Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve user auth in gafferpop #2991

Closed
t92549 opened this issue Jun 28, 2023 · 1 comment · Fixed by #3202
Closed

Improve user auth in gafferpop #2991

t92549 opened this issue Jun 28, 2023 · 1 comment · Fixed by #3202
Assignees
@tb06904
Labels
enhancement Improvement to existing functionality/feature tinkerpop Specific to/touches the tinkerpop module
Milestone
v2.2.1

Comments

@t92549
Copy link
Contributor

t92549 commented Jun 28, 2023

Describe the new feature you'd like
There is basic auth in Gaffer's tinkerpop graph provided via config:

Gaffer/library/tinkerpop/src/main/java/uk/gov/gchq/gaffer/tinkerpop/GafferPopGraph.java

Line 141 in 920bbc3

.userId(configuration().getString(USER_ID, User.UNKNOWN_USER_ID))

We should look into how this might actually work with real auth, for example using a provided user factory

Describe alternatives you've considered
If connecting to a proxy store, could auth be handled by the target store?
@t92549 t92549 added enhancement Improvement to existing functionality/feature tinkerpop Specific to/touches the tinkerpop module labels Jun 28, 2023
@GCHQDeveloper314 GCHQDeveloper314 added this to the Backlog milestone Jul 7, 2023
@t92549 t92549 changed the title Improve user auth in tinkerpop Improve user auth in gafferpop Jan 5, 2024
@GCHQDeveloper314 GCHQDeveloper314 mentioned this issue Apr 22, 2024
Merged
@tb06904
Copy link
Member

tb06904 commented Apr 23, 2024
edited
Loading

Some discussion about this in: Originally posted by @tb06904 in #3195 (comment)

It appears the gremlin server already provides a kind of authentication layer for users to authenticate against before accessing the server see: https://tinkerpop.apache.org/docs/3.7.2/reference/#security

A proposal would be to utilise this layer instead of a user factory to either reuse or create a custom Authenticator class that can handle the initial user auth and then an Authorizer that configures any additional restrictions based on the supplied query and handle modifying the traversal strategy of the request to add user object or user ID. An example of an Authorizer can be found here.

@tb06904 tb06904 modified the milestones: Backlog, v2.3.0 Apr 26, 2024
@tb06904 tb06904 linked a pull request May 1, 2024 that will close this issue
Gh-2991: Improve User Authorisation in GafferPop #3202
Merged
@github-actions github-actions bot mentioned this issue May 1, 2024
Merged
tb06904 added a commit that referenced this issue May 1, 2024
@tb06904
Merge branch 'develop' into gh-2991-improve-user-auth-in-gafferpop
3fff53b
@GCHQDeveloper314 GCHQDeveloper314 modified the milestones: v2.3.0, v2.2.1 May 7, 2024
GCHQDeveloper314 pushed a commit that referenced this issue May 7, 2024
@tb06904
Gh-2991: Improve User Authorisation in GafferPop (#3202)
0210c47 
* Add basic authentication system

* add testing to authoriser

* Update testing

* remove log and fix javadoc link
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tb06904 tb06904

Labels
enhancement Improvement to existing functionality/feature tinkerpop Specific to/touches the tinkerpop module
Projects
None yet
Milestone
v2.2.1
Development

Successfully merging a pull request may close this issue.

Gh-2991: Improve User Authorisation in GafferPop gchq/Gaffer
3 participants
@t92549 @GCHQDeveloper314 @tb06904