This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2023-04-24
Channels
- # ai (41)
- # announcements (4)
- # babashka (14)
- # beginners (24)
- # calva (7)
- # clj-kondo (36)
- # cljsrn (4)
- # clojure (68)
- # clojure-austin (2)
- # clojure-europe (39)
- # clojure-nl (2)
- # clojure-norway (37)
- # clojure-uk (2)
- # clojurescript (7)
- # clr (8)
- # community-development (16)
- # core-async (7)
- # datalevin (67)
- # fulcro (11)
- # helix (1)
- # honeysql (2)
- # london-clojurians (2)
- # off-topic (60)
- # pedestal (3)
- # portal (2)
- # practicalli (1)
- # re-frame (7)
- # reitit (49)
- # releases (3)
- # shadow-cljs (2)
- # xtdb (16)
I am using JDBC for documents and transactions and RocksDB for indexes. I want to start two nodes which uses the same JDBC database. When I am starting another node, I am getting the following error,
Execution error (BindException) at (Net.java:-2).
Address already in use
Any idea what might be the issue?Wanted to test it in the local system. The plan is to have two services which starts a node and will use JDBC (a common RDS instance for storing docs and txns). Is there any way to do that or I am not understanding something and this questions is dumb 😅
I don’t think XTDB itself is starting listening ports, so perhaps you have some other network listeners in the same app?
I found the issue. There was an conflict in the nREPL port. I am sorry for asking this question. Thank you so much for the help 🙂
Hi, is there any guidance on how to secure xtdb? The only thing I found was jwks
in https://docs.xtdb.com/extensions/http/#_parameters. does that work with okta? does xtdb verify incoming requests for authorization headers? or do we need to implement our own authentication system? Thanks in advance!!
There is no explicit support for authentication in XTDB. If you only want to restrict access the database by role, you might do that with a web gateway. If you want more fine grained access control depending on the subject, that is something that is application specific. That said, we do have a project at https://github.com/juxt-site/site that demonstrates an authentication and authorization system on XTDB. Do feel free to DM me if you want more details and to discuss further. Or email me at <mailto:[email protected]|[email protected]>
Another relevant point on security is the predicate allowlist: https://docs.xtdb.com/administration/configuring/#fn-allowlist
Thanks for the pointers! are you guys saying jwks
doesn’t work? or it’s for something other than authentication?
Ah sorry I skimmed the messages too quickly! I think out jwks
config at least should work for basic global-level authentication. We've not found many opportunities to use it much ourselves in the time since we implemented it, but if it doesn't work for your needs then we can perhaps fix it 🙂 There are some tests which demonstrate working usage: https://github.com/xtdb/xtdb/blob/c7b237ebcca9868531b9e59b83353b760f3afd7c/modules/http-client/test/xtdb/remote_api_client_test.clj#L18
@U899JBRPF thanks! global-level auth is all i need for now! i take from the docs that jwks
is expecting a json string? an example would be really helpful. but i can try stuff out if there isn’t an example
those tests use JWKSet
https://www.javadoc.io/doc/com.nimbusds/nimbus-jose-jwt/latest/com/nimbusds/jose/jwk/JWKSet.html - looks like it's JSON, yep ☺️
> we do have a project at https://github.com/juxt-site/site that demonstrates an authentication and authorization system on XTDB. I think you have some broken examples there: https://github.com/juxt-site/site/blob/80803bf51b9dd5a9e571da866e69d0453f666727/doc/next/BasicAuthentication.adoc#permit-alice-to-access-the-protected-resource