diff --git a/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java b/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java index 7d8a95ed17..1b25e58ca1 100644 --- a/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java +++ b/src/main/java/org/zalando/nakadi/config/SecurityConfiguration.java @@ -210,7 +210,7 @@ private static Status fromStatusCode(final int code) throws UnknownStatusCodeExc public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Override public void configure(final WebSecurity web) throws Exception { - if (settings.getAuthMode() == SecuritySettings.AuthMode.OFF) { + if (settings.getAuthMode().isNoAuthentication()) { web.ignoring().anyRequest(); } } diff --git a/src/main/java/org/zalando/nakadi/config/SecuritySettings.java b/src/main/java/org/zalando/nakadi/config/SecuritySettings.java index cedffc8c3f..d039dd522c 100644 --- a/src/main/java/org/zalando/nakadi/config/SecuritySettings.java +++ b/src/main/java/org/zalando/nakadi/config/SecuritySettings.java @@ -11,9 +11,15 @@ public class SecuritySettings { public enum AuthMode { OFF, // no authentication at all + NONE, // same as OFF BASIC, // only checks that the token is valid (has "uid" scope) REALM, // checks that the token is valid and contains at least one required realm FULL // full authentication and authorization using oauth2 scopes + ; + + public boolean isNoAuthentication() { + return AuthMode.OFF == this || AuthMode.NONE == this; + } } private final String tokenInfoUrl; diff --git a/src/main/java/org/zalando/nakadi/security/ClientResolver.java b/src/main/java/org/zalando/nakadi/security/ClientResolver.java index 59d31a2583..c54c0a5795 100644 --- a/src/main/java/org/zalando/nakadi/security/ClientResolver.java +++ b/src/main/java/org/zalando/nakadi/security/ClientResolver.java @@ -19,8 +19,6 @@ import java.util.Map; import java.util.Optional; -import static org.zalando.nakadi.config.SecuritySettings.AuthMode.OFF; - @Component public class ClientResolver implements HandlerMethodArgumentResolver { @@ -44,7 +42,7 @@ public Client resolveArgument(final MethodParameter parameter, final WebDataBinderFactory binderFactory) throws Exception { final Optional clientId = Optional.ofNullable(request.getUserPrincipal()).map(Principal::getName); if (clientId.filter(settings.getAdminClientId()::equals).isPresent() - || settings.getAuthMode() == OFF) { + || settings.getAuthMode().isNoAuthentication()) { return new FullAccessClient(clientId.orElse(FULL_ACCESS_CLIENT_ID)); } diff --git a/src/test/java/org/zalando/nakadi/config/SecuritySettingsTest.java b/src/test/java/org/zalando/nakadi/config/SecuritySettingsTest.java new file mode 100644 index 0000000000..bca795fca2 --- /dev/null +++ b/src/test/java/org/zalando/nakadi/config/SecuritySettingsTest.java @@ -0,0 +1,28 @@ +package org.zalando.nakadi.config; + +import org.junit.Assert; +import org.junit.Test; + +import java.util.Arrays; +import java.util.LinkedList; +import java.util.List; + +public class SecuritySettingsTest { + + @Test + public void doesNotRequireAuthentication() { + Assert.assertTrue(SecuritySettings.AuthMode.NONE.isNoAuthentication()); + Assert.assertTrue(SecuritySettings.AuthMode.OFF.isNoAuthentication()); + } + + @Test + public void mustRequireAuthentication() { + final List authModesWithoutAuthentication = + new LinkedList<>(Arrays.asList(SecuritySettings.AuthMode.values())); + authModesWithoutAuthentication.remove(SecuritySettings.AuthMode.NONE); + authModesWithoutAuthentication.remove(SecuritySettings.AuthMode.OFF); + authModesWithoutAuthentication.forEach(authMode -> + Assert.assertFalse(authMode.isNoAuthentication())); + } + +} \ No newline at end of file