wip: use custom configuration option

uc-cdis · Sep 18, 2023 · 81aab0e · 81aab0e
1 parent 6efd62a
commit 81aab0e
Show file tree

Hide file tree

Showing 4 changed files with 16 additions and 2 deletions.
diff --git a/pom.xml b/pom.xml
@@ -82,6 +82,7 @@
     <spring.batch.repository.isolationLevelForCreate>ISOLATION_READ_COMMITTED</spring.batch.repository.isolationLevelForCreate>
     <spring.profiles.active>default</spring.profiles.active>
 
+    <security.ohdsi.custom.authorization.mode>teamproject</security.ohdsi.custom.authorization.mode>
     <security.provider>DisabledSecurity</security.provider>
     <security.token.expiration>43200</security.token.expiration>
     <security.origin>http://localhost</security.origin>
@@ -226,7 +227,7 @@
     <spring.jpa.properties.hibernate.generate_statistics>false</spring.jpa.properties.hibernate.generate_statistics>
     <spring.jpa.properties.hibernate.jdbc.batch_size>200</spring.jpa.properties.hibernate.jdbc.batch_size>
     <spring.jpa.properties.hibernate.order_inserts>true</spring.jpa.properties.hibernate.order_inserts>
-    <logging.level.root>debug</logging.level.root>
+    <logging.level.root>info</logging.level.root>
     <logging.level.org.ohdsi>debug</logging.level.org.ohdsi>
     <logging.level.org.springframework.orm>info</logging.level.org.springframework.orm>
     <logging.level.org.springframework.jdbc>info</logging.level.org.springframework.jdbc>

diff --git a/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java b/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
@@ -36,6 +36,7 @@
 import org.pac4j.core.profile.CommonProfile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
 
 /**
  *
@@ -49,6 +50,9 @@ public class UpdateAccessTokenFilter extends AdviceFilter {
   private final Set<String> defaultRoles;
   private final String onFailRedirectUrl;
 
+  @Value("${security.ohdsi.custom.authorization.mode}")
+  private String authorizationMode;
+
   public UpdateAccessTokenFilter(
           PermissionManager authorizer,
           Set<String> defaultRoles,
@@ -133,7 +137,7 @@ protected boolean preHandle(ServletRequest request, ServletResponse response) th
       }
       try {
         // TODO - remove all teamProject roles at start of login (find this place...OR add a new "remove teamproject" filter)...
-
+        logger.debug("AUTHORIZATION_MODE === '{}'", authorizationMode); // IF THIS works: then resetRoles is true just based on this and we're done...as this part of the code always executes...
         boolean resetRoles = false;
         // check if teamProject is part of the request:
         String teamProjectRole = extractTeamProjectFromRequestParameters(request);

diff --git a/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java b/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java
@@ -253,6 +253,9 @@ public class AtlasRegularSecurity extends AtlasSecurity {
     @Value("${security.auth.google.enabled}")
     private boolean googleAuthEnabled;
 
+    @Value("${security.ohdsi.custom.authorization.mode}")
+    private String authorizationMode;
+
     private RestTemplate restTemplate = new RestTemplate();
 
     @Autowired
@@ -261,6 +264,9 @@ public class AtlasRegularSecurity extends AtlasSecurity {
     public AtlasRegularSecurity(EntityPermissionSchemaResolver permissionSchemaResolver) {
 
         super(permissionSchemaResolver);
+        logger.debug("AtlasRegSec AUTHORIZATION_MODE === '{}'", this.authorizationMode);
+        logger.debug("AtlasRegSec redirectUrl === '{}'", this.redirectUrl);
+
     }
 
     @Override

diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
@@ -199,6 +199,9 @@ security.auth.ldap.enabled=${security.auth.ldap.enabled}
 security.auth.ad.enabled=${security.auth.ad.enabled}
 security.auth.cas.enabled=${security.auth.cas.enabled}
 
+#Authorization config
+security.ohdsi.custom.authorization.mode=${security.ohdsi.custom.authorization.mode}
+
 #Execution engine
 executionengine.updateStatusCallback=${executionengine.updateStatusCallback}
 executionengine.resultCallback=${executionengine.resultCallback}