Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[FEATURE] add access control for gateway #4992

Merged
merged 1 commit into from
Nov 28, 2023
Merged

[FEATURE] add access control for gateway #4992

merged 1 commit into from
Nov 28, 2023

Conversation

sjgllgh
Copy link
Contributor

@sjgllgh sjgllgh commented Nov 28, 2023

What is the purpose of the change

I want to add access control functionality to gateway.

  1. Limit the usage of IP addresses for some users. Only the IP addresses configured in the configuration item can use Linkis.
  2. Limit some IP addresses to only send requests to the URL configured in the configuration item.
  3. First determine whether the current user can perform operations from the current IP address, and then determine whether the current IP address has permission to call the current interface.

Related issues/PRs

Related issues: #4983

Brief change log

  • I added the required configuration for access control in GatewayConfiguration.scala.
  • I added the core code for access control in SecurityFilter.scala.

How to use the new feature

The following configuration needs to be added to linkis-mg-gateway.properties

  • linkis.client.access.control.enable -- Whether to enable access configuration, default is false.
  • linkis.client.access.control.ip -- IPs that need to enable access restrictions.
  • linkis.client.access.control.url -- URLS that need to enable access restrictions.
  • linkis.client.access.control.user.enable -- Whether to enable access configuration for users.
  • linkis.client.access.control.user.${user} -- IPs that need to enable access restrictions.

Checklist

  • I have read the Contributing Guidelines on pull requests.
  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the Linkis mailing list first)
  • If this is a code change: I have written unit tests to fully verify the new behavior.

Copy link
Contributor

@peacewong peacewong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@peacewong peacewong merged commit fc3b23f into apache:master Nov 28, 2023
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants