Switched off Jwt header authentication by default

Removed log
2023-12-02 21:25:31 +08:00 · 2023-12-02 18:36:07 +08:00
2 changed files with 18 additions and 2 deletions
--- a/docs-web-common/src/main/java/com/sismics/util/filter/JwtBasedSecurityFilter.java
+++ b/docs-web-common/src/main/java/com/sismics/util/filter/JwtBasedSecurityFilter.java
@ -17,6 +17,7 @@ import jakarta.json.Json;
 import jakarta.json.JsonArray;
 import jakarta.json.JsonObject;
 import jakarta.json.JsonReader;
+import jakarta.servlet.FilterConfig;
 import jakarta.servlet.http.HttpServletRequest;
 import okhttp3.Request;
 import okhttp3.Response;
@ -47,9 +48,22 @@ public class JwtBasedSecurityFilter extends SecurityFilter {
     * Name of the header used to store the authentication token.
     */
    public static final String HEADER_NAME = "Authorization";
+    /**
+     * True if this authentication method is enabled.
+     */
+    private boolean enabled;
+
+    @Override
+    public void init(FilterConfig filterConfig) {
+        enabled = Boolean.parseBoolean(filterConfig.getInitParameter("enabled"))
+                || Boolean.parseBoolean(System.getProperty("docs.jwt_authentication"));
+    }

    @Override
    protected User authenticate(final HttpServletRequest request) {
+        if (!enabled) {
+            return null;
+        }
        log.info("Jwt authentication started");
        User user = null;
        String token = extractAuthToken(request).replace("Bearer ", "");
@ -125,9 +139,7 @@ public class JwtBasedSecurityFilter extends SecurityFilter {
                                .findFirst()
                                .map(k -> k.asJsonObject().getJsonArray("x5c").getString(0))
                                .orElse("");
-                        log.info("X5c is " + publicKey);
                        var decode = Base64.getDecoder().decode(publicKey);
-                        log.info("Decoded public key - " + publicKey);
                        var certificate = CertificateFactory.getInstance("X.509")
                                .generateCertificate(new ByteArrayInputStream(decode));
                        rsaPublicKey = (RSAPublicKey) certificate.getPublicKey();
--- a/docs-web/src/main/webapp/WEB-INF/web.xml
+++ b/docs-web/src/main/webapp/WEB-INF/web.xml
@ -48,6 +48,10 @@
    <filter-name>jwtBasedSecurityFilter</filter-name>
    <filter-class>com.sismics.util.filter.JwtBasedSecurityFilter</filter-class>
    <async-supported>true</async-supported>
+    <init-param>
+      <param-name>enabled</param-name>
+      <param-value>false</param-value>
+    </init-param>
  </filter>

  <filter>
Author	SHA1	Message	Date
Sukalpo Mitra	2087499202	Switched off Jwt header authentication by default	2023-12-02 21:25:31 +08:00
Sukalpo Mitra	10ff18597d	Removed log	2023-12-02 18:36:07 +08:00