New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature] option to skip authentication #4763

Closed
sanketrk opened this Issue Dec 24, 2016 · 5 comments

Comments

Projects
None yet
4 participants
@sanketrk

sanketrk commented Dec 24, 2016

Overview of the issue

I tried creating a jhipster app without user management but it still asks for login credentials. In spite of using --skip-user-management , the yo man still asks which is the authentication mechanism needed and on selecting one of the three, it generates code but fails to Login - as against the expectation that it should not even ask for logging-in.

Motivation for or Use Case

I was trying to protect a jHipster generated app with an external Identity / oAuth2 Server - KeyCloack

Explain why this is a bug for you
  1. The expectation was that, on booting the application, it directly takes me to home page - as if I am already logged-in.
Reproduce the error

yo jhipster --skip-user-management
It fails to boot & complains there are no user management related CSV exist etc.

Related issues

jHipster internal - #2811

Suggest a Fix

Option 1 : This is a useful feature for people wanting to use external identity management solutions or Ldap / Active Directory etc. Please see if it is possible to make it such that directly home page "as-if a user is already logged in" appears. (May be, with a .permitall() in SecurityConfig.) Or, another yo man option like - 'I want to Use and External Authentication Mechanism' -- in lieu of --skip-user-management hidden hint.
Option 2 : If it is not so easily resolvable, and if skip-user-management is an internal command for doing micro services, then removing the option from publicly available commands (to the end-users) is also a suggested fix :-)

JHipster Version(s)
resource-5@0.0.0 D:\CFEmicro\resource5
`-- generator-jhipster@3.12.2

JHipster configuration, a .yo-rc.json file generated in the root folder
{
  "generator-jhipster": {
    "jhipsterVersion": "3.12.2",
    "baseName": "resource5",
    "packageName": "com.sysapps.resource",
    "packageFolder": "com/sysapps/resource",
    "serverPort": "8080",
    "authenticationType": "oauth2",
    "hibernateCache": "ehcache",
    "clusteredHttpSession": false,
    "websocket": false,
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "mysql",
    "searchEngine": false,
    "messageBroker": false,
    "buildTool": "maven",
    "enableSocialSignIn": false,
    "useSass": false,
    "applicationType": "monolith",
    "testFrameworks": [
      "gatling"
    ],
    "jhiPrefix": "jhi",
    "skipUserManagement": true,
    "enableTranslation": false
  }
}
Entity configuration(s) entityName.json files generated in the .jhipster directory

Foo.json

{
    "fluentMethods": true,
    "relationships": [],
    "fields": [
        {
            "fieldName": "fooname",
            "fieldType": "String"
        }
    ],
    "changelogDate": "20161224174706",
    "dto": "no",
    "service": "no",
    "entityTableName": "foo",
    "pagination": "no"
}
Browsers and Operating System

java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

git version 2.7.0.windows.1

node: v6.9.1

npm: 3.8.0

bower: 1.8.0

gulp:
[23:38:02] CLI version 1.2.2
[23:38:02] Local version 3.9.1

yeoman: 1.8.5

Browsers and Operating System

Windows7

@deepu105

This comment has been minimized.

Show comment
Hide comment
@deepu105

deepu105 Dec 24, 2016

Member

The purpose of the flag is to skip the user management screen and not authentication. we do not provide an option to skip authentication hence this is not a bug but a feature request.
I'm not in favor of such an option as it ads additional maintenance burden for us. Anyway i'll leave the ticket open for other team members to add their opinion

Member

deepu105 commented Dec 24, 2016

The purpose of the flag is to skip the user management screen and not authentication. we do not provide an option to skip authentication hence this is not a bug but a feature request.
I'm not in favor of such an option as it ads additional maintenance burden for us. Anyway i'll leave the ticket open for other team members to add their opinion

@deepu105 deepu105 changed the title from yo jhipster --skip-user-management - does not work to [Feature] option to skip authentication Dec 24, 2016

@jdubois

This comment has been minimized.

Show comment
Hide comment
@jdubois

jdubois Dec 24, 2016

Member

Yes, it just removes the user management code, not the security.
We don't have an option to remove the security: if you need such a basic setup, then either remove our security config (delete the security config bean), or don't use JHipster. If you don't want any UI or security, basically you have a very simple need, so go with Spring Initializer, which will basically just give you a very simple pom.xml.

Member

jdubois commented Dec 24, 2016

Yes, it just removes the user management code, not the security.
We don't have an option to remove the security: if you need such a basic setup, then either remove our security config (delete the security config bean), or don't use JHipster. If you don't want any UI or security, basically you have a very simple need, so go with Spring Initializer, which will basically just give you a very simple pom.xml.

@jdubois jdubois closed this Dec 24, 2016

@jdubois jdubois modified the milestone: 4.0.0 Feb 2, 2017

@Alan-CS

This comment has been minimized.

Show comment
Hide comment
@Alan-CS

Alan-CS Nov 14, 2017

I generated a server app (using version 4.9.0) using the following command with default JWT security: jhipster --skip-client --with-entities --skip-user-management

Now, I can call my api's directly (from a rest client such as postman), without providing any Authorization header (aka the JWT token). Essentially, security is disabled.

But per the above discussion, by using --skip-user-management, security should still be there.

What am I missing here? Can someone please shed some light on what's going on?

Alan-CS commented Nov 14, 2017

I generated a server app (using version 4.9.0) using the following command with default JWT security: jhipster --skip-client --with-entities --skip-user-management

Now, I can call my api's directly (from a rest client such as postman), without providing any Authorization header (aka the JWT token). Essentially, security is disabled.

But per the above discussion, by using --skip-user-management, security should still be there.

What am I missing here? Can someone please shed some light on what's going on?

@jdubois

This comment has been minimized.

Show comment
Hide comment
@jdubois

jdubois Nov 14, 2017

Member

Why are you commenting on an old issue? Please use StackOverflow, this looks like an interesting question.

Member

jdubois commented Nov 14, 2017

Why are you commenting on an old issue? Please use StackOverflow, this looks like an interesting question.

@Alan-CS

This comment has been minimized.

Show comment
Hide comment
@Alan-CS

Alan-CS Nov 14, 2017

Thanks, asked the question on Stack Overflow. Please click here.

Alan-CS commented Nov 14, 2017

Thanks, asked the question on Stack Overflow. Please click here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment