Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support outbound security in MP when outside of secured scope #2548

Closed
tomas-langer opened this issue Nov 25, 2020 · 0 comments · Fixed by #2549
Closed

Support outbound security in MP when outside of secured scope #2548

tomas-langer opened this issue Nov 25, 2020 · 0 comments · Fixed by #2549
Assignees
@tomas-langer
Labels
MP P3 security

Comments

@tomas-langer
Copy link
Member

tomas-langer commented Nov 25, 2020
edited by barchetta
Loading

Helidon 2.x

When a request to a REST client or JAX-RS client is invoked from a non-secured context (such as when using unsecured messaging), outbound security is ignored, even when explicitly configured (such as an explicit username/password for basic authentication outbound target).

Example outbound config that should work regardless of current subject:

security:
  providers:
  - http-basic-auth:
      users:
      - login: "john"
        password: "password"
        roles: ["admin"]
      outbound:
      - name: "internal"
        hosts: ["localhost"]
        username: "internal-user"
        password: "XXX"

In MP, we should use the security configured in CDI to do outbound for unsecured requests (or invocations that do not have a Helidon Context available).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomas-langer tomas-langer

Labels
MP P3 security
Projects
Backlog
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Global context and its use in Security tomas-langer/helidon
1 participant
@tomas-langer