Source code

001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.fcrepo.config;
020
021import java.nio.file.Path;
022import java.util.List;
023
024import org.springframework.beans.factory.annotation.Value;
025import org.springframework.context.annotation.Configuration;
026
027/**
028 * Auth related configuration properties
029 *
030 * @author pwinckles
031 */
032@Configuration
033public class AuthPropsConfig extends BasePropsConfig {
034
035    public static final String FCREPO_AUTH_ENABLED = "fcrepo.auth.enabled";
036    public static final String FCREPO_AUTH_PRINCIPAL_HEADER_ENABLED = "fcrepo.auth.principal.header.enabled";
037    private static final String FCREPO_AUTH_PRINCIPAL_HEADER_NAME = "fcrepo.auth.principal.header.name";
038    private static final String FCREPO_AUTH_PRINCIPAL_HEADER_SEPARATOR = "fcrepo.auth.principal.header.separator";
039    public static final String FCREPO_AUTH_PRINCIPAL_ROLES_ENABLED = "fcrepo.auth.principal.roles.enabled";
040    private static final String FCREPO_AUTH_PRINCIPAL_ROLES_LIST = "fcrepo.auth.principal.roles.list";
041    public static final String FCREPO_AUTH_PRINCIPAL_DELEGATE_ENABLED = "fcrepo.auth.principal.delegate.enabled";
042    private static final String FCREPO_GROUP_AGENT_BASE_URI = "fcrepo.auth.webac.groupAgent.baseUri";
043    private static final String FCREPO_USER_AGENT_BASE_URI = "fcrepo.auth.webac.userAgent.baseUri";
044    private static final String FCREPO_ROOT_AUTH_ACL = "fcrepo.auth.webac.authorization";
045
046    @Value("${" + FCREPO_ROOT_AUTH_ACL + ":#{null}}")
047    private Path rootAuthAclPath;
048
049    @Value("${" + FCREPO_USER_AGENT_BASE_URI + ":#{null}}")
050    private String userAgentBaseUri;
051    @Value("${" + FCREPO_GROUP_AGENT_BASE_URI + ":#{null}}")
052    private String groupAgentBaseUri;
053
054    @Value("${" + FCREPO_AUTH_PRINCIPAL_DELEGATE_ENABLED + ":true}")
055    private boolean authPrincipalDelegateEnabled;
056
057    @Value("${" + FCREPO_AUTH_PRINCIPAL_HEADER_ENABLED + ":false}")
058    private boolean authPrincipalHeaderEnabled;
059    @Value("${" + FCREPO_AUTH_PRINCIPAL_HEADER_NAME + ":some-header}")
060    private String authPrincipalHeaderName;
061    @Value("${" + FCREPO_AUTH_PRINCIPAL_HEADER_SEPARATOR + ":,}")
062    private String authPrincipalHeaderSeparator;
063
064    @Value("${" + FCREPO_AUTH_PRINCIPAL_ROLES_ENABLED + ":false}")
065    private boolean authPrincipalRolesEnabled;
066    @Value("#{'${" + FCREPO_AUTH_PRINCIPAL_ROLES_LIST + ":tomcat-role-1,tomcat-role-2}'.split(',')}")
067    private List<String> authPrincipalRolesList;
068
069    /**
070     * @return the path to the root auth acl to use instead of the default
071     */
072    public Path getRootAuthAclPath() {
073        return rootAuthAclPath;
074    }
075
076    /**
077     * @param rootAuthAclPath path to custom root auth acl
078     */
079    public void setRootAuthAclPath(final Path rootAuthAclPath) {
080        this.rootAuthAclPath = rootAuthAclPath;
081    }
082
083    /**
084     * @return the user agent base uri, if specified
085     */
086    public String getUserAgentBaseUri() {
087        return userAgentBaseUri;
088    }
089
090    /**
091     * @return the user agent base uri, if specified
092     */
093    public String getGroupAgentBaseUri() {
094        return groupAgentBaseUri;
095    }
096
097    /**
098     * @return the header name for the auth principal header provider
099     */
100    public String getAuthPrincipalHeaderName() {
101        return authPrincipalHeaderName;
102    }
103
104    /**
105     * @return the separator for the auth principal header provider
106     */
107    public String getAuthPrincipalHeaderSeparator() {
108        return authPrincipalHeaderSeparator;
109    }
110
111    /**
112     * @return the list of auth roles
113     */
114    public List<String> getAuthPrincipalRolesList() {
115        return authPrincipalRolesList;
116    }
117
118    /**
119     * @return header principal provider enabled
120     */
121    public boolean isAuthPrincipalHeaderEnabled() {
122        return authPrincipalHeaderEnabled;
123    }
124
125    /**
126     * @return roles principal provider enabled
127     */
128    public boolean isAuthPrincipalRolesEnabled() {
129        return authPrincipalRolesEnabled;
130    }
131
132    /**
133     * @return delegate principal provider enabled
134     */
135    public boolean isAuthPrincipalDelegateEnabled() {
136        return authPrincipalDelegateEnabled;
137    }
138
139}