Right now, if you set global.auth=none in the CR yaml, that makes the downstream microservices use basic auth instead of a JWT. This is great for things curl -u stock:trader http://localhost:9080/broker, like during unit tests of a microservice, or other clients that don't want to deal with he complexities of constructing a JWT. However, the Trader UI fails, because it still tries sending a JWT, instead of basic auth credentials, in the auth http request header. Need to add basic auth support to Trader. Note this is slightly harder than it sounds, because the same servlet instance might need to handle different login IDs, so we can't just cache the id/pwd in the Login servlet. We'll have to do something like keeping a static HashMap of id (that I think we can get as the "principal" in a JAX-RS method?) to basic auth credential string (the encoded id:pwd thing), and use that on each request to Broker.
Right now, if you set
global.auth=nonein the CR yaml, that makes the downstream microservices use basic auth instead of a JWT. This is great for thingscurl -u stock:trader http://localhost:9080/broker, like during unit tests of a microservice, or other clients that don't want to deal with he complexities of constructing a JWT. However, the Trader UI fails, because it still tries sending a JWT, instead of basic auth credentials, in the auth http request header. Need to add basic auth support to Trader. Note this is slightly harder than it sounds, because the same servlet instance might need to handle different login IDs, so we can't just cache the id/pwd in the Login servlet. We'll have to do something like keeping a static HashMap of id (that I think we can get as the "principal" in a JAX-RS method?) to basic auth credential string (the encoded id:pwd thing), and use that on each request to Broker.