My SecurityAdapter:
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception
{
var authManager = auth.inMemoryAuthentication();
for (var user : userConfiguration.getUsers()) {
authManager.withUser(user.getName())
.password("{noop}" + user.getPassword())
.roles(user.getRole());
}
}
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception
{
// @formatter:off
httpSecurity
.csrf()
.disable()
.authorizeRequests()
.antMatchers(HttpMethod.GET).permitAll()
.anyRequest()
.authenticated()
.and()
.httpBasic()
.and()
.exceptionHandling()
.authenticationEntryPoint(authenticationEntryPoint());
// @formatter:on
}
in application.yml i have this security config;
security:
users:
- name: someUser
password: somepwd
role: someAdmin
- name: ...
my krakend.json
{
"$schema": "https://www.krakend.io/schema/v3.json",
"version": 3,
"port": 9000,
"timeout": "300000s",
"cache_ttl": "4000s",
"extra_config": {
"router": {
"return_error_msg": true
}
},
"endpoints": [
{
"@comment": "Feature: POST boards with basic authentification",
"endpoint": "/apps",
"output_encoding": "no-op",
"method": "POST",
"backend": [
{
"host": [
"http://ipaddress:4603"
],
"method": "POST",
"url_pattern": "/apps",
"extra_config": {
"modifier/martian": {
"body.Modifier": {
"scope": [
"request"
],
"@comment": "Send a {'msg':'you rock!'}",
"body": "Ym9hcm......"
}
}
}
}
]
...
i got a:
{
"errors": [
{
"status": 401,
"title": "UNAUTHORIZED",
"detail": "Full authentication is required to access this resource. Missing Authorization Key im Header."
}
]
}
but when i called the api directly with the encryption in base64 it works. In apigateway with krakend, according to the docu https://www.krakend.io/docs/enterprise/authentication/basic-authentication/
i have to use bcrypt
Not sure what you are trying to do here, but:
auth/basic component is correct. This is an enterprise functionality (as it shows in the URL), so not sure why you ask in Stack overflow rather than using their support if you are already paying for this.