diff --git a/pom.xml b/pom.xml
index 845032b8ae..9b0e64a0c3 100644
--- a/pom.xml
+++ b/pom.xml
@@ -82,6 +82,7 @@
ISOLATION_READ_COMMITTED
default
+ teamproject
DisabledSecurity
43200
http://localhost
@@ -226,7 +227,7 @@
false
200
true
- debug
+ info
debug
info
info
diff --git a/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java b/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
index bc2c239d5a..48f4f6d38d 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/filters/UpdateAccessTokenFilter.java
@@ -36,6 +36,7 @@
import org.pac4j.core.profile.CommonProfile;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
/**
*
@@ -49,6 +50,9 @@ public class UpdateAccessTokenFilter extends AdviceFilter {
private final Set defaultRoles;
private final String onFailRedirectUrl;
+ @Value("${security.ohdsi.custom.authorization.mode}")
+ private String authorizationMode;
+
public UpdateAccessTokenFilter(
PermissionManager authorizer,
Set defaultRoles,
@@ -133,7 +137,7 @@ protected boolean preHandle(ServletRequest request, ServletResponse response) th
}
try {
// TODO - remove all teamProject roles at start of login (find this place...OR add a new "remove teamproject" filter)...
-
+ logger.debug("AUTHORIZATION_MODE === '{}'", authorizationMode); // IF THIS works: then resetRoles is true just based on this and we're done...as this part of the code always executes...
boolean resetRoles = false;
// check if teamProject is part of the request:
String teamProjectRole = extractTeamProjectFromRequestParameters(request);
diff --git a/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java b/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java
index 4fb4e65286..41e0dbe459 100644
--- a/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java
+++ b/src/main/java/org/ohdsi/webapi/shiro/management/AtlasRegularSecurity.java
@@ -253,6 +253,9 @@ public class AtlasRegularSecurity extends AtlasSecurity {
@Value("${security.auth.google.enabled}")
private boolean googleAuthEnabled;
+ @Value("${security.ohdsi.custom.authorization.mode}")
+ private String authorizationMode;
+
private RestTemplate restTemplate = new RestTemplate();
@Autowired
@@ -261,6 +264,9 @@ public class AtlasRegularSecurity extends AtlasSecurity {
public AtlasRegularSecurity(EntityPermissionSchemaResolver permissionSchemaResolver) {
super(permissionSchemaResolver);
+ logger.debug("AtlasRegSec AUTHORIZATION_MODE === '{}'", this.authorizationMode);
+ logger.debug("AtlasRegSec redirectUrl === '{}'", this.redirectUrl);
+
}
@Override
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 8143a3b9f9..cc696ba8bc 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -199,6 +199,9 @@ security.auth.ldap.enabled=${security.auth.ldap.enabled}
security.auth.ad.enabled=${security.auth.ad.enabled}
security.auth.cas.enabled=${security.auth.cas.enabled}
+#Authorization config
+security.ohdsi.custom.authorization.mode=${security.ohdsi.custom.authorization.mode}
+
#Execution engine
executionengine.updateStatusCallback=${executionengine.updateStatusCallback}
executionengine.resultCallback=${executionengine.resultCallback}