Dear Tango community,
I have tried to set up TAC with the waltz webapp and I have run into an issue that I cannot figure out. What I have tried as a minimal example and for others to reproduce:
-
minimal tango system with DB, DB server, tango test and TAC servers on ubuntu 20.04 (also tried with more servers and dockerized on windows/mac, same result)
-
waltz app downloaded and built from GitHub - scientific-software-hub/waltz: A general purpose web application that provides the interface between SCADA(s) system and the scientific users who define and calibrate their experiments
-
rest server 2.3 downloaded from https://github.com/hzg-wpi/rest-server/releases/download/rest-server-2.3/rest-server-2.3.zip
-
put tango.war (rest server) and waltz.war in tomcat/webapps and start tomcat server
-
everything works fine without access control and access control works outside webapp (jive/ simple PyTango client writing an attribute)
-
in the waltz webapp the user starting the tomcat server (and thus rest server) will be the one against which TAC is checking
-
TAC apparently works except for the DbInfo command, so e.g. http://localhost:8080/tango/rest/v11/hosts/tangobox;port=10000/devices/sys/tg_test/1/attributes/double_scalar/value?=1 will work/not work depending on the TAC configuration for the user/host starting tomcat. However, it gives an error "sys/database/2.command_inout(DbInfo) is not authorized for:\n${user} on tangobox" for all users no matter their access rights (also tried different hostnames and hostnames are also resolved). DbInfo command is in class property AllowedAccessCmd. As this one is needed to get the device tree it is pretty crucial.
Perhaps someone has experience with using TAC correctly with the webapp.
Best
Karl
