I'm trying to add authentication to questdb web ui, as I don't want it to be exposed to the public internet. But it seems there are no options out of the box?
There is no authentication available on the web console yet out of the box, so the most common options are to:
set up an auth proxy in front of the instance using nginx or similar
disable the web console and REST API via server configuration
set the instance to read-only (http.security.readonly) via HTTP
Related
I have setup Cloud IAP on a development environment (spun up with Kubernetes and using Let's Encrypt) and everything is working fine.
The setup is pretty basic for this app:
1) An API that has a number of REST endpoints and a persistent data store, in project A
2) A SPA front end app that utilizes said API, in a different project B
In my browser (tried Chrome and Firefox), I can authenticate my Google user in both apps via the IAP screen (by going to each domain in a browser tab), but once I try to use the SPA and it attempts requests to the API, I see the network requests 302 redirect to the Google IAP sign-in page.
Question:
Is there a header or cookie that needs to be sent over via the API requests on behalf of the user so that IAP allows pass-thru?
Note
I see these two cookies btw GCP_IAAP_AUTH_TOKEN and GCP_IAAP_XSRF_NONCE.
What's protected with IAP, "API" or "SPA"? If it's SPA, IAP should work as normal. If it's API, your best option today is to use https://cloud.google.com/iap/docs/authentication-howto to have SPA authenticate to API, and maybe also have it pass down https://cloud.google.com/iap/docs/signed-headers-howto so that API can separately verify the end-user's credentials.
Passing down GCP_IAAP_AUTH_TOKEN from SPA to API won't work, we strip that before passing the request to the end-user application for security reasons (in case the transport between the load balancer and the application is HTTP, just to make life a little harder for an attacker.)
I am working on a microservices application that has a webapp backend consuming a RESTful web service endpoint.
I use IntelliJ and I would like to see the traffic (requests, responses, headers, etc.) between the webapp backend (the client) and the web service endpoint.
How is that possible?
Note:
I have tried using the bundled REST Client but it is just meant to issue requests to a web service endpoint.
The chrome console is of no use either because it just monitor the traffic between the SPA and the webapp backend...
My webapp and endpoint are developed in Spring/Java.
I have a web service hosted in a JBoss AS. Add a app running on Google App Engine. Now I want to access my web service hosted in JBoss AS only by my App Engine app and I want to restrict others from accessing my web service. How can I do that? Please help.
Use the AppEngine URL Fetch Service to call your JBoss web services from your AppEngine app. Use the HTTPS option to secure the network connection. Furthermore create request headers and payload such as to satisfy whatever JBoss security requirements you can establish between JBoss and AppEngine (for example client user authentication).
I've read source code of wso2 greg, and find that there is a tomcat embedded in it, and there are two connectors: http with port 9763 and https with port 9443. But when I type the url [http://localhost:9763/carbon] in browser, it redirect to https automatically. While I can't find the related source code about the redirecting.
Can anybody help?
thx
The Management Console (UI) of all WSO2 Carbon based products communicate with backend web service called AdminService. These services are secured and that's why it can be accessed only through https.
More info - http://charithaka.blogspot.com/2013/06/invoking-wso2-carbon-admin-services.html
Are there any special configuration settings you have to do to make a web service work with SSL?
Is there a way to force the service methods to authenticate using a username/password like I can do with a WCF service?
No. SSL support provided by web server (IIS).
Yes. Just configure authentication through web.config