centraldogma 安全配置

centraldogma 支持多种安全配置，而且安全在实际业务使用中是比较重要的，以下是集成shiro 的一个简单配置

环境准备

• docker-compose 文件

version: "3"

services: 

    app:

        image: line/centraldogma

        volumes: 

        - "./shiro.ini:/opt/centraldogma/conf/shiro.ini"

        - "./dogma.json:/opt/centraldogma/conf/dogma.json"

        ports: 

        - "36462:36462" 

• dogma.json

{

    "dataDir": "./data",

    "ports": [

      {

        "localAddress": {

          "host": "*",

          "port": 36462

        },

        "protocols": [

          "http"

        ]

      }

    ],

    "tls": null,

    "trustedProxyAddresses": null,

    "clientAddressSources": null,

    "numWorkers": null,

    "maxNumConnections": null,

    "requestTimeoutMillis": null,

    "idleTimeoutMillis": null,

    "maxFrameLength": null,

    "numRepositoryWorkers": 16,

    "maxRemovedRepositoryAgeMillis": null,

    "repositoryCacheSpec": "maximumWeight=134217728,expireAfterAccess=5m",

    "gracefulShutdownTimeout": {

      "quietPeriodMillis": 1000,

      "timeoutMillis": 10000

    },

    "webAppEnabled": true,

    "webAppTitle": null,

    "mirroringEnabled": null,

    "numMirroringThreads": null,

    "maxNumFilesPerMirror": null,

    "maxNumBytesPerMirror": null,

    "replication": {

      "method": "NONE"

    },

    "csrfTokenRequiredForThrift": null,

    "accessLogFormat": "common",

    "authentication": {

        "factoryClassName": "com.linecorp.centraldogma.server.auth.shiro.ShiroAuthProviderFactory",

        "administrators": ["admin"],

        "caseSensitiveLoginNames": false,

        "sessionCacheSpec": "maximumSize=8192,expireAfterWrite=604800s",

        "sessionTimeoutMillis": 604800000,

        "sessionValidationSchedule": "0 30 */4 ? * *",

        "properties": "./conf/shiro.ini"

      }

  }

• shiro.ini
  内置可几个账户

 

# =======================

# Shiro INI configuration

#

# This configuration file is used by Central Dogma for configuring its authentication and authorization subsystem.

# Note that you have to set the 'securityEnabled' configuration property in 'dogma.json' to 'true' first.

#

# Please visit https://shiro.apache.org/configuration.html for more information.

# =======================

 

[main]

# Objects and their properties are defined here, such as the SecurityManager, Realms, etc.

 

[users]

# The 'users' section is for simple deployments when you only need a small number of statically-defined

# set of user accounts.

# You may configure statically-defined user accounts as follows:

# The following line makes 'admin' account with 'secret' password.

admin = demo

dalong = demo

test = demo

appdemo =demo

[roles]

# The 'roles' section is for simple deployments when you only need a small number of statically-defined roles.

 

[urls]

# The 'urls' section is used for url-based security in web applications. We'll discuss this section in the

# web documentation.

• 说明
  admin为管理员，其他是普通用户，如果需要访问需要通过授权访问

运行效果

默认admin demo 是管理员的密码

• 配置访问控制

创建一个项目同时添加一个repo，appdemo 为成员

• 访问效果

appdemo 可以访问demoapp 配置

参考资料

https://line.github.io/centraldogma/auth.html