on 05-01-2021 1:48 PM
Hi,
I had been trying to figure out why my @RestController didn't work in my local machine. Why I could not access it. I found out that if I have xsuaa enabled and file default-env.json (where xsuaa is configured), I can not access my @restcontroller path.
It seems that it bind the service. Here is the log:
2021-05-01 19:21:50.411 INFO 8267 --- [ main] c.s.c.f.s.c.auth.XsuaaPropertiesFactory : Using service binding 'demo-uaa-resource' to configure 'xsuaa' properties section
The app is not asking me for user and password at all. So mocking user, as here described won't help: https://cap.cloud.sap/docs/java/security#mock-users
Only if I remove xsuaa configuration from VCAP_SERVICES (default-env.json), the app will ask for user and password.
Removing the xsuaa configuration will prevent my app to bind the xsuaa service.
Here is the log:
2021-05-01 19:44:10.222 INFO 9637 --- [ main] c.s.c.f.s.c.auth.XsuaaPropertiesFactory : No service binding with tag 'xsuaa' found
Is this normal behaviour? How I can I access restcontroller path without removing xsuaa or default-env.json and also without user and password at all?
Thank you.
Hi Edwin,
this sounds like the expected behaviour that is also explained in our documentation like this: https://cap.cloud.sap/docs/java/security#authentication
Quoting from the docs:
Only if both, the library dependencies and a UAA service binding are in place, the CAP Java runtime activates a Spring security configuration, which enforces XSUAA authentication for all endpoints automatically:
This means your custom REST endpoints are currently also protected using XSUAA authentication. You should be able to access them with a proper XSUAA JWT token.
The same behaviour is also applied for our mock-user configuration, which is activated when no XSUAA binding is available.
In case you want to change this behaviour you have two options, both of which are also described in our docs:
1. Follow the description in the docs to customize your Spring Boot security configuration, by adding an additional configuration on top of the one provided by CAP: https://cap.cloud.sap/docs/java/security#spring-boot -> Customizing Spring Boot Security Configuration
2. Set the property "cds.security.authenticateUnknownEndpoints" to "false" in application.yaml to prevent CAPs auto-configuration to include non-CAP managed endpoints. You are completely responsible for authentication your custom endpoints in that case.
Best regards,
Marc
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marc,
Thank you for your guidance. I've just realised that I should write a destination in order to forward the token.
Thank you!
Edwin
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alexander,
sorry it was copy paste error.
here are the correct pom files: pom.xml, srv-pom.xml
I tried with the latest cloud sdk. No Luck.
I updated the xsuaa. No Luck.
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>xsuaa-spring-boot-starter</artifactId>
<version>2.8.12</version>
</dependency>
I think the issue is related to xsuaa.
Thank you Alexander. I will wait for CAP team response.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Johannes,
my version: 3.38.0
<properties>
<!-- OUR VERSION -->
<revision>1.0.0-SNAPSHOT</revision>
<!-- DEPENDENCIES VERSION -->
<jdk.version>1.8</jdk.version>
<cds.services.version>1.13.1</cds.services.version>
<spring.boot.version>2.4.1</spring.boot.version>
<cloud.sdk.version>3.38.0</cloud.sdk.version>
<node.version>v12.16.2</node.version>
</properties>
<!-- MANAGE Spring XSUAA Library, because of Spring 2.4 incompatible version in Cloud SDK BOM -->
<dependency>
<groupId>com.sap.cloud.security.xsuaa</groupId>
<artifactId>xsuaa-spring-boot-starter</artifactId>
<version>2.8.1</version>
</dependency>
I also tried with 3.43.0. Same issue.
pom.xml
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Edwin,
The pom.xml is strangely formatted, are you sure it's a POM and not a word document?
I'm from the SAP Cloud SDK team, like Johannes. I can't see the relation to our library. we do not control authorization flow to inbound requests. Please let me know, in case you find a log message indicating an issue with the Cloud SDK. But since you seem to have focused your project setup according to SAP CAP, to me this looks like a configuration issue that can be solved by CAP team. You correctly chose the corresponding tag in this question. Let's wait for their response.
User | Count |
---|---|
89 | |
10 | |
9 | |
9 | |
9 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.