macsux
commented
2 years ago I would consider importing a basic authentication handler as embedded code rather than package reference. It's small enough that it won't add much maintenance overhead and can be made internal to steeltoe. Its implementation is apache licensed, so shouldn't be a problem: https://github.com/blowdart/idunno.Authentication/tree/dev/src/idunno.Authentication.Basic
Consider replacing or augmenting the current default actuator access model that uses exposure/enabled settings and anonymous access to include support for basic auth with authorization policies (eg:
actuator.basic&actuator.admin)See this example for a starting point. Might need to implement as a separate project so the basic auth package isn't required for anybody who might not want it
cc @macsux