yuuvis® RAD Q&A

0 votes
by (2.9k points)

Dear OS Team,

we configured following api-key: https://help.optimal-systems.com/yuuvis_develop/display/onpremise/How to enable system user login for microservices

In the documentation, we cannot find how to configure our custom microservices to use this api-key to communicate with /rest-ws (instead of root - optimal).

We added profile "red" to service-watcher.yml to the specific custom microservice and confirmed, the enaio.dms.apikey is set.

Our microservice still cannot connect to /rest-ws/service/bpm/process/?modelid={processId}

Furthermore, in the documenation it is not exactly stated where to put following preference: "com.os.ecm.messaging.LocalSidecarPreferences.CheckSystemUserAccessFromSidecarOnly".

I added it to as a Java Command option to yuuvis_rad_core-servicew.exe like:

-Dcom.os.ecm.messaging.LocalSidecarPreferences.CheckSystemUserAccessFromSidecarOnly=false

is this correct?

Our application-red.yml looks like following:

enaio.dms.apikey: 123456789test
enaio.dms.server: localhost:8080
enaio.dms.endpoint: http://${enaio.dms.server}/rest-ws

enaio.rendition.server: localhost:8090
enaio.rendition.endpoint: http://${enaio.rendition.server}/osrenditioncache

#deprecated
enaio.server.endpoint: ${enaio.dms.endpoint}
rendition.endpoint: ${enaio.rendition.endpoint}

Thanks for help

2 Answers

0 votes
by (3.3k points)
selected by
 
Best answer

Hi,
It is not stated clearly in the documentation, but there is normally no need to adjust a custom microservice to use the system user or reading the api key. The dmssidecar, that is published as service "dms" and uses the red-profile is doing the actual implementation.
If you have a custom spring java microservice that is using a feign client like this one

@FeignClient("dms")
public interface DmsFeignClient
{ ...

then there are no more adjustments necessary. The custom microservice is using the dmssidecar as routing service and will automatically insert a systemuser Authorization header before calling the core-service, only if the custom microservice provides no Authorization header.

Because all calls to the core-service are done via the dmssidecar, there should in most cases be no need to set the CheckSystemUserAccessFromSidecarOnly property to false.

by (2.9k points)
Hotfix DB-5296 did not help. We are still not able to start processes using the api-key user.  I opened a support ticket.
0 votes
by (2.9k points)

Dear Frank,
thanks for your reply. Our microservices are already using the Feign "dms" config. I forgot they don't even need login credentials, my fault.

The problem I faces tho, was probably "DB-5296 - Error when starting a workflow with the system user", which got fixed today.

I will install the update and test it tmr.

...