This guide will show you how to configure username/password authentication for Deephaven.
Username/password is a common authentication method in which an application can be used by a certain number of users, each with their own username and password. It verifies the identity of a user through the username, and that the user is who they say they are, with the secret password.
The example configuration given in this guide is not recommended for use in a production environment. It is only meant to show a basic implementation that can be used as a template.
Username/password authentication requires some extra configuration on top of Deephaven's basic setup. First and foremost, username/password combinations will be stored in a SQL DB that will be run from Docker alongside the Deephaven application. Additionally, a JAR file that manages the authentication itself will be added to the Deephaven classpath as an extra configuration parameter.
For a basic setup, there are three required files:
- A SQL file to create a database of username/password combinations.
- A Dockerfile that will build the Deephaven image and add the required JAR to the Deephaven classpath.
- A docker-compose file that builds the SQL and Deephaven services.
More advanced setups will build off this basic configuration.
This example setup is not recommended for use in a production environment. It is only meant to show a simple configuration with a single user.
The following SQL file will create a database with a single table (
users), in the
deephaven_username_password_auth schema. It has a single entry for a user named
admin with the password
p@ssw0rd does not meet minimum security requirements. It is hashed in the SQL file for protection, but that is not sufficient in the case of an adversarial attack.
CREATE SCHEMA deephaven_username_password_auth;
CREATE TABLE deephaven_username_password_auth.users (
username TEXT UNIQUE NOT NULL,
password_hash TEXT NOT NULL,
rounds INT NOT NULL
INSERT INTO deephaven_username_password_auth.users (username, password_hash, rounds)
VALUES ('admin', '$2a$10$kjbt1Fq4k4W6EB67GDhAauuIWeI8ppx2gsi6.zLL2R5UYokek8nqO', 10);
The Dockerfile will add a required JAR file to the Deephaven classpath. This JAR file contains all the nuts and bolts necessary for username/password authentication through SQL.
Make sure that the Deephaven version (0.26.1 below) is the same as the version given in your
ADD https://repo1.maven.org/maven2/io/deephaven/deephaven-sql-username-password-authentication-provider/0.26.1/deephaven-sql-username-password-authentication-provider-0.26.1-all.jar /apps/libs/
Lastly, create the
docker-compose.yml. It will create two services:
# This file creates a single deephaven user, with username admin and password p@ssw0rd
# The container requires a admin password - this is unsafe, but usable for testing
command: postgres -c fsync=off -c synchronous_commit=off
environment: START_OPTS=-Xmx4g -DAuthHandlers=io.deephaven.authentication.sql.BasicSqlAuthenticationHandler
Start Deephaven with
docker compose up --build, head to
https://localhost:10000/ide, and enter the username/password combo to start writing queries.