Package org.fcrepo.webapp
Class AuthConfig
- java.lang.Object
-
- org.fcrepo.webapp.AuthConfig
-
@Configuration @Conditional(org.fcrepo.webapp.AuthConfig.AuthorizationEnabled.class) public class AuthConfig extends Object
Spring config for auth- Author:
- pwinckles
-
-
Constructor Summary
Constructors Constructor Description AuthConfig()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description PrincipalProvidercontainerRolesProvider(AuthPropsConfig propsConfig)Optional PrincipalProvider filter that will use container configured roles as principalsPrincipalProviderdelegatedPrincipalProvider()delegatedPrincipleProvider filter allows a single user to be passed in the header "On-Behalf-Of", this is to be used as the actor making the request when authenticating.PrincipalProviderheaderProvider(AuthPropsConfig propsConfig)Optional PrincipalProvider filter that will inspect the request header, "some-header", for user role valuesjavax.servlet.FilterinvalidRequest()Shiro's filter for rejecting invalid requestsorg.apache.shiro.spring.LifecycleBeanPostProcessorlifecycleBeanPostProcessor()Post processor that automatically invokes init() and destroy() methodsorg.apache.shiro.web.mgt.WebSecurityManagersecurityManager()org.apache.shiro.realm.AuthenticatingRealmservletContainerAuthenticatingRealm()Servlet Container Authentication Realmjavax.servlet.FilterservletContainerAuthFilter()org.apache.shiro.spring.web.ShiroFilterFactoryBeanshiroFilter(AuthPropsConfig propsConfig)Shiro filter.org.apache.shiro.realm.AuthorizingRealmwebACAuthorizingRealm()WebAC Authorization Realmjavax.servlet.FilterwebACFilter()
-
-
-
Constructor Detail
-
AuthConfig
public AuthConfig()
-
-
Method Detail
-
headerProvider
@Bean @Order(3) @Conditional(org.fcrepo.webapp.AuthConfig.HeaderPrincipalEnabled.class) public PrincipalProvider headerProvider(AuthPropsConfig propsConfig)
Optional PrincipalProvider filter that will inspect the request header, "some-header", for user role values- Parameters:
propsConfig- config properties- Returns:
- header principal provider
-
containerRolesProvider
@Bean @Order(4) @Conditional(org.fcrepo.webapp.AuthConfig.RolesPrincipalEnabled.class) public PrincipalProvider containerRolesProvider(AuthPropsConfig propsConfig)
Optional PrincipalProvider filter that will use container configured roles as principals- Parameters:
propsConfig- config properties- Returns:
- roles principal provider
-
delegatedPrincipalProvider
@Bean @Order(5) @Conditional(org.fcrepo.webapp.AuthConfig.DelegatePrincipalEnabled.class) public PrincipalProvider delegatedPrincipalProvider()
delegatedPrincipleProvider filter allows a single user to be passed in the header "On-Behalf-Of", this is to be used as the actor making the request when authenticating. NOTE: Only users with the role fedoraAdmin can delegate to another user. NOTE: Only supported in WebAC authentication- Returns:
- delegate principal provider
-
webACAuthorizingRealm
@Bean public org.apache.shiro.realm.AuthorizingRealm webACAuthorizingRealm()
WebAC Authorization Realm- Returns:
- authorization realm
-
servletContainerAuthenticatingRealm
@Bean public org.apache.shiro.realm.AuthenticatingRealm servletContainerAuthenticatingRealm()
Servlet Container Authentication Realm- Returns:
- authentication realm
-
securityManager
@Bean public org.apache.shiro.web.mgt.WebSecurityManager securityManager()
- Returns:
- Security Manager
-
lifecycleBeanPostProcessor
@Bean public org.apache.shiro.spring.LifecycleBeanPostProcessor lifecycleBeanPostProcessor()
Post processor that automatically invokes init() and destroy() methods- Returns:
- post processor
-
servletContainerAuthFilter
@Bean @Order(1) public javax.servlet.Filter servletContainerAuthFilter()
- Returns:
- Authentication Filter
-
webACFilter
@Bean @Order(2) public javax.servlet.Filter webACFilter()
- Returns:
- Authorization Filter
-
invalidRequest
@Bean @Order(6) public javax.servlet.Filter invalidRequest()
Shiro's filter for rejecting invalid requests- Returns:
- invalid request filter
-
shiroFilter
@Bean @Order(100) public org.apache.shiro.spring.web.ShiroFilterFactoryBean shiroFilter(AuthPropsConfig propsConfig)
Shiro filter. When defining the filter chain, the Auth filter should come first, followed by 0 or more of the principal provider filters, and finally the webACFilter- Parameters:
propsConfig- config properties- Returns:
- shiro filter
-
-