Generate jHipster server app without security or authentication

Overview of the issue

I generated a server app (using jHipster version 4.9.0) using the following command by selecting the default JWT security:

jhipster --skip-client --with-entities --skip-user-management

Upon running above app, you can call GET api’s directly (from a rest client such as postman or even directly from the browser), without providing any Authorization header (aka the JWT token). Essentially, security is disabled. But in reality, calling the GET api without providing the JWT token in the Authorization header should return a HTTP 401 (Not authenticated).

Motivation for or Use Case

Security should not be disabled for a stand alone server app. However, by generating the app as shown above, security is disabled.

Reproduce the error

1. Generate the app using: jhipster --skip-client --with-entities --skip-user-management
2. Call the GET api for one of your entities using Postman (or directly from browser)
3. You can accomplish step 2 without providing any Authorization header (with the JWT token)
4. Step 3 should not be allowed since you should get back a response of HTTP 401 (Not authenticated)

Related issues

Please refer to this old issue. Also, the stack overflow question for this issue is here.

Suggest a Fix

1. Instead of fixing this issue, it would be nice to be able to skip security on a standalone server app as also requested here.
2. Skipping security is helpful to quickly create a mock server that will serve JSON without involving any security/authentication.
3. This will be very helpful to a developer testing their api without worrying about authentication or worrying about Authorization headers etc.
4. With security bypassed, you could quickly go from an E-R diagram to a mock server that provides the JSON and implements the Rest API.
5. Such a mock server would have wide appeal as a test/mock server.

JHipster Version(s)

4.9.0

JHipster configuration

Welcome to the JHipster Information Sub-Generator Using JHipster version installed locally in current project’s node_modules Executing jhipster:info Options:

JHipster Version(s)

/A-Project/App-Server
└── generator-jhipster@4.9.0 

JHipster configuration, a .yo-rc.json file generated in the root folder

{
  "generator-jhipster": {
    "promptValues": {
      "packageName": "com.app.myapp"
    },
    "jhipsterVersion": "4.9.0",
    "baseName": "MYAPP",
    "packageName": "com.app.myapp",
    "packageFolder": "com/app/myapp",
    "serverPort": "8080",
    "authenticationType": "jwt",
    "hibernateCache": "ehcache",
    "clusteredHttpSession": false,
    "websocket": false,
    "databaseType": "sql",
    "devDatabaseType": "mysql",
    "prodDatabaseType": "mysql",
    "searchEngine": false,
    "messageBroker": false,
    "serviceDiscoveryType": false,
    "buildTool": "gradle",
    "enableSocialSignIn": false,
    "enableSwaggerCodegen": false,
    "jwtSecretKey": "replaced-by-jhipster-info",
    "enableTranslation": false,
    "applicationType": "monolith",
    "testFrameworks": [
      "gatling"
    ],
    "jhiPrefix": "jhi",
    "skipClient": true,
    "skipUserManagement": true,
    "clientPackageManager": "yarn"
  }
}

JDL for the Entity configuration(s) entityName.json files generated in the .jhipster directory

entity AppUser (app_user) {
  firstName String,
  lastName String,
  email String,
  tier String
}

Environment and Tools

java version “1.8.0_121” Java™ SE Runtime Environment (build 1.8.0_121-b13) Java HotSpot™ 64-Bit Server VM (build 25.121-b13, mixed mode)

git version 2.13.6 (Apple Git-96)

node: v6.10.2

npm: 5.5.1

yeoman: 1.8.5

yarn: 1.2.1

Docker version 17.03.1-ce, build c6d412e

docker-compose version 1.11.2, build dfed245

Execution complete

Entity configuration(s) entityName.json files generated in the .jhipster directory

The error is not related to Entity generation.

Browsers and Operating System

MACOS Sierra with latest version of Chrome Version 61.0.3163.100 (Official Build) (64-bit).

• Checking this box is mandatory (this is just to show you read everything)