Rest heart without authentication

Question

I'm using Rest Heart and I want to:

1) Disable authentication of Rest Heart. I don't want to provide any credential like admin:changeit when doing crud operations. 2) Disable authentication of Rest Heart with Mongo because my Mongo doesn't have authentication enabled (and I don't want to enable it)

I think that that can be done editing yml file, but its not clear to me even reading the documentation.

Thanks in Advance.

Answer 1

To disable security in RESTHeart you just comment out the following lines in restheart.yml configuration file

#idm:
#  implementation-class: org.restheart.security.impl.SimpleFileIdentityManager
#  conf-file: {{{idm.conf-file}}}

#access-manager:
#  implementation-class: org.restheart.security.impl.SimpleAccessManager
#  conf-file: {{{access-manager.conf-file}}}

The credentials of MongoDb are specified in the mongo-uri, for instance:

mongo-uri: mongodb://user:secret@127.0.0.1/?authSource=authdb

If you want to run MongoDb without security just set the following:

mongo-uri: mongodb://127.0.0.1/

Answer 2

As an update to this topic, the latest major release of RESTHeart, which is v4 and was published in June 2019, moved the security layer into another component.

So now if you run the plain RESTHeart v4 you don't have any authentication mechanism, so nothing to disable at all.

RESTHeart v3 has been growing over the last 5 years featuring a REST API for MongoDB and a strong security layer. The code got complex to update and maintain, so that RESTHeart Platform v4 is now split in modules clued together in a micro-service architecture.

This resulted in two projects that do one thing and do it well. Each of them can also be reused alone in different architectures.

The two micro-services are:

• restheart-core handles the REST API;
• restheart-security is responsible of enforcing the security policy acting as a reverse proxy for restheart-core.

You can read here for more.