Uploaded image for project: 'Spring XD'
  1. Spring XD
  2. XD-2855

Basic security makes xd-shell throw 403 Forbidden error

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Done
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: 1.1 GA
    • Fix Version/s: 1.1.2, 1.2 M1
    • Component/s: Documentation, REST
    • Labels:
      None

      Description

      After enabling admin endpoint security in servers.yml using basic authentication and single user

      spring:
        profiles: admin
      security:
        basic:
          enabled: true # false to disable security settings (default)
          realm: SpringXD
        user: # valid only if security.basic.enabled=true
          name: myadmin
          password: myadmin
      

      Spring XD UI is secured however xd-shell commands are resulting in a 403 error:

      server-unknown:>admin config server --uri http://localhost:9393 --username myadmin --password myadmin
      Successfully targeted http://localhost:9393
      xd:>admin config info
        -------------  -------------------------------------------
        Credentials    [username='myadmin, password=****']
        Result         Successfully targeted http://localhost:9393
        Target         http://localhost:9393
        Timezone used  Greenwich Mean Time (UTC 0:00)
        -------------  -------------------------------------------
      xd:>stream list
      Command failed org.springframework.web.client.HttpClientErrorException: 403 Forbidden
      xd:>stream create --name "t1" --definition "time | log"
      Command failed org.springframework.web.client.HttpClientErrorException: 403 Forbidden
      

      This can be fixed by adding configuration explained in "File based authentication" docs section:

      xd:
        security:
          authentication:
            file:
              enabled: true
              users:
                  myadmin: myadmin, ROLE_VIEW, ROLE_ADMIN, ROLE_CREATE
      

      Following is the problem:

      1. Configuration explained in "Single user authentication" chapter should work out of the box without additional role setup
      2. Docs should be more clear on authorization

        Attachments

          Activity

            People

            Assignee:
            iperumal Ilayaperumal Gopinathan
            Reporter:
            kdowbecki Karol Dowbecki
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: