Source code

001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018
019package org.fcrepo.webapp;
020
021import java.io.IOException;
022
023import javax.servlet.Filter;
024import javax.servlet.FilterChain;
025import javax.servlet.ServletException;
026import javax.servlet.http.HttpServletRequest;
027import javax.servlet.http.HttpServletResponse;
028
029import org.fcrepo.config.AuthPropsConfig;
030import org.fcrepo.config.ConditionOnPropertyFalse;
031
032import org.slf4j.Logger;
033import org.slf4j.LoggerFactory;
034import org.springframework.context.annotation.Bean;
035import org.springframework.context.annotation.Conditional;
036import org.springframework.context.annotation.Configuration;
037import org.springframework.web.filter.OncePerRequestFilter;
038
039/**
040 * Spring auth config when authorization is disabled
041 *
042 * @author pwinckles
043 */
044@Configuration
045@Conditional(NoAuthConfig.AuthorizationDisabled.class)
046public class NoAuthConfig {
047
048    private static final Logger LOGGER = LoggerFactory.getLogger(NoAuthConfig.class);
049
050    static class AuthorizationDisabled extends ConditionOnPropertyFalse {
051        AuthorizationDisabled() {
052            super(AuthPropsConfig.FCREPO_AUTH_ENABLED, true);
053        }
054    }
055
056    /**
057     * This bean returns a no-op shiro filter when authorization is disabled.
058     *
059     * @return no-op shiro filter
060     */
061    @Bean
062    public Filter shiroFilter() {
063        LOGGER.info("Authorization is disabled");
064        return new OncePerRequestFilter() {
065            @Override
066            protected void doFilterInternal(final HttpServletRequest httpServletRequest,
067                                            final HttpServletResponse httpServletResponse,
068                                            final FilterChain filterChain) throws ServletException, IOException {
069                filterChain.doFilter(httpServletRequest, httpServletResponse);
070            }
071        };
072    }
073
074}