[DISCUSS]About the front end menu jump, is it secret free?

[binbincheng <74...@qq.com.INVALID>]

Wechat group "Apache Linkis community Development group " chat records are as follows:


Mr. Lightning:
@Zhang Qi @ Yin Qiang, the appconn of any other third-party system, actually only does the back-end secret-free, such as publishing and scheduling to ds or scheduling. For the front-end menu jump, it does not do the secret-free, is it?


Yin Qiang:
It is confidential


Mr. Lightning:
@Enjoyyin_ Yin Qiang @ WDS is when docking with ds, after adding the token settings of ds. The front end adds ds menu to jump. Is it actually the first time that it can be password-free?


Yin Qiang:
Yes, did you follow the installation steps of DolphinSchedulerAppConn?


tree:
The actual effect on my side is that this jump is not password-free and requires login


r@Fy2 :
+1


Mr. Lightning:
OK, let me test again. Yes, the job flow can be published to DS normally


Mr. Lightning:
From my own experience, I really need to log in. I don't know where this piece of secret free logic is


Mr. Lightning:
where?


Yin Qiang:
Take a look at your non-secret jump


Mr. Lightning:
I see only a url


Yin Qiang:
The password-free of DolphinScheduler does not follow the first-level specification of DSS, but obtains the user token of DolphinScheduler for jump


Yin Qiang:
Other are orthodox DSS level-1 password-free jump specifications, including front-end and back-end


Yin Qiang:
Strangely, F12 looks at all http requests from the time of logging in to DSS.


Mr. Lightning:
The other normal is that index.js seems to be abnormal


Yin Qiang:
Check whether there is a Restful request:/dss/framework/project/ds/token


Mr. Lightning:
Absolutely not


Yin Qiang:
So it seems to be a front-end problem. Is the front-end package compiled by yourself?


Mr. Lightning:
I tested none of the systems


Mr. Lightning:
My should be compiled by myself


Mr. Lightning:
@Trees.  @ r@FY2 Take a look, two big men


tree:
My front-end package is downloaded from the official website, which is the same phenomenon


Mr. Lightning:
But there should be no problem with my compilation


Yin Qiang:
Other components also go to the login page? Are the front and back platforms compiled by themselves? When was the version compiled?


Mr. Lightning:
Yes, any system needs to be logged in, that is, jump from the menu. I use dss release 1.1.0


r@Fy2 :
The same is true for others.


Yin Qiang:
I need to locate this problem with the front end. It seems that the front end has not triggered the request to obtain the token at all


r@Fy2 :
But you only need to log in once. After logging in once, the second jump is normal


Mr. Lightning:
+1


tree:
+1


r@Fy2 :
It feels like this table is not effective. You must log in and generate a token yourself


Mr. Lightning:
@ r@FY2 It can't be said that there is no such thing. If you can't release the DS on the schedule without this, the release will definitely take effect.



r@Fy2 :
Is this a token that is used after login


Mr. Lightning:
No, you can publish it without logging in.


Yin Qiang:
Let me confirm that if you have never logged in to the DolphinScheduler, do you need to log in to the DolphinScheduler from the workflow development page to the dispatch center?


Yin Qiang:
Or can this page be displayed normally? Can the function of this page be used normally?


r@Fy2 :
I have logged in, and have successfully jumped. The clear buffer is also normal...


r@Fy2 :
Let me exit and have a look,


Yin Qiang:
Try setting up a schedule to see if it can succeed


r@Fy2 :
@Yin Qiang@ r@FY2 Can run tasks normally


Yin Qiang:
Strangely, this is the DolphinScheduler that is directly requested. There is no need to log in here. Why do you need to jump? Try again to see if you want to log in.


Mr. Lightning:
Now the problem is the menu on the left


Yin Qiang:
Try again from the left menu to see if you want to log in.


Mr. Lightning:
There is no interface to call the token


Yin Qiang:
I probably understand that we have ignored the fact that the front end of the DolphinScheduler request and the back end of the DolphinScheduler will not bring the token from the DSS side


Yin Qiang:
This is really a problem


Yin Qiang:
DSS requests for DolphinScheduler all carry tokens in the request, but DolphinScheduler's own front-end request background will not carry this token


Mr. Lightning:
This is basically the case with other quality schedules


Yin Qiang:
It seems that it is still necessary to connect with the DolphinScheduler to the first-level specification. I want to think about how to add a new jar and put it under the DolphinScheduler's lib.


Yin Qiang:
Please mention an issue. Let's fix it as soon as possible.


Yin Qiang:
For components of WeDataSphere, we will issue a document and configure the database to solve the security problem


Yin Qiang:
Curiously, in fact, the dispatching center can basically meet all scheduling requirements. What is the purpose of jumping to the DolphinScheduler page?


Mr. Lightning:
Haha, my idea is whether there will be mixed projects. Some projects or job streams are native to DS. I personally think that after the release of DS, multi-tenant seems to have no way to land. Because the multi-tenant of ds 1.3.9 does not seem to be implemented, only one keytab file is used directly.


Mr. Lightning:
Then set the user queue under the keytab. But think about it.


