Add support for admin user group

acoburn · acoburn · commit 474bf4d9189f · 2018-05-25T17:36:43.000-04:00
diff --git a/components/app/README.md b/components/app/README.md
@@ -51,6 +51,7 @@ namespaces: /path/to/namespaces.json
 
 ```yaml
 auth:
+    adminUsers: []
     webac:
         enabled: true
     anon:
@@ -66,6 +67,7 @@ auth:
 
 | Name | Default | Description |
 | ---- | ------- | ----------- |
+| adminUsers | (none) | A list of webIDs that should be given admin access for the purpose of authorization |
 | webac / enabled | true | Whether WebAC authorization is enabled |
 | anon / enabled | false | Whether anonymous authentication is enabled |
 | jwt / enabled | true | Whether jwt authentication is enabled |
diff --git a/components/app/src/main/java/org/trellisldp/app/AbstractTrellisApplication.java b/components/app/src/main/java/org/trellisldp/app/AbstractTrellisApplication.java
@@ -117,8 +117,12 @@ public void run(final T config, final Environment environment) throws Exception
         getMultipartUploadService().ifPresent(uploader -> environment.jersey()
                 .register(new MultipartUploader(getResourceService(), uploader, config.getBaseUrl())));
 
+        // Authentication
+        final AgentAuthorizationFilter agentFilter = new AgentAuthorizationFilter(agentService);
+        agentFilter.setAdminUsers(config.getAuth().getAdminUsers());
+
         // Filters
-        environment.jersey().register(new AgentAuthorizationFilter(agentService));
+        environment.jersey().register(agentFilter);
         environment.jersey().register(new CacheControlFilter(config.getCache().getMaxAge(),
                     config.getCache().getMustRevalidate(), config.getCache().getNoCache()));
 
diff --git a/components/app/src/main/java/org/trellisldp/app/config/AuthConfiguration.java b/components/app/src/main/java/org/trellisldp/app/config/AuthConfiguration.java
@@ -15,6 +15,11 @@
 
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.validation.constraints.NotNull;
+
 /**
  * Configuration for authN/authZ.
  */
@@ -24,6 +29,27 @@ public class AuthConfiguration {
     private WebacConfiguration webac = new WebacConfiguration();
     private AnonAuthConfiguration anon = new AnonAuthConfiguration();
 
+    @NotNull
+    private List<String> adminUsers = new ArrayList<>();
+
+    /**
+     * Set the admin users.
+     * @param adminUsers the admin users
+     */
+    @JsonProperty
+    public void setAdminUsers(final List<String> adminUsers) {
+        this.adminUsers = adminUsers;
+    }
+
+    /**
+     * Get the admin users.
+     * @return the admin users
+     */
+    @JsonProperty
+    public List<String> getAdminUsers() {
+        return adminUsers;
+    }
+
     /**
      * Set the basic auth configuration.
      * @param basic the basic auth config
diff --git a/components/app/src/test/java/org/trellisldp/app/config/TrellisConfigurationTest.java b/components/app/src/test/java/org/trellisldp/app/config/TrellisConfigurationTest.java
@@ -49,6 +49,8 @@ public void testConfigurationGeneral1() throws Exception {
         assertTrue(config.getJsonld().getContextDomainWhitelist().isEmpty());
         assertTrue(config.getJsonld().getContextWhitelist().contains("http://example.org/context.json"));
         assertNull(config.getResources());
+        assertTrue(config.getAuth().getAdminUsers().contains("daiyu"));
+        assertTrue(config.getAuth().getAdminUsers().contains("baoyu"));
         assertEquals("http://hub.example.com/", config.getHubUrl());
         assertEquals((Integer) 2, config.getBinaryHierarchyLevels());
         assertEquals((Integer) 1, config.getBinaryHierarchyLength());
diff --git a/components/app/src/test/resources/config1.yml b/components/app/src/test/resources/config1.yml
@@ -20,6 +20,9 @@ hubUrl: http://hub.example.com/
 namespaces: /tmp/trellisData/namespaces.json
 
 auth:
+    adminUsers:
+        - baoyu
+        - daiyu
     webac:
         enabled: true
         cacheSize: 100
diff --git a/platform/linux/README.md b/platform/linux/README.md
@@ -120,6 +120,7 @@ namespaces: /path/to/namespaces.json
 
 ```yaml
 auth:
+    adminUsers: []
     webac:
         enabled: true
     anon:
@@ -135,6 +136,7 @@ auth:
 
 | Name | Default | Description |
 | ---- | ------- | ----------- |
+| adminUsers | (none) | A list of webIDs that should be given admin access for the purpose of authorization |
 | webac / enabled | true | Whether WebAC authorization is enabled |
 | anon / enabled | false | Whether anonymous authentication is enabled |
 | jwt / enabled | true | Whether jwt authentication is enabled |
diff --git a/platform/linux/src/dist/etc/config.yml b/platform/linux/src/dist/etc/config.yml
@@ -41,14 +41,15 @@ baseUrl:
 hubUrl:
 
 auth:
+    adminUsers: []
     webac:
         enabled: true
     anon:
         enabled: true
     jwt:
-        enabled: true
+        enabled: false
         base64Encoded: false
-        key: secret
+        key: changeme
     basic:
         enabled: true
         usersFile: /opt/trellis/etc/users.auth
