Skip to content
This repository has been archived by the owner on Nov 23, 2021. It is now read-only.

It is not possible to access the h2 console by default #689

Open
maybeec opened this issue Sep 28, 2018 · 3 comments
Open

It is not possible to access the h2 console by default #689

maybeec opened this issue Sep 28, 2018 · 3 comments

Comments

@maybeec
Copy link
Member

maybeec commented Sep 28, 2018

Using the archetype 3.0.0 it is not possible to access the h2 console by specifying another context path for the application different to / and providing the properties

spring.h2.console.enabled=true
spring.h2.console.path=/h2

Logging into the console always results in a 403 error.

@maybeec
Copy link
Member Author

maybeec commented Oct 2, 2018

Removing all the authorization of the application results in a valid behavior of the h2 console. So it seems, that we have to whitelist /h2 somewhere and maybe properly provide a context path for the application to prevent name clashes in URLs

@jdiazgon
Copy link

jdiazgon commented Oct 2, 2018

I have found a way to solve this, it is explained here.

if you enable Spring Security in your project, the H2 database console will be blocked with 403 error

I have tested it and it works fine. I will provide a PR with this fix.

jdiazgon added a commit to jdiazgon/oasp4j that referenced this issue Oct 4, 2018
jdiazgon added a commit to jdiazgon/oasp4j that referenced this issue Oct 4, 2018
@hohwille
Copy link
Member

hohwille commented Oct 8, 2018

@jdiazgon thank you so much for your feedback and investigation.
Disabling security features for the sake of accessing some h2 feature is somewhat odd however. We IMHO need at least to find a way how to configure these "disabling" only for the h2 URLs. Still I do not like such tweaks in productive code. Great that you just added it as comment. However, there is a high risk that people using it may accidentally commit such change and break the security. Therefore we still need to find a safer and more elegant way.
Anyhow, thank you very much as you help us to guide the way to the "perfect solution".

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants