diff options
| author | Fabian Mastenbroek <mail.fabianm@gmail.com> | 2022-04-05 21:15:57 +0200 |
|---|---|---|
| committer | Fabian Mastenbroek <mail.fabianm@gmail.com> | 2022-04-06 13:39:32 +0200 |
| commit | 68d9003f8d8d2adcba43cad6366eca5365110e48 (patch) | |
| tree | 8e9287ae4c738229e82ace3e9b39d33a2953f490 /opendc-web/opendc-web-api/src/main/kotlin | |
| parent | f2ff40b5170260289e99e0506525f0905f380907 (diff) | |
feat(web/ui): Add support for unauthenticated user access
This change updates the web UI and API to support unauthenticated user
access. Such functionality is helpful when there is just a single user
that wants to try OpenDC.
Diffstat (limited to 'opendc-web/opendc-web-api/src/main/kotlin')
| -rw-r--r-- | opendc-web/opendc-web-api/src/main/kotlin/org/opendc/web/api/util/DevSecurityOverrideFilter.kt | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/opendc-web/opendc-web-api/src/main/kotlin/org/opendc/web/api/util/DevSecurityOverrideFilter.kt b/opendc-web/opendc-web-api/src/main/kotlin/org/opendc/web/api/util/DevSecurityOverrideFilter.kt new file mode 100644 index 00000000..ba2cf2ae --- /dev/null +++ b/opendc-web/opendc-web-api/src/main/kotlin/org/opendc/web/api/util/DevSecurityOverrideFilter.kt @@ -0,0 +1,51 @@ +/* + * Copyright (c) 2022 AtLarge Research + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in all + * copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + * SOFTWARE. + */ + +package org.opendc.web.api.util + +import io.quarkus.arc.properties.IfBuildProperty +import java.security.Principal +import javax.ws.rs.container.ContainerRequestContext +import javax.ws.rs.container.ContainerRequestFilter +import javax.ws.rs.container.PreMatching +import javax.ws.rs.core.SecurityContext +import javax.ws.rs.ext.Provider + +/** + * Helper class to disable security for the OpenDC web API when in development mode. + */ +@Provider +@PreMatching +@IfBuildProperty(name = "opendc.security.enabled", stringValue = "false") +class DevSecurityOverrideFilter : ContainerRequestFilter { + override fun filter(requestContext: ContainerRequestContext) { + requestContext.securityContext = object : SecurityContext { + override fun getUserPrincipal(): Principal = Principal { "anon" } + + override fun isSecure(): Boolean = false + + override fun isUserInRole(role: String): Boolean = true + + override fun getAuthenticationScheme(): String = "basic" + } + } +} |