How do you disable auth on kie-server entirely?
497 views
Skip to first unread message
NullVoxPopuli
Apr 20, 2018, 4:26:16 PM4/20/18
to Drools Setup
My kie-server isn't going to be connected to the internet, and I'd like to be able to access it without performing basic auth.
I'm using the kie-server-showcase docker image. Is there an easy configuration to set up no-auth?
I'm using the kie-server-showcase docker image. Is there an easy configuration to set up no-auth?
Maciej Swiderski
Apr 23, 2018, 2:43:44 AM4/23/18
to drools...@googlegroups.com
authentication is enabled by default - if you would like to turn that off you would have to change web.xml of kie-server web app and remove security constraing configuration from it. But keep in mind that at least for jBPM part it does make use of authentication context to provide user name and user groups to the engine. If your turn off authentication you will have to change the mechanism that deals with user groups - so called UserGroupCallback
Maciej
On 20 Apr 2018, at 22:26, NullVoxPopuli <lt....@gmail.com> wrote:
My kie-server isn't going to be connected to the internet, and I'd like to be able to access it without performing basic auth.
I'm using the kie-server-showcase docker image. Is there an easy configuration to set up no-auth?
--
You received this message because you are subscribed to the Google Groups "Drools Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to drools-setup...@googlegroups.com.
To post to this group, send email to drools...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/drools-setup/7d914509-30fe-431a-a8b7-c51d0fe1ca5b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
NullVoxPopuli
Apr 23, 2018, 8:39:22 AM4/23/18
to Drools Setup
well, I want to manage everything via API, so auth shouldn't be needed -- I'll assign users a different way or something.
user < public network > API Service < private network > Kie Server <-> JBPM
user < public network > API Service < private network > Kie Server <-> JBPM
Maciej Swiderski
Apr 23, 2018, 9:04:13 AM4/23/18
to drools...@googlegroups.com
for this cases usually having a single user (kind of system user) to still authenticate but then use system property on kie server:
-Dorg.kie.server.bypass.auth.user=true
to not authenticate per each request/user but rely on information from context. This still requires change for UserGroupCallback
maciej
To view this discussion on the web visit https://groups.google.com/d/msgid/drools-setup/4ab8e3bc-4c19-42dd-859e-c15546ca5e7e%40googlegroups.com.
NullVoxPopuli
Apr 30, 2018, 8:09:18 AM4/30/18
to Drools Setup
How do I configure the UserGroupCallback? it doesn't already exist in the showcase example
Maciej Swiderski
May 2, 2018, 5:31:02 AM5/2/18
to drools...@googlegroups.com
you can do that via ssytem properties (JAVA_OPTS), see description here https://github.com/kiegroup/jbpm/blob/master/jbpm-runtime-manager/src/main/java/org/jbpm/runtime/manager/impl/identity/UserDataServiceProvider.java#L40
Maciej
On 30 Apr 2018, at 14:09, NullVoxPopuli <lt....@gmail.com> wrote:
How do I configure the UserGroupCallback? it doesn't already exist in the showcase example
--
You received this message because you are subscribed to the Google Groups "Drools Setup" group.
To unsubscribe from this group and stop receiving emails from it, send an email to drools-setup...@googlegroups.com.
To post to this group, send email to drools...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/drools-setup/db405dd3-b520-4ed0-8636-31c9ae7d6fb9%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages