如何给jobserver加入认证，本文给一些寻找答案的方式。

通过官方文档和示例一般就能够解决了。

首先启用shiro认证

在你的 conf配置文件里加入：

shiro {
  authentication = on
  # 推荐用绝对路径
  config.path = "shiro.ini"
}

然后在配置同一个目录加入 shiro.ini文件。

查看官方给的模板示例：

basic

https://github.com/spark-jobserver/spark-jobserver/blob/master/job-server/config/shiro.ini.basic.template

# =============================================================================
# Use this template for basic username / password authentication
# =============================================================================

# -----------------------------------------------------------------------------
# Format: Users and their passwords
# username = password
# -----------------------------------------------------------------------------
[users]
user1 = password1
user2 = password2
user3 = password3

这个结构为shiro认证的，完整结构为：user = password, role1,role2

LDAP认证

这个要复杂一些，加上了用户组：https://github.com/spark-jobserver/spark-jobserver/blob/master/job-server/config/shiro.ini.ldap.template

# Template for LDAP authorization
# To get detailed LDAP messages change log4j.rootLogger level to DEBUG in the log4j-server.properties file

#------------------#
# General Settings #
#------------------#
activeDirectoryRealm.contextFactory.url = ldap://localhost:389
activeDirectoryRealm.userDnTemplate = cn={0},ou=people,dc=xyz,dc=com
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager


#-------------------------------------------#
# LDAP authorization without group checking #
#-------------------------------------------#
# activate this for basic ldap authorization, without group checking
activeDirectoryRealm = org.apache.shiro.realm.ldap.JndiLdapRealm


#---------------------------------------------------#
# LDAP authorization with group membership checking #
#---------------------------------------------------#
# activate this for checking group membership of users based on the specified userSearchFilter and groupSearchFilter variable
# activeDirectoryRealm = spark.jobserver.auth.LdapGroupRealm
# search base for ldap groups (only relevant for LdapGroupRealm):
#activeDirectoryRealm.contextFactory.environment[ldap.searchBase] = dc=xyz,dc=com

# filter to authenticate users ({0} is replaced by the user name)
# activeDirectoryRealm.userSearchFilter=(&(objectClass=person)(CN={0}))

# filter to validate group membership ({0} is replaced by a group from the allowedGroups variable,
# {1} by the user name and {2} by the full user path in ldap)
# activeDirectoryRealm.groupSearchFilter=(&(member={2})(objectClass=posixGroup)(CN={0}))

# allowed groups as comma separated list
#activeDirectoryRealm.contextFactory.environment[ldap.allowedGroups] = group1,group2

最后访问

在浏览器会自动弹出认证框，google浏览器可能有问题，firefox没发现问题。

通过 curl 访问：

curl -k --basic --user 'user:pw' https://localhost:8090/contexts

# 或者用header
curl -H "Authorization:Basic xxx==" url

通过代码也是一样：

    /**
     * 构造Basic Auth认证头信息
     */
    private static String getHeader() {
        String auth = "username:passwrd";
        byte[] encodedAuth = Base64.encodeBase64(auth.getBytes(StandardCharsets.US_ASCII));
        return "Basic " + new String(encodedAuth);
    }