import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
+import lombok.extern.slf4j.Slf4j;
/**
* @author Waqas Ikram (waqas.ikram@est.tech)
*
*/
+@Slf4j
@Component("basic")
public class SoBasicHttpSecurityConfigurer implements HttpSecurityConfigurer {
@Autowired
private SoUserCredentialConfiguration soUserCredentialConfiguration;
+ private static final String[] unauthenticatedEndpoints = new String[] {"/manage/health", "/manage/info", "/error"};
+
@Override
public void configure(final HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/error").permitAll()
- .antMatchers("/**")
- .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ","))
- .and().httpBasic();
+ if (soUserCredentialConfiguration.getRbacEnabled()) {
+ String roles = StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ",");
+ http.csrf().disable().authorizeRequests().antMatchers(unauthenticatedEndpoints).permitAll()
+ .antMatchers("/**").hasAnyRole(roles).and().httpBasic();
+ } else {
+ log.debug("Not configuring RBAC for the app.");
+ http.csrf().disable().authorizeRequests().antMatchers(unauthenticatedEndpoints).permitAll()
+ .antMatchers("/**").authenticated().and().httpBasic();
+ }
}
}
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
+ *
* SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
private List<UserCredentials> credentials = new ArrayList<>();
private final List<String> roles = new ArrayList<>();
+ private boolean rbacEnabled = true;
public List<String> getRoles() {
return roles;
}
}
+ public void setRbacEnabled(boolean rbacEnabled) {
+ this.rbacEnabled = rbacEnabled;
+ }
+
+ public boolean getRbacEnabled() {
+ return this.rbacEnabled;
+ }
+
@Bean
public UserDetailsService userDetailsService() {
return new UserDetailsServiceImpl();
jksargs="$jksargs -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD}"
fi
-if [ -z "${ACTIVE_PROFILE}" ]; then
- export ACTIVE_PROFILE="basic"
-fi
+jvmargs="${JVM_ARGS} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}"
-jvmargs="${JVM_ARGS} -Dspring.profiles.active=${ACTIVE_PROFILE} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}"
+# optionally set the active spring profile
+if [ -n "${ACTIVE_PROFILE}" ]; then
+ jvmargs="${jvmargs} -Dspring.profiles.active=${ACTIVE_PROFILE}"
+fi
read_properties(){
Code Review / so.git / commitdiff