How to configure EclipseStore's clientGui/console with Spring-Security?

[krabat]

I use EclipseStore's clientGui with a secured route via Spring-Security. After disabling CSRF for the client route, the client's UI is shown. But when connecting to the default instance, an error is shown, stating it's unable to connect to the REST service:

Security config

	@Bean
	public SecurityFilterChain defaultSecurityFilterChain( HttpSecurity http ) throws Exception {
		String[] unprotected = { "/", "/favicon.ico", "/error" };
		http
			.authorizeHttpRequests( authorize -> authorize
					.requestMatchers( unprotected ).permitAll()
					.anyRequest().authenticated() )
			.csrf( csrf -> csrf.ignoringRequestMatchers( "/store-console/**" ) )
			.formLogin( Customizer.withDefaults() );
		return http.build();
	}

Github project

To help isolate the issue, I created a minimal reproducible sample project:
https://github.com/krabat/spr-sec-proto2

.

[hg-ms]

Hi
Many thanks for your demo code.
The reason for the problem is quite simple. The gui does not implement Spring-Security yet.

I’ll lable this issue as enhancement, maybe we add this some day.

[krabat]

Thank you for looking into this issue. I hoped for a configuration property I missed to get the gui to work.

It would be great if this enhancement was added.

[zambrovski]

The GUI uses Vaadin and Vaadin has some special whistles for Spring Security... so there could be a minimal way for getting user credentials and checking them against any particular security backend... but someone needs to make the first step for the implementation