For the past 12 weeks I have been working on adding a new authentication and authorization mechanism to Bindaas, a data integration middleware. Bindaas provides a common RESTful interface to various data sources like Apache Drill, MySQL and MongoDB. Bindaas exposes APIs to execute CRUD operations on these data sources. Calls to these operations must be accompanied by a token which is used to authenticate the end user. Earlier token generation and management was handled by Bindaas itself. As part of my GSoC project I have decoupled this from Bindaas by using auth0. auth0 is an Authentication as a Service platform with support for multiple identity providers (like Google, Github). The user logins through one of these identity providers and auth0 returns an access token (in the form of a JWT). After getting the access token, the user can use it to call the Bindaas endpoints. This has been implemented using Authorization Code Flow as described in RFC 6749. Internally Bindaas verifies that the token is valid and has been issued by auth0. An another advantage of using auth0 is that it allows us to modify these tokens to add a custom claim for role which is used for authorization check.
I am proud to share that we will soon be releasing Bindaas v4.0.0 which will include all these features. Over the summer I added 3000+ new lines of code across 100+ files. All the work I did is well documented in the links provided in the useful links section. Do go through them for a detailed understanding of the project.
- Steps to Build and Run
- Useful Links
- Commit History
- Future Work
- Using Bindaas in Your Research
- Acknowledgements
> git clone https://github.com/tushar-97/bindaas.git
> cd bindaas
> git checkout add-jwt-token-new
> mvn clean install
> cd binaries/bin
> java -Dpid=BINDAAS_INSTANCE -Xmx1024m -jar org.eclipse.osgi_3.10.100.v20150529-1857.jar -console
- I have been maintaining a weekly blog post which keeps track of changes made during a particular week, reasoning for making those changes along with proper documentation. You can check it out at Tushar's Blog Post: Everything GSoC!
- I have also written a descriptive wiki for all the new features that I have added and that will be a part of the next major release. It is recommended to go through the wiki if you want to try out the new features. You can have a look at Bindaas v4.0.0 Release Notes
- The repository and feature branch!
Commit | Description |
---|---|
19f2ba7 | Adding a basic JWT Manager |
a2e6405 | Changing method signatures of JWTManager |
e4486a9 | Removing Token Class |
b89e9c7 | Updating methods in JWTManager |
2210624 | Update to show only JWT in web console |
1204e2f | Merge pull request #1 from sharmalab/dev |
1d51d8b | Merge branch 'dev' of https://github.com/tushar-97/bindaas into dev |
c227a24 | Added null check for MongoDB Credentials. Fixes #35 |
f599e55 | Adding basic modification/deletion of tokens |
20aed06 | Updated default Authentication Provider to OAuthPrpovider. Default protocol updated to JWT |
ad4d2fd | Removed Token object. Added claim verification |
bc8ec5a | Adding authenticationProtocol to config |
d1cd05b | UI changes for adding authentication protocol |
6d11c28 | Fixing version config |
4bd14b0 | Adding protocol for Bindaas-Trusted-App-Client-API |
3b1e89a | Updated authorizeUser endpoint for Bindaas-Trusted-App-Client-API |
5de0439 | Fixing typo |
ebd8ef8 | Merge pull request #3 from tushar-97/gsoc-week2 |
9ef5e59 | Adding Trusted-App-Client |
47df65d | Added trusted-app-client from https://github.com/nadirsaghar/Bindaas-Trusted-App-Client-API/tree/master/trusted-app-client. Made changes to /authorizeUser endpoint to support protocol |
dca68e0 | Rollback commit |
086cd8a | Merge branch 'add-jwt-token' of https://github.com/tushar-97/bindaas into add-jwt-token |
b206cb9 | Rollback commit |
266e485 | Adding trusted-app-client from https://github.com/nadirsaghar/Bindaas-Trusted-App-Client-API/tree/master/trusted-app-client. Updated /authorizeUser to support protocol |
d8c6faa | Restructuring trusted-app-client |
84094df | Updated /revokeUser to support protocol. Updated /listAPIKeys as /listAuthenticationTokens to support protocol. Updated /issueShortLivedApiKey as /issueShortLivedAuthenticationToken to support protocol |
f712fb6 | Added limit for short lived JWT |
37bdc5f | Added logging module to trusted-app-client. Added server side log messages for trusted-app-client endpoints |
6cd19d1 | Added TrustedAppClientConstants |
8d88f7e | Adding null checks |
6f97483 | Added trusted-app-client to main pom. Moved trusted app-client from tools to projects/misc |
816db80 | Merge pull request #13 from sharmalab/add-jwt-token |
6186b69 | Updated log messages |
18637c7 | Added client side(js) code for auth0 |
209755d | Updated server side logic to better handle login/logout |
986bd6f | Get userinfo from auth0 |
eb2b044 | Server side changes to handle access token |
a049373 | Changes to trusted-app-client |
9232715 | Added role using auth0. Role based view for web-console |
acba3f0 | Added flow of ROLE till mongo provider level |
43ab747 | Creating properties file for auth0 configuration |
6ffddd4 | Removing JIRA's issue collector script |
e0ba277 | Removing unnecessary code |
f7ea9eb | Added constants for api_key, jwt and role |
486526f | Added reveal token link in web-console |
e05adb6 | Changing data source view to include authorization collection |
eb6e8c1 | Server side changes for authorization |
2aff477 | Added authorization check for count, delete and find operations |
df86ec7 | Adding caching for authorization rules |
684fb31 | Authorization for submit handler |
46a0d93 | Refactoring |
a045ec2 | Refactoring |
5126382 | Added null check for role |
Authorization is only available for Mongo provider at the time of writing. We plan to extend it to all the other providers as well. We further need to discuss real world use cases for authorization and update the logic accordingly.
Please cite the below, if you use Bindaas in your research
[1] Kathiravelu, P., Saghar, Y. N., Aggarwal, T. & Sharma, A. (2019). Data Services with Bindaas: RESTful Interfaces for Diverse Data Sources. In IEEE International Conference on Big Data. Dec. 2019.
The entire GSoC experience has been a very fulfilling one, in part due to my mentor Pradeeban Kathiravelu, who gave me the space to work on new ideas and just the right amount of guidance to see them through to fruition. I would also like to thank my mentor Ashish Sharma and everyone else at Sharmalab, Emory University for all their help and support. We will continue to bring new features to Bindaas to help you with your big data needs!