From 524e3f8db5342533739e9aae3cfe6490b163fbd2 Mon Sep 17 00:00:00 2001 From: Andrea Tabone Date: Thu, 19 Dec 2024 17:14:23 +0100 Subject: [PATCH 1/9] make native default provider Signed-off-by: Andrea Tabone --- .../src/main/resources/bin/start.sh | 2 +- .../common/auth/saf/SafResourceAccessConfig.java | 14 ++++---------- gateway-package/src/main/resources/bin/start.sh | 2 +- zaas-package/src/main/resources/bin/start.sh | 2 +- 4 files changed, 7 insertions(+), 13 deletions(-) diff --git a/api-catalog-package/src/main/resources/bin/start.sh b/api-catalog-package/src/main/resources/bin/start.sh index 793f58a4c1..4d83cf75a4 100755 --- a/api-catalog-package/src/main/resources/bin/start.sh +++ b/api-catalog-package/src/main/resources/bin/start.sh @@ -269,7 +269,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CATALOG_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.discovery.staticApiDefinitionsDirectories=${ZWE_STATIC_DEFINITIONS_DIR} \ -Dapiml.security.ssl.verifySslCertificatesOfServices=${verifySslCertificatesOfServices:-false} \ -Dapiml.security.ssl.nonStrictVerifySslCertificatesOfServices=${nonStrictVerifySslCertificatesOfServices:-false} \ - -Dapiml.security.authorization.provider=${ZWE_components_gateway_apiml_security_authorization_provider:-} \ + -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_components_gateway_apiml_security_authorization_endpoint_enabled:-false} \ -Dapiml.security.authorization.endpoint.url=${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port}/zss/api/v1/saf-auth"} \ -Dapiml.security.authorization.resourceClass=${ZWE_components_gateway_apiml_security_authorization_resourceClass:-ZOWE} \ diff --git a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java index f6f4c8902f..aa43c71942 100644 --- a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java +++ b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java @@ -31,7 +31,7 @@ public class SafResourceAccessConfig { private static final String[] PROVIDERS = new String[] { ENDPOINT, NATIVE, DUMMY }; - @Value("${apiml.security.authorization.provider:}") + @Value("${apiml.security.authorization.provider:native}") private String provider; @Value("${apiml.security.authorization.endpoint.enabled:false}") @@ -49,10 +49,10 @@ protected SafResourceAccessVerifying createDummy() throws IOException { return new SafResourceAccessDummy(); } - private SafResourceAccessVerifying create(RestTemplate restTemplate,AuthConfigurationProperties authConfigurationProperties, String type, boolean force) { + private SafResourceAccessVerifying create(RestTemplate restTemplate,AuthConfigurationProperties authConfigurationProperties, String type) { switch (StringUtils.lowerCase(type)) { case ENDPOINT: - if (endpointEnabled || force) { + if (endpointEnabled) { return createEndpoint(restTemplate, authConfigurationProperties); } return null; @@ -81,14 +81,8 @@ private SafResourceAccessVerifying create(RestTemplate restTemplate,AuthConfigur @Bean public SafResourceAccessVerifying safResourceAccessVerifying(RestTemplate restTemplate, AuthConfigurationProperties authConfigurationProperties) { if (!StringUtils.isEmpty(provider)) { - return create(restTemplate, authConfigurationProperties, provider, true); + return create(restTemplate, authConfigurationProperties, provider); } - - for (String type : PROVIDERS) { - SafResourceAccessVerifying srv = create(restTemplate, authConfigurationProperties, type, false); - if (srv != null) return srv; - } - return null; } diff --git a/gateway-package/src/main/resources/bin/start.sh b/gateway-package/src/main/resources/bin/start.sh index 597d142a8b..226d481785 100755 --- a/gateway-package/src/main/resources/bin/start.sh +++ b/gateway-package/src/main/resources/bin/start.sh @@ -313,7 +313,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.auth.passticket.customAuthHeader=${ZWE_configs_apiml_security_auth_passticket_customAuthHeader:-} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_configs_apiml_security_authorization_endpoint_enabled:-false} \ -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-} \ - -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-} \ + -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-native} \ -Dapiml.zoweManifest=${ZWE_zowe_runtimeDirectory}/manifest.json \ -Dapiml.gateway.cachePeriodSec=${ZWE_configs_apiml_gateway_registry_cachePeriodSec:-120} \ -Dapiml.gateway.registry.enabled=${ZWE_configs_apiml_gateway_registry_enabled:-false} \ diff --git a/zaas-package/src/main/resources/bin/start.sh b/zaas-package/src/main/resources/bin/start.sh index a7872940e4..266f8415d4 100755 --- a/zaas-package/src/main/resources/bin/start.sh +++ b/zaas-package/src/main/resources/bin/start.sh @@ -338,7 +338,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${ZAAS_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.x509.externalMapperUser=${ZWE_configs_apiml_security_x509_externalMapperUser:-${ZWE_components_gateway_apiml_security_x509_externalMapperUser:-${ZWE_zowe_setup_security_users_zowe:-ZWESVUSR}}} \ -Dapiml.security.x509.acceptForwardedCert=${ZWE_configs_apiml_security_x509_enabled:-${ZWE_components_gateway_apiml_security_x509_enabled:-${ZWE_components_gateway_apiml_security_x509_enabled:-true}}} \ -Dapiml.security.x509.certificatesUrls=${CERTIFICATES_URLS} \ - -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-}} \ + -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_configs_apiml_security_authorization_endpoint_enabled:-${ZWE_components_gateway_apiml_security_authorization_endpoint_enabled:-false}} \ -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf-auth"}} \ -Dapiml.security.saf.provider=${ZWE_configs_apiml_security_saf_provider:-${ZWE_components_gateway_apiml_security_saf_provider:-"rest"}} \ From d1959835e65535713f00e277146752b1670877a3 Mon Sep 17 00:00:00 2001 From: Andrea Tabone Date: Thu, 19 Dec 2024 19:09:17 +0100 Subject: [PATCH 2/9] make native default provider Signed-off-by: Andrea Tabone --- .../security/common/auth/saf/SafResourceAccessConfig.java | 8 +++++++- .../common/auth/saf/SafResourceAccessConfigTest.java | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java index aa43c71942..42e9e74119 100644 --- a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java +++ b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java @@ -29,7 +29,7 @@ public class SafResourceAccessConfig { private static final String NATIVE = "native"; private static final String DUMMY = "dummy"; - private static final String[] PROVIDERS = new String[] { ENDPOINT, NATIVE, DUMMY }; + private static final String[] PROVIDERS = new String[] { NATIVE, ENDPOINT, DUMMY }; @Value("${apiml.security.authorization.provider:native}") private String provider; @@ -83,6 +83,12 @@ public SafResourceAccessVerifying safResourceAccessVerifying(RestTemplate restTe if (!StringUtils.isEmpty(provider)) { return create(restTemplate, authConfigurationProperties, provider); } + + for (String type : PROVIDERS) { + SafResourceAccessVerifying srv = create(restTemplate, authConfigurationProperties, type); + if (srv != null) return srv; + } + return null; } diff --git a/apiml-security-common/src/test/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfigTest.java b/apiml-security-common/src/test/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfigTest.java index 5c2723ffb4..e27a7b5b7f 100644 --- a/apiml-security-common/src/test/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfigTest.java +++ b/apiml-security-common/src/test/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfigTest.java @@ -37,7 +37,7 @@ private SafResourceAccessVerifying getSafResourceAccessConfig( SafResourceAccessConfig output = new SafResourceAccessConfigMock(endpointAvailable, nativeAvailable, dummyAvailable); ReflectionTestUtils.setField(output, "provider", provider); ReflectionTestUtils.setField(output, "endpointEnabled", endpointEnabled); - return output.safResourceAccessVerifying(restTemplate,authConfigurationProperties); + return output.safResourceAccessVerifying(restTemplate, authConfigurationProperties); } @Test From cab77137f738d9f9d261fcd5c222cc39538ace62 Mon Sep 17 00:00:00 2001 From: Andrea Tabone Date: Fri, 20 Dec 2024 08:50:52 +0100 Subject: [PATCH 3/9] revert Signed-off-by: Andrea Tabone --- .../security/common/auth/saf/SafResourceAccessConfig.