[Question] 1.2.0 create graph in rest-api throws auth related permission

[chenhong1990]

Bug Type (问题类型)

rest-api (结果不合预期)

Before submit

• 我已经确认现有的 Issues 与 FAQ 中没有相同 / 重复问题 (I have confirmed and searched that there are no similar problems in the historical issue and documents)

Environment (环境信息)

• Server Version: 1.2.0 (Apache Release Version)
• Backend: RocksDB x nodes, HDD or SSD
• OS: xx CPUs, xx G RAM, Ubuntu 2x.x / CentOS 7.x
• Data Size: xx vertices, xx edges

Expected & Actual behavior (期望与实际表现)

curl --location 'http://172.30.96.162:8081/graphs/test'
--header 'Content-Type: text/plain'
--header 'Authorization: Basic YWRtaW46MTIzNDU2Nzg='
--data 'gremlin.graph=org.apache.hugegraph.auth.HugeFactoryAuthProxy
backend=rocksdb
serializer=binary
store=test
rocksdb.data_path=/data/hugegraph1.2.0/apache-hugegraph-incubating-1.2.0/data/test
rocksdb.wal_path=/data/hugegraph1.2.0/apache-hugegraph-incubating-1.2.0/wal/test'

根据api调用创建图报错如下：
2024-04-02 17:47:42 [db-open-1] [INFO] o.a.h.b.s.r.RocksDBStore - Opening RocksDB with data path: /data/hugegraph1.2.0/apache-hugegraph-incubating-1.2.0/data/test/s
2024-04-02 17:47:42 [db-open-1] [INFO] o.a.h.b.s.r.RocksDBStore - Opening RocksDB with data path: /data/hugegraph1.2.0/apache-hugegraph-incubating-1.2.0/data/test/g
2024-04-02 17:47:42 [grizzly-http-server-8] [INFO] o.a.h.b.s.r.RocksDBStore - Write down the backend version: 1.11
2024-04-02 17:47:43 [grizzly-http-server-8] [ERROR] o.a.h.c.GraphManager - Failed to create graph 'test' due to: Failed to update/query TaskStore: java.util.concurrent.ExecutionException: java.lang.IllegalStateException: Missing authentication context when verifying resource permission
org.apache.hugegraph.HugeException: Failed to update/query TaskStore: java.util.concurrent.ExecutionException: java.lang.IllegalStateException: Missing authentication context when verifying resource permission
at org.apache.hugegraph.task.StandardTaskScheduler.call(StandardTaskScheduler.java:717) ~[hugegraph-core-1.2.0.jar:1.2.0]
at org.apache.hugegraph.task.StandardTaskScheduler.call(StandardTaskScheduler.java:704) ~[hugegraph-core-1.2.0.jar:1.2.0]
at org.apache.hugegraph.task.StandardTaskScheduler.init(StandardTaskScheduler.java:464) ~[hugegraph-core-1.2.0.jar:1.2.0]
at org.apache.hugegraph.StandardHugeGraph.initSystemInfo(StandardHugeGraph.java:415) ~[hugegraph-core-1.2.0.jar:1.2.0]
at org.apache.hugegraph.StandardHugeGraph.initBackend(StandardHugeGraph.java:364) ~[hugegraph-core-1.2.0.jar:1.2.0]
at org.apache.hugegraph.StandardHugeGraph.create(StandardHugeGraph.java:979) ~[hugegraph-core-1.2.0.jar:1.2.0]
at org.apache.hugegraph.auth.HugeGraphAuthProxy.create(HugeGraphAuthProxy.java:781) ~[hugegraph-api-1.2.0.jar:1.2.0]
at org.apache.hugegraph.core.GraphManager.createGraph(GraphManager.java:586) ~[hugegraph-api-1.2.0.jar:0.71.0.0]
at org.apache.hugegraph.core.GraphManager.createGraph(GraphManager.java:186) ~[hugegraph-api-1.2.0.jar:0.71.0.0]
at org.apache.hugegraph.api.profile.GraphsAPI.create(GraphsAPI.java:136) ~[hugegraph-api-1.2.0.jar:0.71.0.0]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_202]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_202]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_202]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_202]
at org.glassfish.jersey.server.model.internal.ResourceMethodInvocationHandlerFactory.lambda$static$0(ResourceMethodInvocationHandlerFactory.java:52) ~[jersey-server-3.0.3.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher$1.run(AbstractJavaResourceMethodDispatcher.java:124) ~[jersey-server-3.0.3.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.invoke(AbstractJavaResourceMethodDispatcher.java:167) ~[jersey-server-3.0.3.jar:?]
at org.glassfish.jersey.server.model.internal.JavaResourceMethodDispatcherProvider$ObjectOutInvoker.doDispatch(JavaResourceMethodDispatcherProvider.java:192) ~[jersey-server-3.0.3.jar:?]
at org.glassfish.jersey.server.model.internal.AbstractJavaResourceMethodDispatcher.dispatch(AbstractJavaResourceMethodDispatcher.java:79) ~[jersey-server-3.0.3.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:475) ~[jersey-server-3.0.3.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:397) ~[jersey-server-3.0.3.jar:?]
at org.glassfish.jersey.server.model.ResourceMethodInvoker.apply(ResourceMethodInvoker.java:81) ~[jersey-server-3.0.3.jar:?]

