Unable to setup Simple Authentication on Gremlin

183 views
Skip to first unread message

v.sure...@gmail.com

unread,
May 17, 2019, 8:27:26 AM5/17/19
to JanusGraph users
Hello Everyone,

We are trying to enable a simple authentication on Gremlin Server using JanusGraphSimpleAuthenticator and HttpBasicAuthenticationHandler and credentials stored under default berkley DB.

Gremlin Server yaml

ssl: {
  enabled
: false,
}
authentication
: {
   authenticator
: org.janusgraph.graphdb.tinkerpop.gremlin.server.auth.JanusGraphSimpleAuthenticator,
   
#authenticationHandler: org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler,
   authenticationHandler
: org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler,
   config
: {
     defaultUsername
: "suresh",
     defaultPassword
: "password123",
     credentialsDb
: conf/tinkergraph-credentials.properties
   
}
 
}


tinkergraph-credentials
gremlin.graph=org.janusgraph.core.JanusGraphFactory
storage
.backend=berkeleyje
storage
.directory=db/berkeley

Added user credentials
gremlin> graph=JanusGraphFactory.open("conf/tinkergraph-credentials.properties")

gremlin
> credential=credentials(graph)

gremlin
> credential.createUser("suresh","password123")

gremlin> credential.findUser('suresh')
==>v[4320]
 


Started Gremlin Server with the yaml file and tried submitting a command
gremlin-server.sh /tmp/gremlin-server.yaml &

gremlin> cluster = Cluster.build().credentials('suresh','password123').addContactPoint("IP_ADDRESS").port(8185).create();
==>/IP_ADDRESS:8185
gremlin
> cluster.connect().submit("100+30")
org
.apache.tinkerpop.gremlin.driver.exception.ResponseException: Username and/or password are incorrect
Type ':help' or ':h' for help.
Display stack trace? [yN]


Again tried with HttpBasicAuthenticationHandler
ssl: {
  enabled
: false,
}
authentication
: {
   authenticator
: org.janusgraph.graphdb.tinkerpop.gremlin.server.auth.JanusGraphSimpleAuthenticator,
   authenticationHandler
: org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler,
   
#authenticationHandler: org.apache.tinkerpop.gremlin.server.handler.SaslAuthenticationHandler,
   config
: {
     defaultUsername
: "suresh",
     defaultPassword
: "password123",
     credentialsDb
: conf/tinkergraph-credentials.properties
   
}
 
}




And got this exception
50830 [gremlin-server-worker-1] WARN  io.netty.channel.ChannelInitializer  - Failed to initialize a channel. Closing: [id: 0x545936cc, L:/IP_ADDRESS:8185 - R:/IP_ADDRESS:35084]
io
.netty.channel.ChannelPipelineException: org.apache.tinkerpop.gremlin.server.handler.HttpBasicAuthenticationHandler is not a @Sharable handler, so can't be added or removed multiple times.
        at io.netty.channel.DefaultChannelPipeline.checkMultiplicity(DefaultChannelPipeline.java:581)
        at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:196)
        at io.netty.channel.DefaultChannelPipeline.addLast(DefaultChannelPipeline.java:189)
        at org.apache.tinkerpop.gremlin.server.channel.WebSocketChannelizer.configure(WebSocketChannelizer.java:113)
        at org.apache.tinkerpop.gremlin.server.AbstractChannelizer.initChannel(AbstractChannelizer.java:160)
        at org.apache.tinkerpop.gremlin.server.AbstractChannelizer.initChannel(AbstractChannelizer.java:68)
        at io.netty.channel.ChannelInitializer.initChannel(ChannelInitializer.java:113)
        at io.netty.channel.ChannelInitializer.handlerAdded(ChannelInitializer.java:105)
        at io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:593)
        at io.netty.channel.DefaultChannelPipeline.access$000(DefaultChannelPipeline.java:44)
        at io.netty.channel.DefaultChannelPipeline$PendingHandlerAddedTask.execute(DefaultChannelPipeline.java:1357)
        at io.netty.channel.DefaultChannelPipeline.callHandlerAddedForAllHandlers(DefaultChannelPipeline.java:1092)
        at io.netty.channel.DefaultChannelPipeline.invokeHandlerAddedIfNeeded(DefaultChannelPipeline.java:642)
        at io.netty.channel.AbstractChannel$AbstractUnsafe.register0(AbstractChannel.java:456)
        at io.netty.channel.AbstractChannel$AbstractUnsafe.access$200(AbstractChannel.java:378)
        at io.netty.channel.AbstractChannel$AbstractUnsafe$1.run(AbstractChannel.java:428)
        at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:399)
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:464)
        at io.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
        at java.lang.Thread.run(Thread.java:748)

