Articles in this section

How to Enable Basic Auth in Druid

Ian
Updated

Overview

Basic Auth in Druid sets up an Authenticator that supports HTTP Basic authentication using the Druid metadata store or LDAP as its credentials store.  It also sets up an Authorizer that implements basic role-based access control for Druid metadata store or LDAP users and groups.  Please keep in mind that TLS should also be enabled to prevent credentials from being passed in plain text.

 

Configuration

The below steps are an example of implementing Druid Basic Auth.

First, add the basic-auth extension to Druid in the common.runtime.properties. 

druid.extensions.loadList=["druid-basic-security", "druid-histogram", "druid-datasketches", "druid-kafka-indexing-service", "imply-utility-belt"]

Set up the basic Authenticator, Authorizer, and Escalator config in the same common.runtime.properties: (The below excerpt can be directly copied and pasted)

# Druid basic security
druid.auth.authenticatorChain=["MyBasicMetadataAuthenticator"]

druid.auth.authenticator.MyBasicMetadataAuthenticator.type=basic
druid.auth.authenticator.MyBasicMetadataAuthenticator.initialAdminPassword=password1
druid.auth.authenticator.MyBasicMetadataAuthenticator.initialInternalClientPassword=password2
druid.auth.authenticator.MyBasicMetadataAuthenticator.credentialsValidator.type=metadata
druid.auth.authenticator.MyBasicMetadataAuthenticator.skipOnFailure=false
druid.auth.authenticator.MyBasicMetadataAuthenticator.authorizerName=MyBasicMetadataAuthorizer

# Escalator
druid.escalator.type=basic
druid.escalator.internalClientUsername=druid_system
druid.escalator.internalClientPassword=password2
druid.escalator.authorizerName=MyBasicMetadataAuthorizer

druid.auth.authorizers=["MyBasicMetadataAuthorizer"]

druid.auth.authorizer.MyBasicMetadataAuthorizer.type=basic

 

If you are a Pivot admin, you can establish a basic Druid authorization using the Pivot UI:

  1. Click the Person icon in the top right corner to open the Settings menu.

  2. Click the Connections chevron.

  3. In the Default auth token field, enter the following string: {"type":"basic-auth","username":"admin","password":"druid"}.

References

Druid documentation -> https://druid.apache.org/docs/latest/development/extensions-core/druid-basic-security.html

Git gist -> https://gist.github.com/davidagee/c0c839cd23f047b838e8a3ea73320346

Securing Druid -> https://imply.io/post/securing-druid

 

Was this article helpful?
0 out of 0 found this helpful