Pivotal Knowledge Base

Follow

Spring-XD Flo UI Not Working when Authorization is Enabled

Environment

 Product  Version
 Spring XD  Before 1.3.2 

Symptom

Some of the Flo functionality doesn't work when authorization is enabled in Spring-xd prior to 1.3.2 Version.

Opening tab "Create Composed Job" in JOB section doesn't show the "definitions" section in the left panel.

See following images for clarification:

The Panel looks like:

What the Panel should actually look like:

Cause

Missing block for composed jobs, HTTP requests to support authorization.

Resolution

The following section needs to be added to xd/config/servers.yml file, and admin component should be restarted afterward.

xd:
...
  security:
    authorization:
      rules:
        # Streams
        - GET    /streams/definitions            => hasRole('ROLE_VIEW')
        - GET    /streams/definitions.*          => hasRole('ROLE_VIEW')
        - DELETE /streams/definitions            => hasRole('ROLE_CREATE')
        - DELETE /streams/definitions.*          => hasRole('ROLE_CREATE')
        - GET    /streams/definitions/*          => hasRole('ROLE_VIEW')
        - POST   /streams/definitions            => hasRole('ROLE_CREATE')
        - POST   /streams/definitions.*          => hasRole('ROLE_CREATE')
        - DELETE /streams/definitions/*          => hasRole('ROLE_CREATE')
        # Stream Deployments
        - GET    /streams/deployments/           => hasRole('ROLE_VIEW')
        - DELETE /streams/deployments/           => hasRole('ROLE_CREATE')
        - GET    /streams/deployments/*          => hasRole('ROLE_VIEW')
        - POST   /streams/deployments/*          => hasRole('ROLE_CREATE')
        - DELETE /streams/deployments/*          => hasRole('ROLE_CREATE')
        # Job Definitions
        - GET    /jobs/definitions               => hasRole('ROLE_VIEW')
        - GET    /jobs/definitions.*             => hasRole('ROLE_VIEW')
        - DELETE /jobs/definitions               => hasRole('ROLE_CREATE')
        - GET    /jobs/definitions/*             => hasRole('ROLE_VIEW')
        - POST   /jobs/definitions               => hasRole('ROLE_CREATE')
        - DELETE /jobs/definitions/*             => hasRole('ROLE_CREATE')
        # Job Deployments
        - GET    /jobs/deployments/              => hasRole('ROLE_VIEW')
        - DELETE /jobs/deployments/              => hasRole('ROLE_CREATE')
        - GET    /jobs/deployments/*             => hasRole('ROLE_VIEW')
        - POST   /jobs/deployments/*             => hasRole('ROLE_CREATE')
        - DELETE /jobs/deployments/*             => hasRole('ROLE_CREATE')
        # Batch Job Configurations
        - GET    /jobs/configurations            => hasRole('ROLE_VIEW')
        - GET    /jobs/configurations.*          => hasRole('ROLE_VIEW')
        - GET    /jobs/configurations/*          => hasRole('ROLE_VIEW')
        # Batch Job Executions
        - GET    /jobs/executions                => hasRole('ROLE_VIEW')
        - PUT    /jobs/executions                => hasRole('ROLE_CREATE')
        - PUT    /jobs/executions/*              => hasRole('ROLE_CREATE')
        - POST   /jobs/executions                => hasRole('ROLE_CREATE')
        - GET    /jobs/executions/*              => hasRole('ROLE_VIEW')
        - GET    /jobs/executions/*/steps        => hasRole('ROLE_VIEW')
        - GET    /jobs/executions/*/steps/*      => hasRole('ROLE_VIEW')
        - GET    /jobs/executions/*/steps/*/progress      => hasRole('ROLE_VIEW')
        - GET    /jobs/executions/*/steps/*/progress.json => hasRole('ROLE_VIEW')
        # Batch Job Instances
        - GET    /jobs/instances*                => hasRole('ROLE_VIEW')
