Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: replace default spring x509 authentication in zaas #3971

Open
wants to merge 10 commits into
base: v3.x.x
Choose a base branch
from
Open

fix: replace default spring x509 authentication in zaas #3971

wants to merge 10 commits into from

Conversation

richard-salac
Copy link
Contributor

@richard-salac richard-salac commented Jan 30, 2025
edited
Loading

Description

Zaas is using two level authentication, Zowe server certificate is required on top of traditional client authentication (x509, credentials, token,....). This is causing unexpected behavior with spring X509 authentication when Zowe server certificate may get propagated as authenticated username. To avoid such situations the spring x509 was disabled when possible.

Linked to # (issue)
Part of the # (epic)

Type of change

Please delete options that are not relevant.

  • fix: Bug fix (non-breaking change which fixes an issue)
  • feat: New feature (non-breaking change which adds functionality)
  • docs: Change in a documentation
  • refactor: Refactor the code
  • chore: Chore, repository cleanup, updates the dependencies.
  • BREAKING CHANGE or !: Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

  • My code follows the style guidelines of this project
  • PR title conforms to commit message guideline ## Commit Message Structure Guideline
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

For more details about how should the code look like read the Contributing guideline

@github-actions github-actions bot added the Sensitive Sensitive change that requires peer review label Jan 30, 2025
@richard-salac richard-salac force-pushed the reboot/fix/replace-default-x509-auth branch from 26ecb0e to 8fa0f70 Compare January 30, 2025 10:43
@richard-salac richard-salac force-pushed the reboot/fix/replace-default-x509-auth branch 2 times, most recently from 62e857f to 9d17404 Compare January 31, 2025 22:35
@richard-salac richard-salac force-pushed the reboot/fix/replace-default-x509-auth branch from 9d17404 to c75cd98 Compare January 31, 2025 23:00
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Feb 3, 2025

Quality Gate Failed Quality Gate failed

Failed conditions
1 Security Hotspot
79.8% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Sensitive Sensitive change that requires peer review size/XL
Projects
API Mediation Layer Backlog Management
Status: New
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@richard-salac