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java index 42e9e74119..3139a5aed3 100644 --- a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java +++ b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java @@ -49,10 +49,10 @@ protected SafResourceAccessVerifying createDummy() throws IOException { return new SafResourceAccessDummy(); } - private SafResourceAccessVerifying create(RestTemplate restTemplate,AuthConfigurationProperties authConfigurationProperties, String type) { + private SafResourceAccessVerifying create(RestTemplate restTemplate,AuthConfigurationProperties authConfigurationProperties, String type, boolean force) { switch (StringUtils.lowerCase(type)) { case ENDPOINT: - if (endpointEnabled) { + if (endpointEnabled || force) { return createEndpoint(restTemplate, authConfigurationProperties); } return null; @@ -81,11 +81,11 @@ private SafResourceAccessVerifying create(RestTemplate restTemplate,AuthConfigur @Bean public SafResourceAccessVerifying safResourceAccessVerifying(RestTemplate restTemplate, AuthConfigurationProperties authConfigurationProperties) { if (!StringUtils.isEmpty(provider)) { - return create(restTemplate, authConfigurationProperties, provider); + return create(restTemplate, authConfigurationProperties, provider, true); } for (String type : PROVIDERS) { - SafResourceAccessVerifying srv = create(restTemplate, authConfigurationProperties, type); + SafResourceAccessVerifying srv = create(restTemplate, authConfigurationProperties, type, false); if (srv != null) return srv; } From e7f8c07edd62770d61f5d5bf1024119ea89b4b6a Mon Sep 17 00:00:00 2001 From: Andrea Tabone Date: Fri, 20 Dec 2024 09:15:11 +0100 Subject: [PATCH 4/9] fix tests Signed-off-by: Andrea Tabone --- .../apiml/security/common/auth/saf/SafResourceAccessConfig.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java index 3139a5aed3..72b21a2cb4 100644 --- a/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java +++ b/apiml-security-common/src/main/java/org/zowe/apiml/security/common/auth/saf/SafResourceAccessConfig.java @@ -31,7 +31,7 @@ public class SafResourceAccessConfig { private static final String[] PROVIDERS = new String[] { NATIVE, ENDPOINT, DUMMY }; - @Value("${apiml.security.authorization.provider:native}") + @Value("${apiml.security.authorization.provider:}") private String provider; @Value("${apiml.security.authorization.endpoint.enabled:false}") From 66c31065fad719342c2785b7b59d89f3f02ba3b5 Mon Sep 17 00:00:00 2001 From: Andrea Tabone Date: Fri, 20 Dec 2024 10:28:08 +0100 Subject: [PATCH 5/9] address comment Signed-off-by: Andrea Tabone --- gateway-package/src/main/resources/bin/start.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gateway-package/src/main/resources/bin/start.sh b/gateway-package/src/main/resources/bin/start.sh index 226d481785..cb9690a354 100755 --- a/gateway-package/src/main/resources/bin/start.sh +++ b/gateway-package/src/main/resources/bin/start.sh @@ -312,7 +312,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.auth.passticket.customUserHeader=${ZWE_configs_apiml_security_auth_passticket_customUserHeader:-} \ -Dapiml.security.auth.passticket.customAuthHeader=${ZWE_configs_apiml_security_auth_passticket_customAuthHeader:-} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_configs_apiml_security_authorization_endpoint_enabled:-false} \ - -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-} \ + -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf-auth"}} \ -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-native} \ -Dapiml.zoweManifest=${ZWE_zowe_runtimeDirectory}/manifest.json \ -Dapiml.gateway.cachePeriodSec=${ZWE_configs_apiml_gateway_registry_cachePeriodSec:-120} \ From 9b90314ab996e51d8bae3994fcd7d75831163060 Mon Sep 17 00:00:00 2001 From: Andrea Tabone Date: Fri, 20 Dec 2024 11:23:38 +0100 Subject: [PATCH 6/9] attempt Signed-off-by: Andrea Tabone --- api-catalog-package/src/main/resources/bin/start.sh | 2 +- zaas-package/src/main/resources/bin/start.