremlin Server.") }, onShutDown: { ctx -> ctx.logger.info("Executed once at shutdown of Gremlin Server.") } ] as LifeCycleHook] // define the default TraversalSource to bind queries to - this one will be named "g". graph=JanusGraphFactory.open('conf/graph.properties') graph1=JanusGraphFactory.open('conf/graph1.properties') graph2=JanusGraphFactory.open('conf/graph2.properties') globals << [ g : graph.traversal(), g1 : graph1.traversal(), g2:graph2.traversal() ] I need to secure each and every schema. For example: Consider A,B,C,D,E,F as users and graph, graph1 and graph2 as 3 schemas. Then, A has access to the graph,graph1 B only graph Call the schema. so on for all the users. Request you to share your experience and Feedback. Thanks & Regards, Vinayak |
|
|
|
hadoopmarc@...
Hi Vinayak,
No, this is not possible. TinkerPop/JanusGraph currently only support authentication to the graph system as a whole and do not support authorization. Later this year, the Apache TinkerPop 3.5.0 release will offer authorization, though, which will then also become available through a future JanusGraph release. https://github.com/apache/tinkerpop/commit/61f7b8c08ac6a1232b460e100b3ff7c91ab4142d Until then, you will have to use separate Gremlin Server instances. Best wishes, Marc |
|
|
|
Vinayak Bali
Hi Marc, Thank You for the update. Authentication to the graph system as a whole is also not working for me for the configurations shared earlier. If I don't pass credentials then still API is returning the results. Authentication to the graph system as a whole will also work for now till the future versions are released. Request you to guide me to accomplish it. Thanks & Regards, Vinayak On Fri, Feb 5, 2021 at 1:31 PM <hadoopmarc@...> wrote: Hi Vinayak, |
|
|