Provide an authentication enabled option

2019-03-28 22:52:54 +08:00 · 2019-03-28 22:52:54 +08:00 · 35a2ddf546
parent 0add4107ef
commit 35a2ddf546
4 changed files with 25 additions and 0 deletions
--- a/src/main/java/cc/ryanc/halo/config/HaloConfiguration.java
+++ b/src/main/java/cc/ryanc/halo/config/HaloConfiguration.java
@ -82,6 +82,9 @@ public class HaloConfiguration {
                                                                                       ObjectMapper objectMapper,
                                                                                       StringCacheStore cacheStore) {
        AdminAuthenticationFilter adminFilter = new AdminAuthenticationFilter(cacheStore, "/admin/api/login");
+        // Set auth enabled
+        adminFilter.setAuthEnabled(haloProperties.getAuthEnabled());
+
        // Set failure handler
        adminFilter.setFailureHandler(new AdminAuthenticationFailureHandler(haloProperties.getProductionEnv(), objectMapper));

--- a/src/main/java/cc/ryanc/halo/config/properties/HaloProperties.java
+++ b/src/main/java/cc/ryanc/halo/config/properties/HaloProperties.java
@ -24,6 +24,11 @@ public class HaloProperties {
     */
    private Boolean productionEnv = true;

+    /**
+     * Authentication enabled
+     */
+    private Boolean authEnabled = true;
+
    /**
     * Work directory.
     */
--- a/src/main/java/cc/ryanc/halo/security/filter/AdminAuthenticationFilter.java
+++ b/src/main/java/cc/ryanc/halo/security/filter/AdminAuthenticationFilter.java
@ -50,6 +50,11 @@ public class AdminAuthenticationFilter extends OncePerRequestFilter {

    private AuthenticationFailureHandler failureHandler;

+    /**
+     * Authentication enabled.
+     */
+    private boolean authEnabled = true;
+
    private final StringCacheStore cacheStore;

    private final Collection<String> excludeUrlPatterns;
@ -64,6 +69,13 @@ public class AdminAuthenticationFilter extends OncePerRequestFilter {

    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+
+        if (!authEnabled) {
+            // If authentication disabled
+            filterChain.doFilter(request, response);
+            return;
+        }
+
        // Get token from request
        String token = getTokenFromRequest(request);

@ -112,6 +124,10 @@ public class AdminAuthenticationFilter extends OncePerRequestFilter {
        this.failureHandler = failureHandler;
    }

+    public void setAuthEnabled(boolean authEnabled) {
+        this.authEnabled = authEnabled;
+    }
+
    /**
     * Gets token from request.
     *
--- a/src/main/resources/application-dev.yaml
+++ b/src/main/resources/application-dev.yaml
@ -54,3 +54,4 @@ logging:
 halo:
  doc-disabled: false
  production-env: false
+  auth-enabled: false