Druid basic security

Hi,

I am doing authentication and authorizer in druid.

I have added below things to conf-quickstart/druid/_common/common.runtime.properties

-> druid.extensions.loadList=[“druid-kafka-indexing-service”, “postgresql-metadata-storage”, “druid-basic-security”]

-> # Creating an Authenticator and an authorizer (add extension - druid-basic-security)

druid.auth.authenticator.MyBasicAuthenticator.name=MyBasicAuthenticator

druid.auth.authorizer.MyBasicAuthorizer.name=MyBasicAuthorizer

druid.auth.authorizers=[“MyBasicAuthorizer”]

druid.auth.authorizer.MyBasicAuthorizer.type=basic

druid.auth.authenticatorChain=[“MyBasicAuthenticator”]

druid.auth.authenticator.MyBasicAuthenticator.type=basic

druid.auth.authenticator.MyBasicAuthenticator.initialAdminPassword=password1

druid.auth.authenticator.MyBasicAuthenticator.initialInternalClientPassword=password2

druid.auth.authenticator.MyBasicAuthenticator.authorizerName=MyBasicAuthorizer

# Escalator

druid.escalator.type=basic

druid.escalator.internalClientUsername=druid_system

druid.escalator.internalClientPassword=password2

druid.escalator.authorizerName=MyBasicAuthorizer

After adding I have restarted all the druid nodes but none of the nodes get started except coordinator and I am getting error also. I have attached the error also.

Please help me out if I have missed something or what additional things I have to add.

Thanks,

Monica

error.txt (19.4 KB)

Hi Monica:

I don’t see the first two properties were valid, or mentioned anywhere:

druid.auth.authenticator.MyBasicAuthenticator.name=MyBasicAuthenticator

druid.auth.authorizer.MyBasicAuthorizer.name****=MyBasicAuthorizer

Where did you find them? And would getting rid of those two help?

Thanks

Hi,

I have tried my removing these two properties also, still the same error I am facing.

I am using druid version 0.12.3. Can u help me out.

Thanks,

Monica

Hi Monica

The error “Input does not start with Smile format header” indicated some user credential you configured there was not working. Are you sure all the auth bootstrap user configs were default when the problem happened? Was there no change?

Thanks

Hi Ming,

I am attaching my common.runtime.properties. I have just added those credentials lines and nothing I have changed.

Can you check that file and let me know if any changes is required.

Thank,

Monica

common.runtime.properties (4.56 KB)

Hi Monica, sorry for the delays.

I do not see any misconfig in your attached common.runtime.properties file.

Can you verify if the following two commands work for you?

curl -X GET -u admin:password1 -H ‘Content-Type: application/json’ http://localhost:8081/druid-ext/basic-security/authentication/db/MyBasicAuthenticator/users

curl -X GET -u druid_system:password2 -H ‘Content-Type: application/json’ http://localhost:8081/druid-ext/basic-security/authentication/db/MyBasicAuthenticator/users

Hi Ming,

I have run both curl commands. Here is the output:

[“admin”,“druid_system”]

Error 401

HTTP ERROR: 401

Problem accessing /druid-ext/basic-security/authentication/db/MyBasicAuthenticator/users. Reason:

    Unauthorized

Powered by Jetty:// 9.3.19.v20170502

For second curl command I am getting the error.

Thanks,

Monica

Hi Monica, looks like the initial client’s already had a password, and it was not password2. Can you try deleting the druid_system user, as admin, then restart the cluster ? Hopefully Druid can help to recreate the druid_system user again with the password2 password, and make you curl call successful.

Hi Ming,

Now it is working fine. Thanks for the help.

Thanks,

Monica