Vertex/Edge example (问题点 / 边数据举例)

No response

Schema [VertexLabel, EdgeLabel, IndexLabel] (元数据结构)

No response

[dosubot]

Hey @chenhong1990, great to see you back here! Hope everything else has been going smoothly for you.

Based on the error message you provided, it seems like the request to create the graph is not being correctly authenticated, possibly due to the credentials not being correctly applied to the request.

To resolve this issue, you need to ensure that your application is correctly using the OkHttpBasicAuthInterceptor to inject the authentication credentials into every request made to the HugeGraph server. Here's a checklist to troubleshoot and resolve the issue:

1. Ensure Interceptor is Added: Make sure that the OkHttpBasicAuthInterceptor is properly added to your OkHttpClient instance. This is crucial for the interceptor to be invoked for every request.

OkHttpClient client = new OkHttpClient.Builder()
    .addInterceptor(new OkHttpBasicAuthInterceptor("your_username", "your_password"))
    .build();

2. Correct Credentials: Double-check that the username and password provided to the OkHttpBasicAuthInterceptor constructor are correct and have the necessary permissions to create a graph in HugeGraph.

3. Use Latest Client Libraries: Ensure you are using a compatible version of the OkHttpClient library that works well with your version of HugeGraph. Incompatibilities between library versions can sometimes lead to unexpected behavior.

4. Review Server Configuration: On the server side, ensure that HugeGraph is correctly configured to require and validate basic authentication for API requests. Check the HugeGraph server's configuration files and logs for any indications of misconfiguration or errors related to authentication.

5. Inspect Request and Response: Use a tool like Wireshark or the logging capabilities of OkHttpClient to inspect the outgoing request and ensure that the Authorization header is correctly included and that the server's response does not indicate any other underlying issues.

You can find more details about the OkHttpBasicAuthInterceptor and its role in the authentication process in the source code.

If after following these steps the issue persists, it may be beneficial to consult the HugeGraph documentation or reach out to the HugeGraph community for further assistance, as there might be version-specific nuances or bugs affecting authentication.

Sources

• hg server 添加认证后，client方式创建模式出错．
• hugegraph-common/src/main/java/org/apache/hugegraph/rest/OkHttpBasicAuthInterceptor.java

About Dosu

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

[imbajin]

@dosu-bot nope, u get the wrong context, this should have nothing to do with OKHTTP

You should let the user try to access the creation without setting permissions first, check if it is OK, then gradually narrow down the scope of the problem and have the user test it in a clean environment/container environment.

