问题描述

我最近发现FIWARE Lab中对Cosmos的WebHDFS的访问已受到OAuth2的保护.我知道我必须在请求中添加OAuth2令牌才能继续使用WebHDFS，但是:

I've recently seen the access to Cosmos' WebHDFS in FIWARE Lab has been protected with OAuth2. I know I have to add a OAuth2 token to the request in order to continue using WebHDFS, but:

• 如何获取令牌?
• 如何将令牌添加到请求中?

没有令牌，API始终返回:

Without the token, the API always returns:

$ curl -X GET "http://cosmos.lab.fi-ware.org:14000/webhdfs/v1/user/gtorodelvalle?op=liststatus&user.name=gtorodelvalle"
Auth-token not found in request header

推荐答案

是的，现在WebHDFS访问受OAuth2保护.这是用于在FIWARE中保护REST API的通用机制的一部分，该机制执行身份验证和授权.您可以在此处找到更多详细信息

Yes, now WebHDFS access is protected with OAuth2. This is part of the general mechanism for pretecting REST APIs in FIWARE, which performs authentication and authorization. You can find more details here.

首先，您必须向Cosmos令牌生成器请求OAuth2令牌.这是在cosmos.lab.fiware.org:13000中运行的服务.您可以使用任何REST客户端执行此操作，最简单的方法是使用curl命令:

First of all, you must request an OAuth2 token to the Cosmos tokens generator. This is a service running in cosmos.lab.fiware.org:13000. You can do this using any REST client, the easiest way is using the curl command:

$ curl -k -X POST "https://cosmos.lab.fiware.org:13000/cosmos-auth/v1/token" -H "Content-Type: application/x-www-form-urlencoded" -d "grant_type=password&username=frb@tid.es&password=xxxxxxxx"
{"access_token": "qjHPUcnW6leYAqr3Xw34DWLQlja0Ix", "token_type": "Bearer", "expires_in": 3600, "refresh_token": "V2Wlk7aFCnElKlW9BOmRzGhBtqgR2z"}

如您所见，有效载荷中需要FIWARE Lab凭据，其形式为基于密码的授权类型.

As you can see, your FIWARE Lab credentials are required in the payload, in the form of a password-based grant type.

获得访问令牌后(在上面的示例中为qjHPUcnW6leYAqr3Xw34DWLQlja0Ix)，只需将其添加到您过去执行的同一WebHDFS请求中即可.使用X-Auth-Token标头添加令牌:

Once the access token is got (in the example above, it is qjHPUcnW6leYAqr3Xw34DWLQlja0Ix), simply add it to the same WebHDFS request you were performing in the past. The token is added by using the X-Auth-Token header:

$ curl -X GET "http://cosmos.lab.fiware.org:14000/webhdfs/v1/user/frb/path/to/the/data?op=liststatus&user.name=frb" -H "X-Auth-Token: qjHPUcnW6leYAqr3Xw34DWLQlja0Ix"
{"FileStatuses":{"FileStatus":[...]}}

如果您使用随机令牌尝试上述请求，服务器将返回无效的令牌；那是因为您未正确通过身份验证:

If you try the above request with a random token the server will return the token is not valid; that's because you have not authenticated properly:

$ curl -X GET "http://cosmos.lab.fiware.org:14000/webhdfs/v1/user/frb/path/tp/the/data?op=liststatus&user.name=frb" -H "X-Auth-Token: randomtoken93487345"
User token not authorized

以同样的方式，如果使用有效的令牌但尝试访问另一个HDFS用户空间，您将得到相同的答案；那是因为您未被授权访问任何HDFS用户空间，而是您拥有的用户空间:

The same way, if using a valid token but trying to access another HDFS userspace, you will get the same answer; that's because you are not authorized to access any HDFS userspace but the one owned by you:

$ curl -X GET "http://cosmos.lab.fiware.org:14000/webhdfs/v1/user/fgalan/path/tp/the/data?op=liststatus&user.name=fgalan" -H "X-Auth-Token: qjHPUcnW6leYAqr3Xw34DWLQlja0Ix"
User token not authorized

重要更新:

从2016年夏季开始，cosmos.lab.fiware.org不再可用.而是设置了一对群集storage.cosmos.lab.fiware.org和computing.cosmos.lab.fiware.org.关于Cosmos的身份验证服务器，它当前在computing.cosmos.lab.fiware.org端口TCP/13000中运行.

From summer 2016, cosmos.lab.fiware.org is not workin anymore. Instead, a pair of clusters, storage.cosmos.lab.fiware.org and computing.cosmos.lab.fiware.org have been setup. Regarding the auth server of Cosmos, it currently run in computing.cosmos.lab.fiware.org, port TCP/13000.

这篇关于OAuth2在FIWARE Lab中访问Cosmos的WebHDFS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！