Contents
This sample demonstrates the use of StreamBase authentication. That is, optionally limiting access to certain StreamBase commands, such as sbadmin shutdown, to users who can provide authentication credentials associated with one of the StreamBase roles.
Note that the authentication credentials that you define for use with StreamBase commands have no connection with system-level accounts. They are independent of each other. While you could use the same user-name and password combinations for StreamBase and a system-level account, it is not necessary.
Unlike the samples that focus on StreamBase operators, where the *.sbapp file contains specific data processing features, the Authentication sample is focused on configuration steps. It allows you to observe what happens at runtime when different types of StreamBase commands are attempted. For this reason, this topic does not describe the steps to create the simple authentication.sbapp application diagram.
In StreamBase Studio, import this sample with the following steps:
-
From the top menu, click → .
-
Select this application from the Applications list.
-
Click OK.
StreamBase Studio creates a project for each sample.
By default, the sample files are installed in:
-
On Windows:
C:\Program Files\StreamBase Systems\StreamBase.n.m\sample\authentication -
On UNIX:
/opt/streambase/sample/authentication
The Authentication sample consists of:
-
A StreamBase application,
authentication.sbapp. -
Scripts to add and remove authentication credentials (users). The
adduser.*script uses an sbuseradmin command to add users to thesbpasswdfile. Thedeleteuser.*script removes users from thesbpasswdfile. -
A feed simulation that provides test data,
order_simulation.sbfs. -
A comma-separated data file,
orders.csv. -
The
authentication.sbconfconfiguration file for the StreamBase Server process that will host theauthentication.sbappStreamBase application.
Note
While you can examine authentication.sbapp
in StreamBase Studio, note that the point of this sample is
not the application diagram itself. The point of this sample is to notice
how once authentication is enabled, users must provide valid credentials
in order to run StreamBase commands such as sbd, sbfeedsim, sbc
dequeue, and sbadmin
shutdown.
If you have problems running this sample in place because you do not have access rights to the install directories, copy this sample to a local directory where you have privileges to create or update the StreamBase password file.
The installed sample contains a customized StreamBase Server
configuration file, authentication.sbconf,
which includes the following authentication section:
<authentication>
<param name="enabled" value="true"/>
<param name="type" value="sb-password-file"/>
<param name="filepath" value="./sbpasswd"/>
</authentication>
This configuration enables authentication for all StreamBase
Server administration functions. (In the default sbd.sbconf file, authentication is disabled.) The file
that contains the StreamBase authentication information (user
name, password, and roles) is:
./sbpasswd
An empty password file is installed at streambase-directorystreambase-directoryC:\Program Files\StreamBase
Systems\StreamBase. On
UNIX it is .n.m/opt/streambase. This file is
protected by access rights. One must use an account (such as root on UNIX)
that has proper access rights to this file to add, remove, or update
StreamBase users.
To run this sample:
-
Start by opening a terminal window on UNIX, or a StreamBase Command Prompt on Windows.
-
Navigate to the location where you copied the StreamBase installed
sample/authenticationsubdirectory. -
On UNIX, run adduser.sh. Or on Windows, run adduser.bat. The script will add the following user/password/roles values:
User Password Roles sbmanager sbmanager SBAdmin sbdev sbdev SBDeveloper sbtest sbtest SBUser -
Start the sbd StreamBase Server with this command:
sbd -b -f authentication.sbconf authentication.sbappNote
The
-boption runs the StreamBase Server in background mode, allowing you to continue using the current terminal window or StreamBase Command Prompt. -
Dequeue from the output stream
ExpressOrders:sbc -u sb://localhost:10000;user=sbtest;password=sbtest dequeue ExpressOrdersNote
On UNIX, enclose the URI string in double quotes so that the semicolon is not interpreted as a delimiter. Please keep this UNIX rule in mind as you follow other command examples in the StreamBase READMEs. For example:
sbc -u "sb://localhost:10000;user=sbtest;password=sbtest" dequeue ExpressOrdersNotice that because authentication was enabled, you were able to execute this sbc dequeue command because the
sbtestcredentials were provided. -
In a second terminal window or StreamBase Command Prompt, run sbfeedsim to enqueue tuples:
sbfeedsim -u sb://localhost:10000;user=sbtest;password=sbtest order_simulation.sbfsThe sbc dequeue window should show the following tuples:
SB-1202,Network Management Corp,Desk Top Model 204,DT204,15,300,4500,true
SB-1204,Logical Design,Server Model 100,SV100,3,5000,15000,true
SB-1205,Mirage,Desk Top Model 204,DT204,5,300,1500,true
SB-1208,Royal Club,Desk Top Model 204,DT204,3,300,900,true
SB-1209,Core Security,Server Model 100,SV100,4,5000,20000,true
SB-1210,O'Reilly System,Desk Top Model 204,DT204,20,300,6000,true
-
Next, shutdown the StreamBase Server with this properly qualified command, which includes a correct set of authentication credentials:
sbadmin -u sb://localhost:10000;user=sbmanager;password=sbmanager shutdownNote
sbtest and sbdev will fail with other StreamBase users because those users are not associated with the
SBAdminrole. When authentication is enabled, that role is required to use the sbadmin shutdown command. -
Delete the StreamBase users from the
sbpasswdfile, by using these scripts:-
.\deleteuser.bat (Windows) -
./deleteuser.sh(UNIX)
-