If it can be easily replicated, provide the steps for replication so that it is convenient to confirm the problem

refer:

1. https://hugegraph.apache.org/docs/clients/restful-api/graphs/#615-create-graphthis-operation-requires-administrator-privileges

[dosubot]

Apologies for the confusion earlier, and thank you for your patience, @chenhong1990.

Based on the further guidance provided, it seems the issue might not be related to the client-side authentication setup as initially suggested. Instead, we should approach this problem by first ensuring that the issue isn't related to permission settings or environment-specific configurations.

Here's a step-by-step guide to help you troubleshoot and hopefully resolve the issue:

1. Access Without Setting Permissions: Try to access the creation of the graph without setting any permissions first. This step is to ensure that the basic functionality (creating a graph) works without the added complexity of permissions. If this works, it indicates that the issue is likely related to permission settings.

2. Narrow Down the Scope: If the graph creation works without permissions, gradually reintroduce permissions to narrow down the specific setting or configuration causing the issue. This incremental approach helps identify the exact cause.

3. Test in a Clean/Container Environment: If possible, replicate the issue in a clean environment or a container (e.g., Docker). This can help determine if the issue is environment-specific. A clean environment ensures that no previous configurations or data interfere with the process.

4. Provide Replication Steps: If the issue can be easily replicated, especially in a clean or container environment, please provide the steps you took to replicate the problem. This information is invaluable for diagnosing the issue more effectively and can help in identifying whether it's a bug or a misconfiguration.

By following these steps, we aim to isolate the problem and identify whether it's related to permissions, environment configurations, or perhaps something else. Your cooperation and detailed feedback at each step will be crucial in resolving this issue.

If you encounter any specific errors or behaviors at any step, please share them. This information will be critical in understanding what's going wrong and how we can help you fix it.

Thank you for working with us on this, and we look forward to getting to the bottom of this issue together.

About Dosu

This response is meant to be useful and save you time. It is not meant to be a precise solution, but rather a starting point for your own research.

Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant.

If you want to continue the conversation, start your reply with @dosu-bot.

[github-actions]

Due to the lack of activity, the current issue is marked as stale and will be closed after 20 days, any update will remove the stale label

[BreakMeEveryday]

@dosu-bot

I got the same problem and here is my situation. I did not config any information in rest-server.properties such as auth.authenticator, so in theory authentication should be not working or there is an default value to auth.authenticator?

# authentication configs
# choose 'org.apache.hugegraph.auth.StandardAuthenticator' or
# 'org.apache.hugegraph.auth.ConfigAuthenticator'
#auth.authenticator=

This is the code in GraphsAPI

   @POST
    @Timed
    @Path("{name}")
    @Consumes(TEXT_PLAIN)
    @Produces(APPLICATION_JSON_WITH_CHARSET)
    @RolesAllowed({"admin"}) // The entry point for problem, maybe.
    public Object create(@Context GraphManager manager,
                         @PathParam("name") String name,
                         @QueryParam("clone_graph_name") String clone,
                         String configText) {
        LOG.debug("Create graph '{}' with clone graph '{}', config text '{}'",
                  name, clone, configText);
        HugeGraph graph;
        if (StringUtils.isNotEmpty(clone)) {
            graph = manager.cloneGraph(clone, name, configText);
        } else {
            graph = manager.createGraph(name, configText);
        }
        return ImmutableMap.of("name", graph.name(),
                               "backend", graph.backend());
    }

Please tell me how to close the authentication or how to write the right code corresponding @RolesAllowed({"admin"})

[JackyYangPassion]

dynamic create graph you can use this body close the authentication

gremlin.graph=org.apache.hugegraph.HugeFactory
vertex.cache_type=l2
edge.cache_type=l2
backend=rocksdb
serializer=binary
store=test
rocksdb.data_path=/hugegraph-server/data/test/data
rocksdb.wal_path=/hugegraph-server/data/test/wal

ref #2418

[github-actions]

Due to the lack of activity, the current issue is marked as stale and will be closed after 20 days, any update will remove the stale label