# HG changeset patch
# User Andre Heinecke <andre.heinecke@intevation.de>
# Date 1426256405 -3600
# Node ID 81cdf448d2cfb1e8c2745c998f392bf0c82edd32
# Parent  2b7c7f3e51b716fb6ca2f38db62858cff9a607ba
Add option to completely disable the openIDFilter

diff -r 2b7c7f3e51b7 -r 81cdf448d2cf src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 14:26:52 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 15:20:05 2015 +0100
@@ -66,6 +66,8 @@
     private static final int SESSION_TIMEOUT_DEFAULT_MINUTES = 60;
     private int sessionTimeout;
 
+    private boolean enabled;
+
     private static Logger logger = Logger.getLogger(OpenIDFilter.class);
 
     /** Nonce verifier to allow a session based on openid information.
@@ -246,6 +248,8 @@
         oidHeader = properties.getProperty("oidHeader", OID_HEADER_DEFAULT);
         providerUrl = properties.getProperty("identity_provider",
                 IDENTITY_PROVIDER_DEFAULT);
+        enabled = !properties.getProperty("enabled",
+                "true").toLowerCase().equals("false");
 
         manager = new ConsumerManager();
         /* We probably want to implement our own association store to keep
@@ -260,6 +264,13 @@
     public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
     throws IOException, ServletException
     {
+        if (!enabled) {
+            /* If we are not enabled we pass everything through */
+            logger.debug("OpenID filter disabled. Passing through.");
+            chain.doFilter(req, resp);
+            return;
+        }
+
         HttpServletRequest hReq = (HttpServletRequest) req;
         HttpServletResponse hResp = (HttpServletResponse) resp;
         if (!discoveryDone) {
diff -r 2b7c7f3e51b7 -r 81cdf448d2cf src/main/resources/openid.properties
--- a/src/main/resources/openid.properties	Fri Mar 13 14:26:52 2015 +0100
+++ b/src/main/resources/openid.properties	Fri Mar 13 15:20:05 2015 +0100
@@ -7,3 +7,8 @@
 
 # Session timeout in minutes
 session_timeout_minutes=60
+
+# Set this to false to disable the openID filter altogether
+# doing this will disable authentication and authorization
+# completely. Use this only for testing!
+enabled=true