New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[gateway/management-api] http core services should not enforce basic authentication #791

Closed
blackfich opened this Issue Sep 15, 2017 · 1 comment

Comments

Projects
None yet
2 participants
@blackfich

blackfich commented Sep 15, 2017

the new HTTP core services should not enforce authentication. One should be able to disable authentication from setting in conf file

Expected Behavior

when services.core.http.authentication.type is set to none no authentication should be required

Current Behavior

currently basic authentication is hardcoded and does not take into account the type of authentication

Possible Solution

when services.core.http.authentication.type is set to none , don't attach any AuthHandler to the mainRouter and nodeRouter routes

retrieve authentication type from config file:

@Value("${services.core.http.authentication.type:basic}")
private String authenticationType;

act on it:

AuthHandler authHandler = null;
switch ( authenticationType.toLowerCase() ) {
   case "none":
      break;
   case "basic":
      authHandler = BasicAuthHandler.create(authProvider, "gravitee.io");
      break;
   default:
      throw new IllegalArgumentException("Unsupported Authentication type " + authenticationType + " for HTTP core services");
}

// Set security handler is defined
if ( authHandler != null ) {
   mainRouter.route().handler(authHandler);
   nodeRouter.route().handler(authHandler);
}

Context

We want to use the new health check ability but without the need for authentication (the port it is on is not exposed to the outside world)

Your Environment

  • Version used: 1.9.0
  • Browser Name and version: N/A
  • Operating System and version: CentOS/7
@blackfich

This comment has been minimized.

blackfich commented Sep 15, 2017

I will propose au PR next week regarding this new feature

@brasseld brasseld changed the title from [gateway/management] http core services should not enforce basic authentication to [gateway/management-api] http core services should not enforce basic authentication Oct 6, 2017

@brasseld brasseld added this to the 1.10.0 milestone Oct 6, 2017

@brasseld brasseld self-assigned this Oct 6, 2017

brasseld added a commit to gravitee-io/gravitee-management-rest-api that referenced this issue Oct 17, 2017

brasseld added a commit to gravitee-io/gravitee-gateway that referenced this issue Oct 17, 2017

@brasseld brasseld assigned blackfich and unassigned brasseld Oct 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment