Is there a way of adding login security to the admin servlet?
Seems like in V0.7 you could add the following two to your yaml file :
adminUsername: user1234
adminPassword: pass5678
However I tried that in the latest version (0.9.2) and it gives me an error saying : server.yaml has an error:
* Unrecognized field at: server.adminConnectors.[0].adminUsername
Did you mean?:
- soLingerTime
- bindHost
- idleTimeout
- useServerHeader
- useDateHeader
[14 more]
This is what I have :
adminConnectors:
- type: http
port: 9180
adminUsername: user1234
adminPassword: pass5678
I run an app on Heroku which only allows the application to make a single port available. I attach the AdminServlet to the main HTTP port (8080) with this in the run() method of my Application (Kotlin):
environment.applicationContext.apply {
setAttribute(MetricsServlet.METRICS_REGISTRY, environment.metrics())
setAttribute(HealthCheckServlet.HEALTH_CHECK_REGISTRY, environment.healthChecks())
addServlet(NonblockingServletHolder(AdminServlet()), "/admin/*")
}
Then, I protect this path with a BasicAuthFilter (still Kotlin, you should use it):
val basicAuthFilter = BasicAuthFilter("admin", configuration.adminUsername, configuration.adminPassword)
val adminFilter = environment.servlets().addFilter("AdminFilter", basicAuthFilter)
adminFilter.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST), false, "/admin/*")