On Client
gremlin> cluster.connect().submit("100+30")
20:17:06 ERROR org.apache.tinkerpop.gremlin.driver.Handler$GremlinResponseHandler  - Could not process the response
java
.io.IOException: Connection reset by peer
        at sun
.nio.ch.FileDispatcherImpl.read0(Native Method)
        at sun
.nio.ch.SocketDispatcher.read(SocketDispatcher.java:39)
        at sun
.nio.ch.IOUtil.readIntoNativeBuffer(IOUtil.java:223)
        at sun
.nio.ch.IOUtil.read(IOUtil.java:192)
        at sun
.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:380)
        at io
.netty.buffer.PooledUnsafeDirectByteBuf.setBytes(PooledUnsafeDirectByteBuf.java:221)
        at io
.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:892)
        at io
.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:243)
        at io
.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:119)
        at io
.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:646)
        at io
.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:581)
        at io
.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
        at io
.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:460)
        at io
.netty.util.concurrent.SingleThreadEventExecutor$2.run(SingleThreadEventExecutor.java:131)
        at java
.lang.Thread.run(Thread.java:748)
20:17:06 WARN  org.apache.tinkerpop.gremlin.driver.Client  - Could not initialize connection pool for Host{address=host.domain/IP_ADDRESS:8185, hostUri=ws://host.domain:8185/gremlin} - will try later

Appreciate if someone help in highlighting any additional steps that may be required to enable a simple Auth.

Thanks,
Suresh
Message has been deleted

HadoopMarc

unread,
May 19, 2019, 9:12:08 AM5/19/19
to JanusGraph users
Hi Suresh,

Two things:
- although the properties file for your credentialsdb contains the word TinkerGraph I assume you use a backend supported by JanusGraph (probably HBase in your case)?
- the ref docs note:

Important

In the following example, credentialsDb should be different from the graph(s) you are using. It should be configured with the correct backend and a different keyspace, table, or storage directory as appropriate for the configured backend. This graph will be used for storing usernames and passwords.


So, the properties file for the credentialsdb should contain a line like (when using the HBase backend for the credentialsdb):
    storage.hbase.table=credentialsdb

Marc


Op vrijdag 17 mei 2019 14:27:26 UTC+2 schreef v.sure...@gmail.com:

v.sure...@gmail.com

unread,
May 19, 2019, 2:14:57 PM5/19/19
to JanusGraph users
Hi Marc,

In this case I was using the default Berkeley db and was able to add the user n credentials via gremlin console but was not able to authenticate.

Though I didn't try with Hbase storage that we have however I can do a trial by using credentials db table on Hbase but was wondering if it really makes any difference by having a different storage?

Regards,
Suresh

v.sure...@gmail.com

unread,
May 20, 2019, 1:08:44 PM5/20/19
to JanusGraph users
Hi Marc,

Thanks,  it started working after using the properties of HBase storage and table credentialsdb. Besides I noticed that the credentialsdb table shouldn't have any users created before starting the gremlin server, other wise it throws back constraint violation exception as it tries to creates index using the same property.

Regards,
Suresh V
Reply all
Reply to author
Forward
0 new messages