Search code examples
spring-cloud-dataflow

Spring Cloud Data Flow Management with SSL

Unable to access management end point once local spring cloud data flow server is ssl enabled and has basic authentication

I have docker-compose.yml file that can start dataflow server with ssl and file based authentication, this works, I am able to now run dataflow server on port 8443 and access the dashboard by supplying the correct credentials.

  env_file:
      - .env
  dataflow-server:
    image: repo.mitchell.com/springcloud/spring-cloud-dataflow-server-local:${DATAFLOW_VERSION}
    container_name: dataflow-server
    ports:
      - "9393:9393"
      - "9900:9900"
      - "8443:8443"
      - "8081:8081"
    environment:
      - spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.brokers=kafka:9092
      - spring.cloud.dataflow.applicationProperties.stream.spring.cloud.stream.kafka.binder.zkNodes=zookeeper:2181
      - spring_datasource_url=jdbc:mysql://mysql:3306/dataflow
      - spring_datasource_username=root
      - spring_datasource_password=${MYSQL_PASS}
      - spring_datasource_driver-class-name=org.mariadb.jdbc.Driver
      - spring.cloud.dataflow.metrics.collector.uri=${METRICS_COLLECTOR_URI}:8080
      - spring.cloud.dataflow.metrics.collector.username=${METRICS_COLLECTOR_USER}
      - spring.cloud.dataflow.metrics.collector.password=${METRICS_COLLECTOR_PASS}
      - server.port=8443
      - server.ssl.enabled=true
      - server.ssl.key-store=${SSL_KEY_STORE_PATH}
      - server.ssl.key-store-password=${SSL_TRUST_STORE_PASS}
      - server.ssl.keyStoreType=JKS
      - server.ssl.keyAlias=${SSL_KEY_ALIAS}
      - security.require-ssl=true
      - server.ssl.trust-store=${SSL_TRUST_STORE_PATH}
      - server.ssl.trust-store-password=${SSL_TRUST_STORE_PASS}
      - management.security.enabled=true
      - management.context-path=/management
      - security.basic.enabled=true
      - spring.cloud.dataflow.security.authentication.file.enabled=true
      - spring.cloud.dataflow.security.authentication.file.users.bob=bobpass, ROLE_MANAGE
      - spring.cloud.dataflow.security.authentication.file.users.${FILE_AUTH_ADMIN_USER}=${FILE_AUTH_ADMIN_PASS}, ROLE_VIEW, ROLE_CREATE, ROLE_MANAGE
      - spring.cloud.dataflow.security.authentication.file.users.${FILE_AUTH_USER}=${FILE_AUTH_PASS}, ROLE_VIEW

I expect that https://<ipaddress>:8443/management is accessible, however it keeps redirectin to https://<ipaddress>:8443/dashboard/#/apps

Solution

  • This is a limitation (by design) of having UI and RestEndpoints under the same root. Therefore, if you hit the server with a browser, we by default serve the UI and redirect to /dashboard

    If you use command-line tools such as curl, the JSON REST response is served, e.g.:

    curl -X GET -k -i https://localhost:8443/management -u user:secret_password

    When using a browser, I would recommend using Postman (Chrome) or RESTClient (Firefox).