package com.dbg.cloud.acheron.autoconfigure.admin;
import org.springframework.boot.autoconfigure.security.SecurityPrerequisite;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.web.ServerProperties;
import org.springframework.boot.context.embedded.Ssl;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.boot.context.properties.NestedConfigurationProperty;
import org.springframework.util.StringUtils;
import javax.servlet.http.HttpSession;
import javax.validation.constraints.NotNull;
import java.net.InetAddress;
import java.util.Arrays;
import java.util.List;
@ConfigurationProperties(prefix = "admin", ignoreUnknownFields = true)
public class AdminServerProperties implements SecurityPrerequisite {
/**
* Order applied to the WebSecurityConfigurerAdapter that is used to configure basic
* authentication for admin endpoints. If you want to add your own authentication
* for all or some of those endpoints the best thing to do is add your own
* WebSecurityConfigurerAdapter with lower order, for instance by using
* {@code ACCESS_OVERRIDE_ORDER}.
*/
public static final int BASIC_AUTH_ORDER = SecurityProperties.BASIC_AUTH_ORDER - 5;
/**
* Order before the basic authentication access control provided automatically for the
* admin endpoints. This is a useful place to put user-defined access rules if
* you want to override the default access rules for the admin endpoints. If you
* want to keep the default rules for admin endpoints but want to override the
* security for the rest of the application, use
* {@code SecurityProperties.ACCESS_OVERRIDE_ORDER} instead.
*/
public static final int ACCESS_OVERRIDE_ORDER = BASIC_AUTH_ORDER - 1;
/**
* Admin endpoint HTTP port. Use the same port as the application by default.
*/
private Integer port;
@NestedConfigurationProperty
private Ssl ssl;
/**
* Network address that the admin endpoints should bind to.
*/
private InetAddress address;
/**
* Admin endpoint context-path.
*/
@NotNull
private String contextPath = "";
/**
* Add the "X-Application-Context" HTTP header in each response.
*/
private boolean addApplicationContextHeader = true;
private final Security security = new Security();
/**
* Returns the admin port or {@code null} if the
* {@link ServerProperties#getPort() server port} should be used.
*
* @return the port
* @see #setPort(Integer)
*/
public Integer getPort() {
return this.port;
}
/**
* Sets the port of the admin server, use {@code null} if the
* {@link ServerProperties#getPort() server port} should be used. To disable use 0.
*
* @param port the port
*/
public void setPort(Integer port) {
this.port = port;
}
public Ssl getSsl() {
return this.ssl;
}
public void setSsl(Ssl ssl) {
this.ssl = ssl;
}
public InetAddress getAddress() {
return this.address;
}
public void setAddress(InetAddress address) {
this.address = address;
}
/**
* Return the context path with no trailing slash (i.e. the '/' root context is
* represented as the empty string).
*
* @return the context path (no trailing slash)
*/
public String getContextPath() {
return this.contextPath;
}
public void setContextPath(String contextPath) {
this.contextPath = cleanContextPath(contextPath);
}
private String cleanContextPath(String contextPath) {
if (StringUtils.hasText(contextPath) && contextPath.endsWith("/")) {
return contextPath.substring(0, contextPath.length() - 1);
}
return contextPath;
}
public Security getSecurity() {
return this.security;
}
public boolean getAddApplicationContextHeader() {
return this.addApplicationContextHeader;
}
public void setAddApplicationContextHeader(boolean addApplicationContextHeader) {
this.addApplicationContextHeader = addApplicationContextHeader;
}
/**
* Security configuration.
*/
public static class Security {
/**
* Enable security.
*/
private boolean enabled = true;
/**
* Comma-separated list of roles that can access the admin endpoint.
*/
private List<String> roles = Arrays.asList("ADMIN");
/**
* Session creating policy for security use (always, never, if_required,
* stateless).
*/
private SessionCreationPolicy sessions = SessionCreationPolicy.STATELESS;
public SessionCreationPolicy getSessions() {
return this.sessions;
}
public void setSessions(SessionCreationPolicy sessions) {
this.sessions = sessions;
}
public void setRoles(List<String> roles) {
this.roles = roles;
}
@Deprecated
public void setRole(String role) {
this.roles = Arrays.asList(role);
}
public List<String> getRoles() {
return this.roles;
}
public boolean isEnabled() {
return this.enabled;
}
public void setEnabled(boolean enabled) {
this.enabled = enabled;
}
}
public enum SessionCreationPolicy {
/**
* Always create an {@link HttpSession}.
*/
ALWAYS,
/**
* Never create an {@link HttpSession}, but use any {@link HttpSession} that
* already exists.
*/
NEVER,
/**
* Only create an {@link HttpSession} if required.
*/
IF_REQUIRED,
/**
* Never create an {@link HttpSession}.
*/
STATELESS
}
}