mirror of https://github.com/alibaba/arthas.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
81 lines
2.5 KiB
Markdown
81 lines
2.5 KiB
Markdown
3 years ago
|
# auth
|
||
4 years ago
|
|
||
|
3 years ago
|
::: tip
|
||
|
|
Authenticates the current session
|
||
|
|
:::
|
||
|
4 years ago
|
|
||
|
|
### Configure username and password
|
||
|
|
|
||
|
|
When attaching, you can specify a password on the command line. such as:
|
||
|
|
|
||
|
|
```
|
||
|
|
java -jar arthas-boot.jar --password ppp
|
||
|
|
```
|
||
|
|
|
||
|
3 years ago
|
- The user can be specified by the `--username` option, the default value is `arthas`.
|
||
|
|
- You can also configure username/password in `arthas.properties`. The priority of the command line is higher than that of the configuration file.
|
||
|
|
- If only `username` is configured and no `password` is configured, a random password will be generated and printed in `~/logs/arthas/arthas.log`
|
||
|
4 years ago
|
|
||
|
|
```
|
||
|
|
Using generated security password: 0vUBJpRIppkKuZ7dYzYqOKtranj4unGh
|
||
|
|
```
|
||
|
4 years ago
|
|
||
|
4 years ago
|
### Local connection does not require authentication
|
||
|
3 years ago
|
|
||
|
4 years ago
|
By default, there are configurations in the `arthas.properties` file:
|
||
|
|
|
||
|
|
```
|
||
|
|
arthas.localConnectionNonAuth=true
|
||
|
|
```
|
||
|
3 years ago
|
|
||
|
4 years ago
|
When the password is configured, connect from localhost, the authentication is not required. The default configuration value is true, which is convenient for local connection. Authentication is only required when connecting remotely.
|
||
|
|
|
||
|
4 years ago
|
### Authenticate in the telnet console
|
||
|
|
|
||
|
|
After connecting to arthas, directly executing the command will prompt for authentication:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
[arthas@37430]$ help
|
||
|
|
Error! command not permitted, try to use 'auth' command to authenticates.
|
||
|
|
```
|
||
|
|
|
||
|
|
Use the `auth` command to authenticate, and you can execute other commands after success.
|
||
|
|
|
||
|
|
```
|
||
|
|
[arthas@37430]$ auth ppp
|
||
|
|
Authentication result: true
|
||
|
|
```
|
||
|
|
|
||
|
3 years ago
|
- The user can be specified by the `--username` option, the default value is `arthas`.
|
||
|
4 years ago
|
|
||
|
|
### Web console Authentication
|
||
|
|
|
||
|
|
Open the browser, there will be a pop-up window prompting you to enter your username and password.
|
||
|
|
|
||
|
|
After success, you can directly connect to the web console.
|
||
|
|
|
||
|
|
### HTTP API Authentication
|
||
|
|
|
||
|
4 years ago
|
#### HTTP Authorization Header(recommended)
|
||
|
|
|
||
|
4 years ago
|
Arthas uses the HTTP standard Basic Authorization.
|
||
|
|
|
||
|
3 years ago
|
- Reference: [https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication](https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication)
|
||
|
4 years ago
|
|
||
|
4 years ago
|
For example, if the user name is: `admin` and the password is `admin`, the combination is a string: `admin:admin`, the base64 result is: `YWRtaW46YWRtaW4=`, then the HTTP request adds the `Authorization` header:
|
||
|
4 years ago
|
|
||
|
|
```bash
|
||
|
|
curl 'http://localhost:8563/api' \
|
||
|
|
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \
|
||
|
3 years ago
|
--data-raw '{"action":"exec","command":"version"}'
|
||
|
4 years ago
|
```
|
||
|
|
|
||
|
|
#### URL parameters
|
||
|
|
|
||
|
|
It supports passing username and password in parameters. such as:
|
||
|
|
|
||
|
|
```bash
|
||
|
|
curl 'http://localhost:8563/api?password=admin' \
|
||
|
3 years ago
|
--data-raw '{"action":"exec","command":"version"}'
|
||
|
|
```
|