Optionally disable client authentication

based on an env. variable, client authentication can be disabled

Change-Id: Ie7790c1ec6c253c0b91358d56fd32cf588a01183
Issue-ID: AAI-2132
Signed-off-by: Serban Popescu <serban.popescu@amdocs.com>

diff --git a/src/main/java/org/onap/aai/spike/SpikeApplication.java b/src/main/java/org/onap/aai/spike/SpikeApplication.java
index fed74af..bbc29fe 100644 (file)
--- a/src/main/java/org/onap/aai/spike/SpikeApplication.java
+++ b/src/main/java/org/onap/aai/spike/SpikeApplication.java
@@ -61,6 +61,10 @@ public class SpikeApplication extends SpringBootServletInitializer {
         props.put("schema.service.ssl.key-store-password", Password.deobfuscate(keyStorePassword));
         props.put("schema.service.ssl.trust-store-password", Password.deobfuscate(keyStorePassword));
 
+        String requireClientAuth = System.getenv("REQUIRE_CLIENT_AUTH");
+        props.put("server.ssl.client-auth",
+                Boolean.FALSE.toString().equalsIgnoreCase(requireClientAuth) ? "want" : "need");
+
         new SpikeApplication().configure(new SpringApplicationBuilder(SpikeApplication.class).properties(props))
                 .run(args);
     }

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 2baa523..90cb740 100644 (file)
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -5,7 +5,6 @@ SERVICE_BEANS=dynamic/conf
 
 server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
 server.ssl.enabled=true
-server.ssl.client-auth=need
 server.ssl.enabled-protocols=TLSv1.1,TLSv1.2
 
 schema.ingest.file=${CONFIG_HOME}/schema-ingest.properties