Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Added ApiKey/Token authentication #1180

Closed
wants to merge 6 commits into from
Closed

Added ApiKey/Token authentication #1180

wants to merge 6 commits into from

Conversation

dstenger
Copy link
Contributor

Enables authentication via X-API-Key when REST interface is used.

@dstenger dstenger added OGCAPI OGC API standards enhancement enhancement or improvement labels Sep 21, 2021
@tfr42 tfr42 added the rest-api deegree REST API (config) label Jan 21, 2022
@tfr42 tfr42 added the needs rebase PR is not up to date and needs rebase label May 16, 2022
@tfr42 tfr42 added this to the 3.5 milestone Jun 3, 2022
@tfr42 tfr42 removed the needs rebase PR is not up to date and needs rebase label Jun 3, 2022
@copierrj
Copy link
Member

A few small remarks:

  • Documentation is missing.
  • Having a read-only workspace configuration implicitly disables access to the API.
  • ConfigServlet.token is a static field. It should be non static and initialized in the init method.

@stephanr
Copy link
Member

In addition, there is the question of how this should be handled in the context of the existing protection for deegree rest-api.

deegree3/deegree-services/deegree-webservices/src/main/webapp/WEB-INF/web.xml

Lines 78 to 96 in 92ac14c

<security-constraint>
<web-resource-collection>
<web-resource-name>Configuration</web-resource-name>
<url-pattern>/config/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>deegree</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>deegree web configuration API</realm-name>
</login-config>
<security-role>
<description>deegree administrator role</description>
<role-name>deegree</role-name>
</security-role>

@tfr42 tfr42 added the needs discussion requires discussion with contributor label Aug 10, 2022
@tfr42 tfr42 changed the title Implemented ApiKey/Token authentication Added ApiKey/Token authentication Sep 21, 2022
@tfr42 tfr42 mentioned this pull request Nov 21, 2022
Closed
@stephanr stephanr added the CI failing CI build job fails label Nov 23, 2022
stephanr added a commit to gritGmbH/deegree-ogcapi that referenced this pull request Dec 1, 2022
@stephanr
* fix issue deegree#61 temporary by providing class locally instead o…
6f9b800 
…f merging deegree/deegree3#1180 into upstream
@stephanr stephanr mentioned this pull request Dec 21, 2022
Open
@tfr42 tfr42 mentioned this pull request May 11, 2023
Closed
@stephanr stephanr mentioned this pull request May 12, 2023
Merged
@stephanr
Copy link
Member

I am closing this in favor of the reworked #1498

@stephanr stephanr closed this May 12, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
CI failing CI build job fails enhancement enhancement or improvement needs discussion requires discussion with contributor OGCAPI OGC API standards rest-api deegree REST API (config)
Projects
None yet
Milestone
3.5
Development

Successfully merging this pull request may close these issues.
5 participants
@dstenger @copierrj @stephanr @tfr42 @lgoltz