        - GET    /jobs/instances/*               => hasRole('ROLE_VIEW')
        # Module Definitions
        - GET    /modules                        => hasRole('ROLE_VIEW')
        - GET    /modules.*                      => hasRole('ROLE_VIEW')
        - POST   /modules                        => hasRole('ROLE_CREATE')
        - POST   /modules/*/*                    => hasRole('ROLE_CREATE')
        - POST   /modules.*                      => hasRole('ROLE_CREATE')
        - GET    /modules/*/*                    => hasRole('ROLE_VIEW')
        - DELETE /modules/*/*                    => hasRole('ROLE_CREATE')
        # Deployed Modules
        - GET    /runtime/modules                => hasRole('ROLE_VIEW')
        - GET    /runtime/modules.*              => hasRole('ROLE_VIEW')
        # Containers
        - GET    /runtime/containers             => hasRole('ROLE_VIEW')
        - DELETE /runtime/containers             => hasRole('ROLE_CREATE')
        - GET    /runtime/containers.*           => hasRole('ROLE_VIEW')
        # Counters
        - GET    /metrics/counters               => hasRole('ROLE_VIEW')
        - GET    /metrics/counters.*             => hasRole('ROLE_VIEW')
        - GET    /metrics/counters/*             => hasRole('ROLE_VIEW')
        - DELETE /metrics/counters/*             => hasRole('ROLE_CREATE')
        # Field Value Counters
        - GET    /metrics/field-value-counters   => hasRole('ROLE_VIEW')
        - GET    /metrics/field-value-counters.* => hasRole('ROLE_VIEW')
        - GET    /metrics/field-value-counters/* => hasRole('ROLE_VIEW')
        - DELETE /metrics/field-value-counters/* => hasRole('ROLE_CREATE')
        # Aggregate Counters
        - GET    /metrics/aggregate-counters     => hasRole('ROLE_VIEW')
        - GET    /metrics/aggregate-counters.*   => hasRole('ROLE_VIEW')
        - GET    /metrics/aggregate-counters/*   => hasRole('ROLE_VIEW')
        - DELETE /metrics/aggregate-counters/*   => hasRole('ROLE_CREATE')
        # Gauges
        - GET    /metrics/gauges                 => hasRole('ROLE_VIEW')
        - GET    /metrics/gauges.*               => hasRole('ROLE_VIEW')
        - GET    /metrics/gauges/*               => hasRole('ROLE_VIEW')
        - DELETE /metrics/gauges/*               => hasRole('ROLE_CREATE')
        # Rich Gauges
        - GET    /metrics/rich-gauges            => hasRole('ROLE_VIEW')
        - GET    /metrics/rich-gauges.*          => hasRole('ROLE_VIEW')
        - GET    /metrics/rich-gauges/*          => hasRole('ROLE_VIEW')
        - DELETE /metrics/rich-gauges/*          => hasRole('ROLE_CREATE')
        # Tab Completions
        - GET    /completions/stream?start=*     => hasRole('ROLE_VIEW')
        - GET    /completions/job?start=*        => hasRole('ROLE_VIEW')
        - GET    /completions/module?start=*     => hasRole('ROLE_VIEW')
        # Boot Endpoints
        - GET    /management/**                  => hasRole('ROLE_ADMIN')
        # Version info
        - GET    /meta/version                   => hasRole('ROLE_VIEW')
        - POST   /tools/parseJobToGraph                  => hasRole('ROLE_CREATE')
        - POST   /tools/parseJobToGraph.*                => hasRole('ROLE_CREATE')
        - POST   /tools/convertJobGraphToText            => hasRole('ROLE_CREATE')
        - POST   /tools/convertJobGraphToText.*          => hasRole('ROLE_CREATE')
        - GET    /tools/parse                            => hasRole('ROLE_VIEW')
        - GET    /tools/parse.*                          => hasRole('ROLE_VIEW')

 Impact/Risks

 There is no known impact or risk associated with this workaround.

Additional Information

This issue is expected to be solved in Spring-XD 1.3.2.

Comments

Powered by Zendesk