We need to provide a meaning error for this configuration issue. Currently log gives no clue to problem if users.properties file wasn't created.
If would be nice to show an error in the UI. "Oops, we've detected a configuration problem with your setup. Please see logs for details."
I think we should be able to add a validation to the FileAuthConfig class when its built.
can you comment?
Yes, it would be easy to check for the existence of the users.properties resource at startup, and FileAuthConfig seems like the most reasonable place to do it. I presume we would want to fail startup if it is not found? Throwing an exception during bean creation should do this.
Starting at line 73 something like this should work:
The current implementation has a problem as only the users.properties are required when this LoginModule is used. The groups.properties are optional. When this module is used in conjunction with auth-kylo for instance, it might be beneficial not to use groups.properties at all since the user/group associations would be managed in Kylo and would be confusing to manage them in a groups.properties file as well.
The new FailFastUsersRolesLoginModule should only be checking for the users.properties.
As per the chat on slack Dec 18, It is possible that the behavior of FailFastUsersRolesLoginModule already exists in the parent UsersRolesLoginModule but that our default configuration was wrong.
We may also want to move this configuration check to a @PostConstruct method of FileAuthConfig instead so that config failure would occur during Kylo startup rather than the 1st login attempt.