on 05-01-2021 1:48 PM
Hi,
I had been trying to figure out why my @RestController didn't work in my local machine. Why I could not access it. I found out that if I have xsuaa enabled and file default-env.json (where xsuaa is configured), I can not access my @restcontroller path.
It seems that it bind the service. Here is the log:
2021-05-01 19:21:50.411 INFO 8267 --- [ main] c.s.c.f.s.c.auth.XsuaaPropertiesFactory : Using service binding 'demo-uaa-resource' to configure 'xsuaa' properties section
The app is not asking me for user and password at all. So mocking user, as here described won't help: https://cap.cloud.sap/docs/java/security#mock-users
Only if I remove xsuaa configuration from VCAP_SERVICES (default-env.json), the app will ask for user and password.
Removing the xsuaa configuration will prevent my app to bind the xsuaa service.
Here is the log:
2021-05-01 19:44:10.222 INFO 9637 --- [ main] c.s.c.f.s.c.auth.XsuaaPropertiesFactory : No service binding with tag 'xsuaa' found
Is this normal behaviour? How I can I access restcontroller path without removing xsuaa or default-env.json and also without user and password at all?
Thank you.
Hi Edwin,
this sounds like the expected behaviour that is also explained in our documentation like this: https://cap.cloud.sap/docs/java/security#authentication
Quoting from the docs:
Only if both, the library dependencies and a UAA service binding are in place, the CAP Java runtime activates a Spring security configuration, which enforces XSUAA authentication for all endpoints automatically:
This means your custom REST endpoints are currently also protected using XSUAA authentication. You should be able to access them with a proper XSUAA JWT token.
The same behaviour is also applied for our mock-user configuration, which is activated when no XSUAA binding is available.
In case you want to change this behaviour you have two options, both of which are also described in our docs:
1. Follow the description in the docs to customize your Spring Boot security configuration, by adding an additional configuration on top of the one provided by CAP: https://cap.cloud.sap/docs/java/security#spring-boot -> Customizing Spring Boot Security Configuration
2. Set the property "cds.security.authenticateUnknownEndpoints" to "false" in application.yaml to prevent CAPs auto-configuration to include non-CAP managed endpoints. You are completely responsible for authentication your custom endpoints in that case.
Best regards,
Marc
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
9 | |
9 | |
7 | |
7 | |
7 | |
6 | |
5 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.