001/* 002 * Licensed to DuraSpace under one or more contributor license agreements. 003 * See the NOTICE file distributed with this work for additional information 004 * regarding copyright ownership. 005 * 006 * DuraSpace licenses this file to you under the Apache License, 007 * Version 2.0 (the "License"); you may not use this file except in 008 * compliance with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018 019package org.fcrepo.config; 020 021import java.nio.file.Path; 022import java.util.List; 023 024import org.springframework.beans.factory.annotation.Value; 025import org.springframework.context.annotation.Configuration; 026 027/** 028 * Auth related configuration properties 029 * 030 * @author pwinckles 031 */ 032@Configuration 033public class AuthPropsConfig extends BasePropsConfig { 034 035 public static final String FCREPO_AUTH_ENABLED = "fcrepo.auth.enabled"; 036 public static final String FCREPO_AUTH_PRINCIPAL_HEADER_ENABLED = "fcrepo.auth.principal.header.enabled"; 037 private static final String FCREPO_AUTH_PRINCIPAL_HEADER_NAME = "fcrepo.auth.principal.header.name"; 038 private static final String FCREPO_AUTH_PRINCIPAL_HEADER_SEPARATOR = "fcrepo.auth.principal.header.separator"; 039 public static final String FCREPO_AUTH_PRINCIPAL_ROLES_ENABLED = "fcrepo.auth.principal.roles.enabled"; 040 private static final String FCREPO_AUTH_PRINCIPAL_ROLES_LIST = "fcrepo.auth.principal.roles.list"; 041 public static final String FCREPO_AUTH_PRINCIPAL_DELEGATE_ENABLED = "fcrepo.auth.principal.delegate.enabled"; 042 private static final String FCREPO_GROUP_AGENT_BASE_URI = "fcrepo.auth.webac.groupAgent.baseUri"; 043 private static final String FCREPO_USER_AGENT_BASE_URI = "fcrepo.auth.webac.userAgent.baseUri"; 044 private static final String FCREPO_ROOT_AUTH_ACL = "fcrepo.auth.webac.authorization"; 045 046 @Value("${" + FCREPO_ROOT_AUTH_ACL + ":#{null}}") 047 private Path rootAuthAclPath; 048 049 @Value("${" + FCREPO_USER_AGENT_BASE_URI + ":#{null}}") 050 private String userAgentBaseUri; 051 @Value("${" + FCREPO_GROUP_AGENT_BASE_URI + ":#{null}}") 052 private String groupAgentBaseUri; 053 054 @Value("${" + FCREPO_AUTH_PRINCIPAL_DELEGATE_ENABLED + ":true}") 055 private boolean authPrincipalDelegateEnabled; 056 057 @Value("${" + FCREPO_AUTH_PRINCIPAL_HEADER_ENABLED + ":false}") 058 private boolean authPrincipalHeaderEnabled; 059 @Value("${" + FCREPO_AUTH_PRINCIPAL_HEADER_NAME + ":some-header}") 060 private String authPrincipalHeaderName; 061 @Value("${" + FCREPO_AUTH_PRINCIPAL_HEADER_SEPARATOR + ":,}") 062 private String authPrincipalHeaderSeparator; 063 064 @Value("${" + FCREPO_AUTH_PRINCIPAL_ROLES_ENABLED + ":false}") 065 private boolean authPrincipalRolesEnabled; 066 @Value("#{'${" + FCREPO_AUTH_PRINCIPAL_ROLES_LIST + ":tomcat-role-1,tomcat-role-2}'.split(',')}") 067 private List<String> authPrincipalRolesList; 068 069 /** 070 * @return the path to the root auth acl to use instead of the default 071 */ 072 public Path getRootAuthAclPath() { 073 return rootAuthAclPath; 074 } 075 076 /** 077 * @param rootAuthAclPath path to custom root auth acl 078 */ 079 public void setRootAuthAclPath(final Path rootAuthAclPath) { 080 this.rootAuthAclPath = rootAuthAclPath; 081 } 082 083 /** 084 * @return the user agent base uri, if specified 085 */ 086 public String getUserAgentBaseUri() { 087 return userAgentBaseUri; 088 } 089 090 /** 091 * @return the user agent base uri, if specified 092 */ 093 public String getGroupAgentBaseUri() { 094 return groupAgentBaseUri; 095 } 096 097 /** 098 * @return the header name for the auth principal header provider 099 */ 100 public String getAuthPrincipalHeaderName() { 101 return authPrincipalHeaderName; 102 } 103 104 /** 105 * @return the separator for the auth principal header provider 106 */ 107 public String getAuthPrincipalHeaderSeparator() { 108 return authPrincipalHeaderSeparator; 109 } 110 111 /** 112 * @return the list of auth roles 113 */ 114 public List<String> getAuthPrincipalRolesList() { 115 return authPrincipalRolesList; 116 } 117 118 /** 119 * @return header principal provider enabled 120 */ 121 public boolean isAuthPrincipalHeaderEnabled() { 122 return authPrincipalHeaderEnabled; 123 } 124 125 /** 126 * @return roles principal provider enabled 127 */ 128 public boolean isAuthPrincipalRolesEnabled() { 129 return authPrincipalRolesEnabled; 130 } 131 132 /** 133 * @return delegate principal provider enabled 134 */ 135 public boolean isAuthPrincipalDelegateEnabled() { 136 return authPrincipalDelegateEnabled; 137 } 138 139}