bobbeck55
commented
1 year ago Here are the quack logs and the system authorization log (/var/log/auth.log)
Open bobbeck55 opened 1 year ago
bobbeck55
commented
1 year ago Here are the quack logs and the system authorization log (/var/log/auth.log)
bobbeck55
commented
1 year ago exception in monitor thread no longer happening. when I do - docker exec -it mongod bash mongo show users - nothing is displayed but I added user "bob"
azee
commented
1 year ago @bobbeck55 What is set up in your config file as an auth and session providers? https://github.com/greatbit/quack/blob/master/api/src/main/resources/quack.properties#L13-L14
Docker compose starts mongo and QuAck in a single stack. It was created solely for demo purposes only. If you want to run QuAck as a prod service you'll need a real Mongo replica set and few QuAcks as failovers and for balancing.
In docker-compose all configurations are default and are meant to serve demo purposes only. StubAuthProvider and InmemSessionProvider would be set up by default in property file.
StubAuthProvider only authenticates admin by credentials specified in property file (stub and admin) https://github.com/greatbit/quack/blob/master/api/src/main/resources/quack.properties#L15-L21
If you want to be able to create users in your database - change authProvider to whoru.auth.provider=com.testquack.api.security.DbAuthProvider It will still allow using admin credentials from property file but will allow users creation as well.
If you'll have more than one instance of QuAck running in a cluster, you also have to update a session provider to a HazelcastSessionProvider so that sessions would be in sync on all nodes: whoru.session.provider=ru.greatbit.whoru.auth.providers.HazelcastSessionProvider
In case you have AWS and you want to enable authentication through google or other social services - you can use CognitoAuthProvider. It works with AWS Cognito. Please let me know if interested - I'll guide you.
azee
commented
1 year ago Now for the configuration. QuAck loads quack.properties file from 2 locations. First - resources. The one that you get by default. If you want to override properties (and in our case we want to override authPrpvider) - you can create your own quack.properties file and override desired properties there.
If you are running quack using docker (in our case it is so - docker compose) - quack will read the overridden quack.properties file from /etc/quack/quack.properties. You can map docker container /etc/quack folder to whatever folder you have on your host. Just put your custom quack.properties file into that folder and map it in docker-compose.yaml like
volumes:
using "docker-compose -f docker_compose.yml up" I started up mongodb:4.2 and quack. See the log - mongodb 4.2 started correctly and quack appeared to start. Using a local firefox, I logged in using root:rootpass and created a user named "bob". Next, I logged out as "root" and attempted to login as "bob" it did not work. the screen capture is attached Next, I logged out of quack locally and started up quack using a web browser external to the VM where I am running quack. Quack started up but when I attempted to login using "root:rootpass" or "bob:bob", I got an authorization error. See the 2nd screen capture. The quack log is in the VM. I will try to add it to the next comment.
