Superset单点登录调整源码

原创

草宝虫啊 2023-05-17 11:43:51 博主文章分类：superset ©著作权

文章标签 单点登录 flask json github 文章分类 JavaScript 前端开发

©著作权归作者所有：来自51CTO博客作者草宝虫啊的原创作品，请联系作者获取转载授权，否则将追究法律责任

///修改config.py 
from flask_appbuilder.security.manager import AUTH_REMOTE_USER
AUTH_TYPE=AUTH_REMOTE_USER
from custom_sso_security_manager import CustomSsoSecurityManager
 CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
 AUTH_USER_REGISTRATION = True   #允许用户注册
 AUTH_USER_REGISTRATION_ROLE = "Gamma"  #设置默认添加用户角色/superset根目录添加custom_sso_security_manager.py
 from superset.security import SupersetSecurityManager
 import logging
 from flask_appbuilder.security.views import AuthRemoteUserView, expose
 from flask_appbuilder.const import LOGMSG_WAR_SEC_LOGIN_FAILED
 from flask import request,g, redirect
 from flask_login import login_user, logout_user
 import requests
 import jsonlogger = logging.getLogger(__name__)
 CAS_LOGIN_SERVER_URL = 'http://xxxxx/api/login/casLogin'
 CAS_CHECK_SERVER_URL = 'http://xxxxx/api/login/currentUser'
 CAS_LOGINOUT_SERVER_URL = 'http://xxxxx/api/login/out'class MyAuthRemoteUserView(AuthRemoteUserView):
     # this front-end template should be put under the folder `superset/templates/appbuilder/general/security`
     # so that superset could find this templates to render
     login_template = 'appbuilder/general/security/login_my.html'
     title = "My Login"    # this method is going to overwrite 
     # https:///dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/views.py#L556
     @expose('/login/', methods=['GET', 'POST'])
     def login(self):
         print("My special login...")
         if not g.user or not g.user.get_id():
             return redirect(CAS_LOGIN_SERVER_URL+"?redirect="+request.host_url+"logincas")        print("loginSSO")
         print(request.host_url)    @expose('/logincas/', methods=['GET', 'POST'])
     def logincas(self):
         token=request.args.get('token')
         print("logincas"+token)
         manager=        result = requests.get(CAS_CHECK_SERVER_URL + '?token=' + token)
         userCAS = json.loads(result.content)
         username=userCAS["loginName"]
         user = manager.find_user(username=username)
         print(user)        # User does not exist, create one if auto user registration.
         if user is None and manager.auth_user_registration:
             user = manager.add_user(
             # All we have is REMOTE_USER, so we set
             # the other fields to blank.
                 username=username,
                 first_name=username.split('@')[0],
                 last_name='-',
                 email=username,
                 role=manager.find_role(manager.auth_user_registration_role))        # If user does not exist on the DB and not auto user registration,
         # or user is inactive, go away.
         elif user is None or (not user.is_active):
             (LOGMSG_WAR_SEC_LOGIN_FAILED.format(username))
             return None
             
         manager.update_user_auth_stat(user)
         print(user)
         login_user(user, remember=False)
         return redirect(self.appbuilder.get_url_for_index)    @expose("/logout/")
     def logout(self):
         logout_user()
         print("loginout")
         return redirect(CAS_LOGINOUT_SERVER_URL+'?redirect='+request.host_url)
        class CustomSsoSecurityManager(SupersetSecurityManager):
     authremoteuserview=MyAuthRemoteUserView
     
 Gamma角色添加权限
 默认Gamma角色不能访问库，需设置角色，添加all database access on all_database_access权限（全部数据库）。