changeset 554:81cdf448d2cf openid

Add option to completely disable the openIDFilter
author Andre Heinecke <andre.heinecke@intevation.de>
date Fri, 13 Mar 2015 15:20:05 +0100
parents 2b7c7f3e51b7
children ac953bee7246
files src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java src/main/resources/openid.properties
diffstat 2 files changed, 16 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 14:26:52 2015 +0100
+++ b/src/main/java/de/intevation/lada/util/auth/OpenIDFilter.java	Fri Mar 13 15:20:05 2015 +0100
@@ -66,6 +66,8 @@
     private static final int SESSION_TIMEOUT_DEFAULT_MINUTES = 60;
     private int sessionTimeout;
 
+    private boolean enabled;
+
     private static Logger logger = Logger.getLogger(OpenIDFilter.class);
 
     /** Nonce verifier to allow a session based on openid information.
@@ -246,6 +248,8 @@
         oidHeader = properties.getProperty("oidHeader", OID_HEADER_DEFAULT);
         providerUrl = properties.getProperty("identity_provider",
                 IDENTITY_PROVIDER_DEFAULT);
+        enabled = !properties.getProperty("enabled",
+                "true").toLowerCase().equals("false");
 
         manager = new ConsumerManager();
         /* We probably want to implement our own association store to keep
@@ -260,6 +264,13 @@
     public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
     throws IOException, ServletException
     {
+        if (!enabled) {
+            /* If we are not enabled we pass everything through */
+            logger.debug("OpenID filter disabled. Passing through.");
+            chain.doFilter(req, resp);
+            return;
+        }
+
         HttpServletRequest hReq = (HttpServletRequest) req;
         HttpServletResponse hResp = (HttpServletResponse) resp;
         if (!discoveryDone) {
--- a/src/main/resources/openid.properties	Fri Mar 13 14:26:52 2015 +0100
+++ b/src/main/resources/openid.properties	Fri Mar 13 15:20:05 2015 +0100
@@ -7,3 +7,8 @@
 
 # Session timeout in minutes
 session_timeout_minutes=60
+
+# Set this to false to disable the openID filter altogether
+# doing this will disable authentication and authorization
+# completely. Use this only for testing!
+enabled=true
This site is hosted by Intevation GmbH (Datenschutzerklärung und Impressum | Privacy Policy and Imprint)