All Downloads are FREE. Search and download functionalities are using the official Maven repository.

io.trino.server.security.SecurityConfig Maven / Gradle / Ivy

There is a newer version: 465
Show newest version
/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.trino.server.security;

import com.google.common.base.Splitter;
import com.google.common.collect.ImmutableList;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.DefunctConfig;
import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull;

import java.util.List;
import java.util.Optional;

@DefunctConfig({
        "http.server.authentication.enabled",
        "http-server.authentication.allow-forwarded-https",
        "dispatcher.forwarded-header"})
public class SecurityConfig
{
    private static final Splitter SPLITTER = Splitter.on(',').trimResults().omitEmptyStrings();

    private boolean insecureAuthenticationOverHttpAllowed = true;
    private List authenticationTypes = ImmutableList.of("insecure");
    private Optional fixedManagementUser = Optional.empty();
    private boolean fixedManagementUserForHttps;

    public boolean isInsecureAuthenticationOverHttpAllowed()
    {
        return insecureAuthenticationOverHttpAllowed;
    }

    @Config("http-server.authentication.allow-insecure-over-http")
    @ConfigDescription("Insecure authentication over HTTP (non-secure) enabled")
    public SecurityConfig setInsecureAuthenticationOverHttpAllowed(boolean insecureAuthenticationOverHttpAllowed)
    {
        this.insecureAuthenticationOverHttpAllowed = insecureAuthenticationOverHttpAllowed;
        return this;
    }

    @NotNull
    @NotEmpty(message = "http-server.authentication.type cannot be empty")
    public List getAuthenticationTypes()
    {
        return authenticationTypes;
    }

    public SecurityConfig setAuthenticationTypes(List authenticationTypes)
    {
        this.authenticationTypes = ImmutableList.copyOf(authenticationTypes);
        return this;
    }

    @Config("http-server.authentication.type")
    @ConfigDescription("Ordered list of authentication types")
    public SecurityConfig setAuthenticationTypes(String types)
    {
        authenticationTypes = Optional.ofNullable(types).map(SPLITTER::splitToList).orElse(null);
        return this;
    }

    public Optional getFixedManagementUser()
    {
        return fixedManagementUser;
    }

    @Config("management.user")
    @ConfigDescription("Optional fixed user for all requests to management endpoints")
    public SecurityConfig setFixedManagementUser(String fixedManagementUser)
    {
        this.fixedManagementUser = Optional.ofNullable(fixedManagementUser);
        return this;
    }

    public boolean isFixedManagementUserForHttps()
    {
        return fixedManagementUserForHttps;
    }

    @Config("management.user.https-enabled")
    @ConfigDescription("Use fixed management user for secure HTTPS requests")
    public SecurityConfig setFixedManagementUserForHttps(boolean fixedManagementUserForHttps)
    {
        this.fixedManagementUserForHttps = fixedManagementUserForHttps;
        return this;
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy