Profile for no authentication

Author: Grzegorz Siewruk

src/main/java/pl/orange/bst/mixer/NoAuthSecurityConfig.java

@@ -0,0 +1,35 @@
+package pl.orange.bst.mixer;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.authority.AuthorityUtils;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+
+import java.util.List;
+import java.util.stream.Collectors;
+import java.util.stream.Stream;
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(prePostEnabled = true)
+@Profile("noauth")
+public class NoAuthSecurityConfig extends WebSecurityConfigurerAdapter {
+
+
+	@Override
+	protected void configure(HttpSecurity http) throws Exception {
+		http.csrf().disable();
+		http
+        	.authorizeRequests()
+        	.antMatchers("/**").permitAll();
+	}
+}

…ain/java/pl/orange/bst/mixer/Config.java …/pl/orange/bst/mixer/SecurityConfig.javasrc/main/java/pl/orange/bst/mixer/Config.java renamed to src/main/java/pl/orange/bst/mixer/SecurityConfig.java src/main/java/pl/orange/bst/mixer/Config.java renamed to src/main/java/pl/orange/bst/mixer/SecurityConfig.java

@@ -8,6 +8,7 @@
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@@ -26,7 +27,8 @@
 @Configuration
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
-public class Config extends WebSecurityConfigurerAdapter {
+@Profile("!noauth")
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
 	@Value("${allowed.users}")
 	private String commonNames;

src/main/resources/application.properties

@@ -5,6 +5,6 @@ server.ssl.keyStoreType: PKCS12
 server.ssl.key-alias=mixer
 server.ssl.trust-store=etc/pki/trust.jks
 server.ssl.trust-store-password=changeit
-server.ssl.client-auth=need
+server.ssl.client-auth=want
 openvasmd.socket=/usr/local/var/run/openvasmd.sock
 allowed.users=localhost,127.0.0.1