Generator-jhipster: [Feature] option to skip authentication

Created on 24 Dec 2016  路  5Comments  路  Source: jhipster/generator-jhipster
Overview of the issue

I tried creating a jhipster app without user management but it still asks for login credentials. In spite of using --skip-user-management , the yo man still asks which is the authentication mechanism needed and on selecting one of the three, it generates code but fails to Login - as against the expectation that it should not even ask for logging-in.

Motivation for or Use Case

I was trying to protect a jHipster generated app with an external Identity / oAuth2 Server - KeyCloack

Explain why this is a bug for you
  1. The expectation was that, on booting the application, it directly takes me to home page - as if I am already logged-in.
Reproduce the error

yo jhipster --skip-user-management
It fails to boot & complains there are no user management related CSV exist etc.

Related issues


jHipster internal - #2811

Suggest a Fix

Option 1 : This is a useful feature for people wanting to use external identity management solutions or Ldap / Active Directory etc. Please see if it is possible to make it such that directly home page "as-if a user is already logged in" appears. (May be, with a .permitall() in SecurityConfig.) Or, another yo man option like - 'I want to Use and External Authentication Mechanism' -- in lieu of --skip-user-management hidden hint.
Option 2 : If it is not so easily resolvable, and if skip-user-management is an internal command for doing micro services, then removing the option from publicly available commands (to the end-users) is also a suggested fix :-)

JHipster Version(s)
[email protected] D:\CFEmicro\resource5
`-- [email protected]
JHipster configuration, a .yo-rc.json file generated in the root folder
{
  "generator-jhipster": {
    "jhipsterVersion": "3.12.2",
    "baseName": "resource5",
    "packageName": "com.sysapps.resource",
    "packageFolder": "com/sysapps/resource",
    "serverPort": "8080",
    "authenticationType": "oauth2",
    "hibernateCache": "ehcache",
    "clusteredHttpSession": false,
    "websocket": false,
    "databaseType": "sql",
    "devDatabaseType": "h2Disk",
    "prodDatabaseType": "mysql",
    "searchEngine": false,
    "messageBroker": false,
    "buildTool": "maven",
    "enableSocialSignIn": false,
    "useSass": false,
    "applicationType": "monolith",
    "testFrameworks": [
      "gatling"
    ],
    "jhiPrefix": "jhi",
    "skipUserManagement": true,
    "enableTranslation": false
  }
}
Entity configuration(s) entityName.json files generated in the .jhipster directory

Foo.json

{
    "fluentMethods": true,
    "relationships": [],
    "fields": [
        {
            "fieldName": "fooname",
            "fieldType": "String"
        }
    ],
    "changelogDate": "20161224174706",
    "dto": "no",
    "service": "no",
    "entityTableName": "foo",
    "pagination": "no"
}
Browsers and Operating System

java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

git version 2.7.0.windows.1

node: v6.9.1

npm: 3.8.0

bower: 1.8.0

gulp:
[23:38:02] CLI version 1.2.2
[23:38:02] Local version 3.9.1

yeoman: 1.8.5

Browsers and Operating System


Windows7

area
Source
picture sanketrk

All 5 comments

The purpose of the flag is to skip the user management screen and not authentication. we do not provide an option to skip authentication hence this is not a bug but a feature request.
I'm not in favor of such an option as it ads additional maintenance burden for us. Anyway i'll leave the ticket open for other team members to add their opinion

deepu105 picture deepu105 on 24 Dec 2016

Yes, it just removes the user management code, not the security.
We don't have an option to remove the security: if you need such a basic setup, then either remove our security config (delete the security config bean), or don't use JHipster. If you don't want any UI or security, basically you have a very simple need, so go with Spring Initializer, which will basically just give you a very simple pom.xml.

jdubois picture jdubois on 25 Dec 2016
👎8

I generated a server app (using version 4.9.0) using the following command with default JWT security: jhipster --skip-client --with-entities --skip-user-management

Now, I can call my api's directly (from a rest client such as postman), without providing any Authorization header (aka the JWT token). Essentially, security is disabled.

But per the above discussion, by using --skip-user-management, security should still be there.

What am I missing here? Can someone please shed some light on what's going on?

Alan-CS picture Alan-CS on 14 Nov 2017

Why are you commenting on an old issue? Please use StackOverflow, this looks like an interesting question.

jdubois picture jdubois on 14 Nov 2017

Thanks, asked the question on Stack Overflow. Please click here.

Alan-CS picture Alan-CS on 14 Nov 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

marcelinobadin picture marcelinobadin  路  3Comments
SudharakaP picture SudharakaP  路  3Comments
chegola picture chegola  路  4Comments
sdoxsee picture sdoxsee  路  4Comments
kaidohallik picture kaidohallik  路  3Comments