Superset用户集成方案2

superset 认证分析

superset基于flask-appbuilder开发,security基于flask_appbuilder.security,翻阅其代码,

找到入口: superset/__init__.py:

custom_sm = app.config.get('CUSTOM_SECURITY_MANAGER') or SupersetSecurityManager
if not issubclass(custom_sm, SupersetSecurityManager):
    raise Exception(
        """Your CUSTOM_SECURITY_MANAGER must now extend SupersetSecurityManager,
         not FAB's security manager.
         See [4565] in UPDATING.md""")
 
appbuilder = AppBuilder(
    app,
    db.session,
    base_template='superset/base.html',
    indexview=MyIndexView,
    security_manager_class=custom_sm,
    update_perms=get_update_perms_flag(),
)
 
security_manager = appbuilder.sm

默认使用SupersetSecurityManager,继承自SecurityManager

class SupersetSecurityManager(SecurityManager):
 
    def get_schema_perm(self, database, schema):
        if schema:
            return '[{}].[{}]'.format(database, schema)
 
    def can_access(self, permission_name, view_name):
        """Protecting from has_access failing from missing perms/view"""
        user = g.user
        if user.is_anonymous:
            return self.is_item_public(permission_name, view_name)
        return self._has_view_access(user, permission_name, view_name)
        
...

我们再来看SecurityManager及父类,发现,登录是通过auth_view来控制的,默认是AUTH_DB,也就是AuthDBView。

""" Override if you want your own Authentication LDAP view """
      authdbview = AuthDBView
      
        if self.auth_type == AUTH_DB:
            self.user_view = self.userdbmodelview
            self.auth_view = self.authdbview()
    
 @property
    def get_url_for_login(self):
        return url_for('%s.%s' % (self.sm.auth_view.endpoint, 'login'))

再来看authdbview:

class AuthDBView(AuthView):
    login_template = 'appbuilder/general/security/login_db.html'
 
    @expose('/login/', methods=['GET', 'POST'])
    def login(self):
        if g.user is not None and g.user.is_authenticated:
            return redirect(self.appbuilder.get_url_for_index)
        form = LoginForm_db()
        if form.validate_on_submit():
            user = self.appbuilder.sm.auth_user_db(form.username.data, form.password.data)
            if not user:
                flash(as_unicode(self.invalid_login_message), 'warning')
                return redirect(self.appbuilder.get_url_for_login)
            login_user(user, remember=False)
            return redirect(self.appbuilder.get_url_for_index)
        return self.render_template(self.login_template,
                               title=self.title,
                               form=form,
                               appbuilder=self.appbuilder)

对外提供'/login/'接口,读取HTTP POST里的用户名,密码,然后调用auth_user_db验证,验证通过调用login_user生成认证信息。

因此,我们可以自定义AuthDBView,改为从我们自己的应用认证即可。

使用jwt来验证superset

自定义CustomAuthDBView,继承自AuthDBView,登录时可以通过cookie或者url参数传入jwt token,然后验证通过的话,自动登录,。

import jwt
import json
class CustomAuthDBView(AuthDBView):
    login_template = 'appbuilder/general/security/login_db.html'
 
    @expose('/login/', methods=['GET', 'POST'])
    def login(self):
        token = request.args.get('token')
        if not token:
            token = request.cookies.get('access_token')
        if token is not None:
            jwt_payload = jwt.decode(token,'secret',algorithms=['RS256'])
            user_name = jwt_payload.get("user_name")
            user = self.appbuilder.sm.find_user(username=user_name)
            if not user:
               role_admin = self.appbuilder.sm.find_role('Admin')
               user = self.appbuilder.sm.add_user(user_name, user_name, 'aimind', user_name + "@aimind.com", role_admin, password = "aimind" + user_name)
            if user:
                login_user(user, remember=False)
                redirect_url = request.args.get('redirect')
                if not redirect_url:
                    redirect_url = self.appbuilder.get_url_for_index
                return redirect(redirect_url)
            else:
                return super(CustomAuthDBView,self).login()
        else:
            flash('Unable to auto login', 'warning')
            return super(CustomAuthDBView,self).login()

如果用户不存在,通过self.appbuilder.sm.add_user自动添加用户。

然后再引入这个CustomAuthDBView,

class CustomSecurityManager(SupersetSecurityManager):
    authdbview = CustomAuthDBView

最后,再引入这个CustomSecurityManager,在superset_config.py 里增加:

from aimind_security import CustomSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSecurityManager

在应用里集成superset

集成就简单了,访问,'SUPER_SET_URL/login/?token=jwt_token' 即可,可以通过iframe无缝集成。

转载于:https://www.cnblogs.com/xiaoqi/p/intergate-superset.html

posted @ 2021-08-12 10:13  数据行者  阅读(1577)  评论(0编辑  收藏  举报