Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
[Feature] option to skip authentication #4763
Overview of the issue
I tried creating a jhipster app without user management but it still asks for login credentials. In spite of using --skip-user-management , the yo man still asks which is the authentication mechanism needed and on selecting one of the three, it generates code but fails to Login - as against the expectation that it should not even ask for logging-in.
Motivation for or Use Case
I was trying to protect a jHipster generated app with an external Identity / oAuth2 Server - KeyCloack
Explain why this is a bug for you
Reproduce the error
yo jhipster --skip-user-management
jHipster internal - #2811
Suggest a Fix
Option 1 : This is a useful feature for people wanting to use external identity management solutions or Ldap / Active Directory etc. Please see if it is possible to make it such that directly home page "as-if a user is already logged in" appears. (May be, with a .permitall() in SecurityConfig.) Or, another yo man option like - 'I want to Use and External Authentication Mechanism' -- in lieu of --skip-user-management hidden hint.
JHipster configuration, a
The purpose of the flag is to skip the user management screen and not authentication. we do not provide an option to skip authentication hence this is not a bug but a feature request.
changed the title from
yo jhipster --skip-user-management - does not work
[Feature] option to skip authentication
Dec 24, 2016
Yes, it just removes the user management code, not the security.
I generated a server app (using version 4.9.0) using the following command with default JWT security: jhipster --skip-client --with-entities --skip-user-management
Now, I can call my api's directly (from a rest client such as postman), without providing any Authorization header (aka the JWT token). Essentially, security is disabled.
But per the above discussion, by using --skip-user-management, security should still be there.
What am I missing here? Can someone please shed some light on what's going on?