cameleer/cameleer-server
1
0
Fork 0
Code Issues 43 Pull Requests Actions Packages Projects Releases Wiki Activity

fix: allow local login to coexist with OIDC
All checks were successful
CI / cleanup-branch (push) Has been skipped
Details
CI / build (push) Successful in 1m44s
Details
CI / docker (push) Successful in 1m2s
Details
CI / deploy-feature (push) Has been skipped
Details
CI / deploy (push) Successful in 38s
Details

Browse Source 
Local login was blocked when OIDC env vars were present, causing
bootstrap to fail (chicken-and-egg: bootstrap needs local auth to
configure OIDC). The backend now accepts both auth paths; the
frontend/UI decides which login flow to present.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
2026-04-08 09:09:24 +02:00
parent 36e8b2d8ff
commit d9160b7d0e
2 changed files with 0 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/JwtAuthenticationFilter.java
View File

@@ -74,12 +74,6 @@ public class JwtAuthenticationFilter extends OncePerRequestFilter {
JwtValidationResult result = jwtService.validateAccessToken(token); JwtValidationResult result = jwtService.validateAccessToken(token);
String subject = result.subject(); String subject = result.subject();
// In OIDC mode, only accept agent tokens via internal validation.
// User tokens must go through the OIDC decoder path.
if (oidcDecoder != null && subject != null && subject.startsWith("user:")) {
return false;
}
List<String> roles = result.roles(); List<String> roles = result.roles();
if (!subject.startsWith("user:") && roles.isEmpty()) { if (!subject.startsWith("user:") && roles.isEmpty()) {
roles = List.of("AGENT"); roles = List.of("AGENT");

9
cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/UiAuthController.java
View File

@@ -71,10 +71,6 @@ public class UiAuthController {
content = @Content(schema = @Schema(implementation = ErrorResponse.class))) content = @Content(schema = @Schema(implementation = ErrorResponse.class)))
public ResponseEntity<AuthTokenResponse> login(@RequestBody LoginRequest request, public ResponseEntity<AuthTokenResponse> login(@RequestBody LoginRequest request,
HttpServletRequest httpRequest) { HttpServletRequest httpRequest) {
if (isOidcEnabled()) {
return ResponseEntity.status(HttpStatus.NOT_FOUND)
.body(new AuthTokenResponse(null, null, "Local login disabled when OIDC is configured", null));
}
String configuredUser = properties.getUiUser(); String configuredUser = properties.getUiUser();
String configuredPassword = properties.getUiPassword(); String configuredPassword = properties.getUiPassword();
String subject = "user:" + request.username(); String subject = "user:" + request.username();
@@ -153,11 +149,6 @@ public class UiAuthController {
} }
} }
private boolean isOidcEnabled() {
String issuer = properties.getOidcIssuerUri();
return issuer != null && !issuer.isBlank();
}
public record LoginRequest(String username, String password) {} public record LoginRequest(String username, String password) {}
public record RefreshRequest(String refreshToken) {} public record RefreshRequest(String refreshToken) {}
} }