From fe8161c5f83b438fedb661cdca53a152209fed45 Mon Sep 17 00:00:00 2001
From: Landry Breuil <landryb@users.noreply.github.com>
Date: Fri, 5 Jul 2024 15:38:05 +0200
Subject: [PATCH] Add details on how to properly authenticate against
 mapstore/cadastrapp via headers when running in dev mode (#173)

---
 README.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/README.md b/README.md
index 2d99f11..c895a7e 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,45 @@ The application runs at `http://localhost:8081` afterwards. You will see, openin
 You can run this application and refer to a running back-end of geOrchestra by configuring `proxyConfig.js` in the root of the project.
 You can configure this to point to your running instance of geOrchestra, with cadastrapp installed.
 
+When pointing directly at cadastrapp short-circuiting geOrchestra's sec-proxy,
+one can be properly authenticated by faking the extra headers via `proxyConfig.js`:
+
+```javascript
+    "/rest": {
+        target: `http://localhost:8180/mapstore`,
+        secure: false,
+        headers: {
+            "sec-roles": "ROLE_CADASTRAPP;ROLE_MAPSTORE_ADMIN",
+            "sec-username": 'testadmin',
+            "sec-org": 'PSC',
+            host: `georchestra.example.org`
+        }
+    },
+    ...
+    "/cadastrapp": {
+        target: `http://localhost:8180`,
+        secure: false,
+        headers: {
+           "sec-roles": "ROLE_CADASTRAPP",
+           "sec-username": 'testadmin',
+           "sec-org": 'PSC',
+           host: `georchestra.example.org`
+        }
+    }
+```
+
+in that case, that assumes that `npm start` runs on the same machine where
+cadastrapp & mapstore backends runs, and that the corresponding tomcat listens
+on port 8180. This should be adapted if using different ports, or being
+deployed on a different machine.
+
+With that setup and the default `localConfig.json` (which uses a login button),
+simulating a login (eg login with random credentials) will call
+`http://localhost:8081/rest/geostore/users/user/details?includeattributes=true`
+(which behind the scenes will call the existing mapstore backend, adding the
+appropriate headers) and from that point the frontend will consider the
+current user logged in with full rights on cadastrapp backend.
+
 #### Proxy
 
 If you will try to do requests to absolute URLs, you may be redirected to use the proxy. (the request will be transformed in something like `/mapstore/proxy?url=...`).