New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Authenticate with client certificate for /apidoc/** routes #1568
Conversation
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Signed-off-by: Carson Cook <carson.cook@ibm.com>
…catalog-apidoc-with-cert
...catalog-services/src/main/java/org/zowe/apiml/apicatalog/security/SecurityConfiguration.java
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Minor comments, otherwise looks good.
There is this point:
Note: Since some services might be already providing a client certificate that is ignored during authentication, the solution needs to take this into account and preserve current behavior in cases when user credentials are provided together with the client certificate.
I wonder whether we don't need a test to prove this?
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Signed-off-by: Carson Cook <carson.cook@ibm.com>
Added integration tests for cert + basic auth for GW URL to apidoc and not-apidoc route, as well as for service URL to apidoc route. |
…catalog-apidoc-with-cert
Signed-off-by: Carson Cook <carson.cook@ibm.com>
I am looking into the failing test, as I can run container setup and hit the same problem. Edit: Through debug, it doesn't seem that the x509 filter in Catalog filter chain sees any certificate in request under |
Signed-off-by: jandadav <janda.david@gmail.com>
SonarCloud Quality Gate failed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
Description
Allow certificate to be used to authenticate to /apidoc/** routes on the API Catalog.
Linked to #1523
Type of change
Please delete options that are not relevant.
Checklist:
For more details about how should the code look like read the Contributing guideline