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/api-catalog-package/src/main/resources/bin/start.sh b/api-catalog-package/src/main/resources/bin/start.sh index 4d83cf75a4..8c67e0e431 100755 --- a/api-catalog-package/src/main/resources/bin/start.sh +++ b/api-catalog-package/src/main/resources/bin/start.sh @@ -269,7 +269,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CATALOG_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.discovery.staticApiDefinitionsDirectories=${ZWE_STATIC_DEFINITIONS_DIR} \ -Dapiml.security.ssl.verifySslCertificatesOfServices=${verifySslCertificatesOfServices:-false} \ -Dapiml.security.ssl.nonStrictVerifySslCertificatesOfServices=${nonStrictVerifySslCertificatesOfServices:-false} \ - -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}} \ + -Dapiml.security.authorization.provider="${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}}" \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_components_gateway_apiml_security_authorization_endpoint_enabled:-false} \ -Dapiml.security.authorization.endpoint.url=${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port}/zss/api/v1/saf-auth"} \ -Dapiml.security.authorization.resourceClass=${ZWE_components_gateway_apiml_security_authorization_resourceClass:-ZOWE} \ diff --git a/zaas-package/src/main/resources/bin/start.sh b/zaas-package/src/main/resources/bin/start.sh index 266f8415d4..328916c12b 100755 --- a/zaas-package/src/main/resources/bin/start.sh +++ b/zaas-package/src/main/resources/bin/start.sh @@ -338,7 +338,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${ZAAS_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.x509.externalMapperUser=${ZWE_configs_apiml_security_x509_externalMapperUser:-${ZWE_components_gateway_apiml_security_x509_externalMapperUser:-${ZWE_zowe_setup_security_users_zowe:-ZWESVUSR}}} \ -Dapiml.security.x509.acceptForwardedCert=${ZWE_configs_apiml_security_x509_enabled:-${ZWE_components_gateway_apiml_security_x509_enabled:-${ZWE_components_gateway_apiml_security_x509_enabled:-true}}} \ -Dapiml.security.x509.certificatesUrls=${CERTIFICATES_URLS} \ - -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}} \ + -Dapiml.security.authorization.provider="${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}}" \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_configs_apiml_security_authorization_endpoint_enabled:-${ZWE_components_gateway_apiml_security_authorization_endpoint_enabled:-false}} \ -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf-auth"}} \ -Dapiml.security.saf.provider=${ZWE_configs_apiml_security_saf_provider:-${ZWE_components_gateway_apiml_security_saf_provider:-"rest"}} \ From 49ba24708493b7335803ddd216cbd7249685269a Mon Sep 17 00:00:00 2001 From: Andrea Tabone Date: Fri, 20 Dec 2024 17:22:35 +0100 Subject: [PATCH 7/9] attempt Signed-off-by: Andrea Tabone --- api-catalog-package/src/main/resources/bin/start.sh | 2 +- gateway-package/src/main/resources/bin/start.sh | 2 +- zaas-package/src/main/resources/bin/start.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/api-catalog-package/src/main/resources/bin/start.sh b/api-catalog-package/src/main/resources/bin/start.sh index 8c67e0e431..54180eab6b 100755 --- a/api-catalog-package/src/main/resources/bin/start.sh +++ b/api-catalog-package/src/main/resources/bin/start.sh @@ -269,7 +269,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${CATALOG_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.discovery.staticApiDefinitionsDirectories=${ZWE_STATIC_DEFINITIONS_DIR} \ -Dapiml.security.ssl.verifySslCertificatesOfServices=${verifySslCertificatesOfServices:-false} \ -Dapiml.security.ssl.nonStrictVerifySslCertificatesOfServices=${nonStrictVerifySslCertificatesOfServices:-false} \ - -Dapiml.security.authorization.provider="${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}}" \ + -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-"native"}} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_components_gateway_apiml_security_authorization_endpoint_enabled:-false} \ -Dapiml.security.authorization.endpoint.url=${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port}/zss/api/v1/saf-auth"} \ -Dapiml.security.authorization.resourceClass=${ZWE_components_gateway_apiml_security_authorization_resourceClass:-ZOWE} \ diff --git a/gateway-package/src/main/resources/bin/start.sh b/gateway-package/src/main/resources/bin/start.sh index cb9690a354..f723f3c467 100755 --- a/gateway-package/src/main/resources/bin/start.sh +++ b/gateway-package/src/main/resources/bin/start.sh @@ -313,7 +313,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${GATEWAY_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.auth.passticket.customAuthHeader=${ZWE_configs_apiml_security_auth_passticket_customAuthHeader:-} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_configs_apiml_security_authorization_endpoint_enabled:-false} \ -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf-auth"}} \ - -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-native} \ + -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-"native"} \ -Dapiml.zoweManifest=${ZWE_zowe_runtimeDirectory}/manifest.json \ -Dapiml.gateway.cachePeriodSec=${ZWE_configs_apiml_gateway_registry_cachePeriodSec:-120} \ -Dapiml.gateway.registry.enabled=${ZWE_configs_apiml_gateway_registry_enabled:-false} \ diff --git a/zaas-package/src/main/resources/bin/start.sh b/zaas-package/src/main/resources/bin/start.sh index 328916c12b..88b0e42e59 100755 --- a/zaas-package/src/main/resources/bin/start.sh +++ b/zaas-package/src/main/resources/bin/start.sh @@ -338,7 +338,7 @@ _BPX_JOBNAME=${ZWE_zowe_job_prefix}${ZAAS_CODE} ${JAVA_BIN_DIR}java \ -Dapiml.security.x509.externalMapperUser=${ZWE_configs_apiml_security_x509_externalMapperUser:-${ZWE_components_gateway_apiml_security_x509_externalMapperUser:-${ZWE_zowe_setup_security_users_zowe:-ZWESVUSR}}} \ -Dapiml.security.x509.acceptForwardedCert=${ZWE_configs_apiml_security_x509_enabled:-${ZWE_components_gateway_apiml_security_x509_enabled:-${ZWE_components_gateway_apiml_security_x509_enabled:-true}}} \ -Dapiml.security.x509.certificatesUrls=${CERTIFICATES_URLS} \ - -Dapiml.security.authorization.provider="${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-native}}" \ + -Dapiml.security.authorization.provider=${ZWE_configs_apiml_security_authorization_provider:-${ZWE_components_gateway_apiml_security_authorization_provider:-"native"}} \ -Dapiml.security.authorization.endpoint.enabled=${ZWE_configs_apiml_security_authorization_endpoint_enabled:-${ZWE_components_gateway_apiml_security_authorization_endpoint_enabled:-false}} \ -Dapiml.security.authorization.endpoint.url=${ZWE_configs_apiml_security_authorization_endpoint_url:-${ZWE_components_gateway_apiml_security_authorization_endpoint_url:-"${internalProtocol:-https}://${ZWE_haInstance_hostname:-localhost}:${ZWE_components_gateway_port:-7554}/zss/api/v1/saf-auth"}} \ -Dapiml.security.saf.provider=${ZWE_configs_apiml_security_saf_provider:-${ZWE_components_gateway_apiml_security_saf_provider:-"rest"}} \ From 15166cee3856312866f64fdf74fadfc5ea5b7141 Mon Sep 17 00:00:00 2001 From: ac892247 Date: Fri, 3 Jan 2025 10:23:09 +0100 Subject: [PATCH 8/9] use endpoint for saf auth provider when native is not available Signed-off-by: ac892247 --- .../src/test/resources/environment-configuration.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/integration-tests/src/test/resources/environment-configuration.yml b/integration-tests/src/test/resources/environment-configuration.yml index c9b9abf13d..99394fee18 100644 --- a/integration-tests/src/test/resources/environment-configuration.yml +++ b/integration-tests/src/test/resources/environment-configuration.yml @@ -106,5 +106,6 @@ instanceEnv: ZWE_configs_apiml_security_auth_passticket_customUserHeader: customUserHeader ZWE_configs_apiml_security_auth_passticket_customAuthHeader: customPassticketHeader ZWE_configs_apiml_health_protected: false + ZWE_components_gateway_apiml_security_authorization_provider: endpoint # set the value to "authentication" if you want to test the sticky session load balancing APIML_SERVICE_CUSTOMMETADATA_APIML_LB_TYPE: headerRequest From 1c0781beaead19b9e5df7ff38602796674a95a23 Mon Sep 17 00:00:00 2001 From: ac892247 Date: Fri, 3 Jan 2025 10:24:21 +0100 Subject: [PATCH 9/9] both env options Signed-off-by: ac892247 --- .../src/test/resources/environment-configuration.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/integration-tests/src/test/resources/environment-configuration.yml b/integration-tests/src/test/resources/environment-configuration.yml index 99394fee18..1dc85c0374 100644 --- a/integration-tests/src/test/resources/environment-configuration.yml +++ b/integration-tests/src/test/resources/environment-configuration.yml @@ -107,5 +107,6 @@ instanceEnv: ZWE_configs_apiml_security_auth_passticket_customAuthHeader: customPassticketHeader ZWE_configs_apiml_health_protected: false ZWE_components_gateway_apiml_security_authorization_provider: endpoint + ZWE_configs_apiml_security_authorization_provider: endpoint # set the value to "authentication" if you want to test the sticky session load balancing APIML_SERVICE_CUSTOMMETADATA_APIML_LB_TYPE: headerRequest