Mr. Lightning:
@ r@FY2 I can't take screenshots on my intranet. Is it convenient for you to mention ISSUE


r@FY2 ：
OK, I'll clean it after dinner



-----------------




微信群“Apache Linkis社区开发群”聊天记录
如下面所述：



闪电先生：
@张旗 @尹强 任何其它第三方系统的appconn，其实只是做了后端的免密，例如发布调度到ds或者到schedulis,对于前端菜单跳转，其实是没有做免密的是吗？


尹强 ：
是免密的


闪电先生：
@Enjoyyin_尹强@WDS 就是对接ds的时候，添加了ds的token设置以后。前端添加ds菜单进行跳转，其实是第一次也可以免密吗？



尹强 ：
可以的，是按照DolphinSchedulerAppConn的安装步骤安装的么？


乔木：
我这边的实际效果这个跳转不是免密的  也是需要登录的


r@Fy2:
+1


闪电先生：
好 我再测试一下 是的，作业流可以正常发布到ds上面


闪电先生：
我自己使用的经验来看，确实是需要登陆的，不知道这一块免密的逻辑做在


闪电先生：
哪里?


尹强 ：
看下你们的非免密跳转情况


闪电先生：
我看到只是一个url


尹强 ：
DolphinScheduler的免密，走的不是DSS的一级规范，而是获取了DolphinScheduler的用户token用于跳转


尹强 ：
其他都是正统的DSS一级免密跳转规范，包括前端和后台


尹强 ：
奇怪,F12看下所有的http请求,就是从登陆DSS之后的。


闪电先生：
其它正常 就是这个index.js好像异常


尹强 ：
看下有没有这个Restful请求：/dss/framework/project/ds/token


闪电先生：
确实是没有


尹强 ：
这么说，看上去是前端问题。自己编译的前端包吗?


闪电先生：
我测试了任何一个系统都没有


闪电先生：
我的应该是自己编译的……


闪电先生：
@乔木。 @r@FY2 二位大佬看看


乔木:
我的前端包是下载的官网的  也是一样的现象


闪电先生：
不过我的编译应该是没有问题的


尹强 ：
其他组件也是到登录页面？前后台都是自己编译的？什么时候编译的版本？


闪电先生：
是的 任何一个系统都是需要登陆的，就是从菜单跳转过去。我用的是 dss release 1.1.0



r@Fy2:
其他也是这样。


尹强 ：
这个问题我需要找前端一起定位一下，看上去是前端根本没有触发获取token的请求


r@Fy2:
但是只需要登陆一次，登陆一次后，第二次跳转就正常了


闪电先生：
+1


乔木:
+1


r@Fy2:
感觉像这个表没生效一样，必须要自己登陆生成token


闪电先生：
@r@FY2 也不能说没有,如果没有这个 你无法发布调度上ds,这个发布是肯定生效了的。


r@Fy2:
发布这个是不是用的登陆过后带的token


闪电先生：
不会的 发布肯定用的 数据库里面的,你不登陆 也可以发布。


尹强 ：
我确认一下，如果从没有登录DolphinScheduler，从工作流开发页面的前往调度中心进DolphinScheduler需要登录吗？


尹强 ：
或者这么说，这个页面能不能正常展示？这个页面的功能能不能正常使用？


r@Fy2:
我这登陆过了，已经成功跳转了，清缓冲也正常的。。。


r@Fy2:
我退出看一下,


尹强 ：
试试设置调度看看，看能不能成功


r@Fy2:
@尹强@r@FY2 可以正常运行任务


尹强 ：
奇怪，这就是直接请求的DolphinScheduler啊,这里不需要登录，为啥跳转需要呢，你再跳转一下试试，看要不要登录。


闪电先生：
现在有问题的是左边那个菜单


尹强 ：
左边菜单再试试,看要不要登录。


闪电先生：
没有调那个token的接口


尹强 ：
我大概明白了，我们忽略了一点，就是DolphinScheduler的前端请求后DolphinScheduler的后台，不会带DSS这边的token


尹强 ：
这个确实是个问题


尹强 ：
DSS请求DolphinScheduler，都是在请求里面带了token的，但是DolphinScheduler自己的前端请求后台不会带这个token


闪电先生：
其它的qualitis schedulis 基本上都是这个情况


尹强 ：
看上去跟DolphinScheduler还是要对接一级规范才能行，我想想怎么搞，可能需要再加一个新jar，放到DolphinScheduler的lib下面去才行。


尹强 ：
麻烦提个issue吧，我们尽快修复一下。


尹强 ：
WeDataSphere的组件，我们出一份文档，配置一下数据库就可以解决免密问题了


尹强 ：
好奇问下，其实调度中心基本能满足所有调度需求，大家要跳到DolphinScheduler页面去的目的是啥？


闪电先生：
哈哈我的想法是是不是会有混合项目的用法，部分项目或者作业流是ds原生的。我个人认为，发布到ds以后，多租户似乎是没有办法落地了。因为ds 1.3.9的多租户似乎是没有实现，直接只用了一个keytab文件。



闪电先生：
然后再这个keytab下面去设置用户的队列。不过想想 好像是实际调的linkis。


闪电先生：
@r@FY2 我这边内网不能截图，你那边方便提ISSUE吗


r@FY2：
OK，吃完饭我来整下