[KYUUBI #6079] Web UI support Basic authN

[beryllw]

🔍 Description

Issue References 🔗

This pull request fixes #6079

Describe Your Solution 🔧

Types of changes 🔖

• Bugfix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Test Plan 🧪

---

Checklist 📝

• This patch was not authored or co-authored using Generative Tooling

Be nice. Be informative.

[pan3793]

the frontend code needs to be modified so that all http request will attach a basic auth header

[beryllw]

the frontend code needs to be modified so that all http request will attach a basic auth header

frontend code means web-ui code?
If user login success, other http request will auto attach a basic auth header.
@pan3793 cc

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 58.45%. Comparing base (c8a40d9) to head (7a90286).
Report is 18 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master    #6258      +/-   ##
============================================
+ Coverage     58.42%   58.45%   +0.03%     
  Complexity       24       24              
============================================
  Files           651      652       +1     
  Lines         39513    39607      +94     
  Branches       5441     5450       +9     
============================================
+ Hits          23086    23154      +68     
- Misses        13954    13976      +22     
- Partials       2473     2477       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pan3793]

If user login success, other http request will auto attach a basic auth header.

interesting, let me verify it locally

[pan3793]

found 2 issues:

• if user input the wrong username/password, no way to correct
• only SQL editor works

[beryllw]

• if user input the wrong username/password, no way to correct

Fixing this will change the current authentication logic, i will try to fix it soon.
We need a new Exception class (different from AuthenticationException) to distinguish between authentication failure and forbidden access.

For now, users can correct user and password by clearing history.

• only SQL editor works

Other api return http status code 405? Because the current user is not an administrator.
And set kyuubi conf kyuubi.server.administrators=Set('user') can resolve this.

org.apache.kyuubi.server.api.v1.AdminResource#sessions
    if (!fe.isAdministrator(userName)) {
      throw new NotAllowedException(
        s"$userName is not allowed to list all live sessions")
    }

[pan3793]

Other api return http status code 405? Because the current user is not an administrator.

Oh, I see ...

[beryllw]

@pan3793 cc

[pan3793]

seems a explicitly logout button is required, otherwise user can not switch login user

[beryllw]

seems a explicitly logout button is required, otherwise user can not switch login user

https://stackoverflow.com/questions/233507/how-to-log-out-user-from-web-site-using-basic-authentication

What you have to do is have the user click a logout link, and send a ‘401 Unauthorized’ in response, using the same realm and at the same URL folder level as the normal 401 you send requesting a login.

Simple implementation is that when the user clicks the logout button, the server returns 401.

[pan3793]

Simple implementation is that when the user clicks the logout button, the server returns 401.

We can use a specific endpoint for that, so other endpoints behavior won't be affected

[beryllw]

Simple implementation is that when the user clicks the logout button, the server returns 401.

Login users cannot be displayed in this way.Implemented on the frontend code instead.
Please help to review the code. @pan3793 cc

support input valid

[pan3793]

Thanks, merged to master/1.9.1