• Home
• io.trino
• trino-main
• 461
• source code
• SecurityConfig.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.trino.server.security.SecurityConfig Maven / Gradle / Ivy

/*
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package io.trino.server.security;

import com.google.common.collect.ImmutableList;
import io.airlift.configuration.Config;
import io.airlift.configuration.ConfigDescription;
import io.airlift.configuration.DefunctConfig;
import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull;

import java.util.List;
import java.util.Optional;

@DefunctConfig({
        "http.server.authentication.enabled",
        "http-server.authentication.allow-forwarded-https",
        "dispatcher.forwarded-header"})
public class SecurityConfig
{
    private boolean insecureAuthenticationOverHttpAllowed = true;
    private List authenticationTypes = ImmutableList.of("insecure");
    private Optional fixedManagementUser = Optional.empty();
    private boolean fixedManagementUserForHttps;

    public boolean isInsecureAuthenticationOverHttpAllowed()
    {
        return insecureAuthenticationOverHttpAllowed;
    }

    @Config("http-server.authentication.allow-insecure-over-http")
    @ConfigDescription("Insecure authentication over HTTP (non-secure) enabled")
    public SecurityConfig setInsecureAuthenticationOverHttpAllowed(boolean insecureAuthenticationOverHttpAllowed)
    {
        this.insecureAuthenticationOverHttpAllowed = insecureAuthenticationOverHttpAllowed;
        return this;
    }

    @NotNull
    @NotEmpty(message = "http-server.authentication.type cannot be empty")
    public List getAuthenticationTypes()
    {
        return authenticationTypes;
    }

    @Config("http-server.authentication.type")
    @ConfigDescription("Ordered list of authentication types")
    public SecurityConfig setAuthenticationTypes(List types)
    {
        authenticationTypes = ImmutableList.copyOf(types);
        return this;
    }

    public Optional getFixedManagementUser()
    {
        return fixedManagementUser;
    }

    @Config("management.user")
    @ConfigDescription("Optional fixed user for all requests to management endpoints")
    public SecurityConfig setFixedManagementUser(String fixedManagementUser)
    {
        this.fixedManagementUser = Optional.ofNullable(fixedManagementUser);
        return this;
    }

    public boolean isFixedManagementUserForHttps()
    {
        return fixedManagementUserForHttps;
    }

    @Config("management.user.https-enabled")
    @ConfigDescription("Use fixed management user for secure HTTPS requests")
    public SecurityConfig setFixedManagementUserForHttps(boolean fixedManagementUserForHttps)
    {
        this.fixedManagementUserForHttps = fixedManagementUserForHttps;
        return this;
    }
}