Togglz Admin Console - Authentication

[Rajan Veeramani]

Hi,

I'm new to togglz and evalutaing it for our new project. Having an admin console to enbale/disable functionalities is great, but it looks like anyone can access the admin console.

Is there an authentication service available to acess the admin console itslef? So that not everyone can modify the functionalities that are available.

[Christian Kaltepoth]

Sure, you have to provide a UserProvider. The implementation of this interface is responsible for telling Togglz about the current user. Togglz ships with some default implementations and there are modules providing integration with popular security frameworks like Shiro, Spring Security, etc.

See this page for details:

http://www.togglz.org/documentation/authentication.html

Christian

--

Christian Kaltepoth

Blog: http://blog.kaltepoth.de/

Twitter: http://twitter.com/chkal

GitHub: https://github.com/chkal

[Rajan Veeramani]

Hi Chris,

My Question was about how can i restrict the access to the admin console

http://localhost:9443/myapp/togglz/index

Right now anyone can access this adminconsole and disable or enable the feature. If I only want the admin or a business person to decide which functionality to go to production. How can i do that? Does the Admin console come with a Login Page where the admin can enter his credentials that will allow him to modify the features?

Thanks,

Rajan

[Christian Kaltepoth]

Please see the second sentence on the page I mentioned. It says:

The two most important reasons for [implementing a UserProvider] are:

• Features can be enabled only for specific users using the Username strategy.
• Togglz needs to know which users should be allowed to use the Togglz Admin Console.

So if you implement a UserProvider, you can control whether the "current user" can use the Admin Console by returning true|false from FeatureUser.isFeatureAdmin().

Christian

[Hema]

We are trying make Togglz admin console secure. Bit confused on how to implement Userprovider for spring boot app. Code is in SecureConsole Branch and you can clone from here. https://github.com/hkonki/TogglzDemo.git  Can you please point out what was wrong there? It seems like some security got enabled as togglz-console gives us 403. But not sure which user to specify and how?

Please help us.

[Christian Kaltepoth]

I'm not familiar with setting up Spring Security in a Spring Boot environment. But you configured Togglz so that only users with the role "ADMIN" are allowed to access the console. But it looks like there is no login page, so I guess you didn't authenticate yourself correctly, correct? I guess you will have to setup Spring Security completely which also means you need some kind of login page...

[vivekanand kolangade]

Hi Christian, I am trying to disable the togglz console but even after adding "togglz.console.enabled: false", the admin console gets opened. Can you please let me know how to disable the admin console?