-
Notifications
You must be signed in to change notification settings - Fork 572
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
refactor: apply auth profile only if other auth profiles are not enabled #19645
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had just one question about the difference between different auth profiles
@@ -34,7 +35,7 @@ public class WebappsConfigurationInitializer | |||
private static final Set<String> WEBAPPS_PROFILES = | |||
Set.of(OPERATE.getId(), TASKLIST.getId(), IDENTITY.getId()); | |||
private static final Set<String> LOGIN_DELEGATED_PROFILES = | |||
Set.of(IDENTITY_AUTH.getId(), SSO_AUTH.getId()); | |||
Set.of(IDENTITY_AUTH.getId(), SSO_AUTH.getId(), AUTH_BASIC.getId()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Ben-Sheppard I am trying to understand the difference between AUTH
, AUTH_BASIC
and IDENTITY_AUTH
is AUTH_BASIC
considered as authentication handled by (delegated to) identity with some basic functionalities?
How Identity
webapp behaves when AUTH
profile is used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah good point, so in this case its I guess not delegated in that sense to Identity, the AUTH_BASIC
profile relies currently on the Spring basic authentication login (the browser popup) so actually in that sense I don't think its considered delegated i.e. to the Identity service.
I will remove it from this set
Description
I would like to start making progress on integrating the webapps (starting with Operate) into the new central auth layer. This PR is a small refactor to the logic around when the default auth profile is applied.
Essentially I wanted to centralise that logic and remove the dependency on the Operate specific classes.