Parent POM grouping two unrelated authentication helpers. They share no code — they're bundled here because both are about injecting security behavior into the server stack.
This directory is a Maven parent POM.
dolphinscheduler-actuator-authentication— Secures Spring Boot Actuator endpoints (/actuator/**and/dolphinscheduler/actuator/**) with HTTP Basic auth. ShipsActuatorAuthenticationAutoConfiguration+ActuatorSecurityProperties(management.security.*properties). Enabled whenmanagement.security.enabled=true. Excludable endpoints (health/info) via config list.dolphinscheduler-aws-authentication— AWS credential provider abstraction used by AWS-based datasource/task plugins (EMR, S3, SageMaker, DMS, DataSync, etc.). ExposesAWSCredentialsProviderFactorwith two strategies:STATIC(access key + secret) andINSTANCE_PROFILE(EC2/EKS IAM role).
- These two sub-modules are unrelated. Don't treat "authentication" as a coherent module — the actuator one is about operator access; the AWS one is about cloud-task credentials. They don't share any class.
- API login auth is NOT here. Session/password/LDAP/OIDC/CASDOOR login for the main API lives in
dolphinscheduler-api/src/main/java/org/apache/dolphinscheduler/api/security/. If a user says "auth", check which one they mean first. - Actuator: the sample config uses
{noop}password encoder. This is development-only; production must switch to{bcrypt}or an external IdP. - AWS:
STATICcredentials sit in plaintext config. Always preferINSTANCE_PROFILEon real infrastructure. When reading code that takes anAwsConfigmap, expect either style.
Minimal — auto-config wiring only. End-to-end auth is covered by dolphinscheduler-api-test.
dolphinscheduler-meter— exposes the actuator endpoints that-actuator-authenticationsecures.dolphinscheduler-task-plugin/-datasource-pluginAWS members — consume-aws-authentication.dolphinscheduler-api— for the real user-login code path (separate from this module).