///修改config.py
from flask_appbuilder.security.manager import AUTH_REMOTE_USER
AUTH_TYPE=AUTH_REMOTE_USER
from custom_sso_security_manager import CustomSsoSecurityManager
CUSTOM_SECURITY_MANAGER = CustomSsoSecurityManager
AUTH_USER_REGISTRATION = True #允许用户注册
AUTH_USER_REGISTRATION_ROLE = "Gamma" #设置默认添加用户角色
/superset根目录添加custom_sso_security_manager.py
from superset.security import SupersetSecurityManager
import logging
from flask_appbuilder.security.views import AuthRemoteUserView, expose
from flask_appbuilder.const import LOGMSG_WAR_SEC_LOGIN_FAILED
from flask import request,g, redirect
from flask_login import login_user, logout_user
import requests
import json
logger = logging.getLogger(__name__)
CAS_LOGIN_SERVER_URL = 'http://xxxxx/api/login/casLogin'
CAS_CHECK_SERVER_URL = 'http://xxxxx/api/login/currentUser'
CAS_LOGINOUT_SERVER_URL = 'http://xxxxx/api/login/out'
class MyAuthRemoteUserView(AuthRemoteUserView):
# this front-end template should be put under the folder `superset/templates/appbuilder/general/security`
# so that superset could find this templates to render
login_template = 'appbuilder/general/security/login_my.html'
title = "My Login"
# this method is going to overwrite
# https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/views.py#L556
@expose('/login/', methods=['GET', 'POST'])
def login(self):
print("My special login...")
if not g.user or not g.user.get_id():
return redirect(CAS_LOGIN_SERVER_URL+"?redirect="+request.host_url+"logincas")
print("loginSSO")
print(request.host_url)
@expose('/logincas/', methods=['GET', 'POST'])
def logincas(self):
token=request.args.get('token')
print("logincas"+token)
manager=self.appbuilder.sm
result = requests.get(CAS_CHECK_SERVER_URL + '?token=' + token)
userCAS = json.loads(result.content)
username=userCAS["loginName"]
user = manager.find_user(username=username)
print(user)
# User does not exist, create one if auto user registration.
if user is None and manager.auth_user_registration:
user = manager.add_user(
# All we have is REMOTE_USER, so we set
# the other fields to blank.
username=username,
first_name=username.split('@')[0],
last_name='-',
email=username,
role=manager.find_role(manager.auth_user_registration_role))
# If user does not exist on the DB and not auto user registration,
# or user is inactive, go away.
elif user is None or (not user.is_active):
logger.info(LOGMSG_WAR_SEC_LOGIN_FAILED.format(username))
return None
manager.update_user_auth_stat(user)
print(user)
login_user(user, remember=False)
return redirect(self.appbuilder.get_url_for_index)
@expose("/logout/")
def logout(self):
logout_user()
print("loginout")
return redirect(CAS_LOGINOUT_SERVER_URL+'?redirect='+request.host_url)
class CustomSsoSecurityManager(SupersetSecurityManager):
authremoteuserview=MyAuthRemoteUserView
Gamma角色添加权限
默认Gamma角色不能访问库,需设置角色,添加all database access on all_database_access权限(全部数据库)。