Details
-
Sub-task
-
Resolution: Done
-
Minor
-
None
-
None
-
None
-
1.20.2021 - 2.12.2021, 2.12.2021 - 2.26.2021, 2.26.2021 - 3.12.2021, 3.12.2021 - 3.26.2021, 3.26.21 - 4.9.21, 4.9.21 - 4.23.21, 4.22.21 - 5.6.21, 5.7.21 - 5.21.21, 5.21.21 - 6.4.21, 6.4.21 - 6.18.21, 6.18.21 - 7.2.21, 7.2.21 - 7.16.21, 7.16.21 - 7.30.21
Description
In order to test you have to have some facility to ensure that EVERY REQUEST includes a header value pair of something like:
REMOTE_USER:admin
(it doesn't have to be admin, it has to be any user in the system). So for local testing, the simplest way to test is to try to go to application URLs like - http://localhost:8080/dashboard/metadata/manager/resolvers
Without the header, you shouldn't be able to get to any of the urls.
With the header, you should be able to do whatever your user is allowed to do (ie for admin, you can do anything).
To include the header in every request, you can try using a browser plugin - ModHeader for Chrome is stupidly easy (though I think you have to open your new tab AFTER you set the header in the extension). At any rate, ModHeader and other similar type plugins should grab every request and stuff whatever you want into every request.
The application.yml file's top lines should be like:
shibui:
|
pac4j-enabled: true |
pac4j:
|
type-of-auth: HEADER
|
authentication-header: USERNAME
|
ALTERNATELY - talk to JJ about the reverse proxy setup which would be what a system user would really have (but realistically should be more or less the same).