datahub/datahub-frontend/app/auth/Authenticator.java

package auth;

import static auth.AuthUtils.*;

import com.typesafe.config.Config;
import java.util.Optional;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import play.mvc.Http;
import play.mvc.Result;
import play.mvc.Security;

/**
 * Implementation of base Play Authentication used to determine if a request to a route should be
 * authenticated.
 */
public class Authenticator extends Security.Authenticator {

  private final boolean metadataServiceAuthEnabled;

  @Inject
  public Authenticator(@Nonnull Config config) {
    this.metadataServiceAuthEnabled =
        config.hasPath(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH)
            && config.getBoolean(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH);
  }

  @Override
  public Optional<String> getUsername(@Nonnull Http.Request req) {
    if (this.metadataServiceAuthEnabled) {
      // If Metadata Service auth is enabled, we only want to verify presence of the
      // "Authorization" header OR the presence of a frontend generated session cookie.
      // At this time, the actor is still considered to be unauthenicated.
      return Optional.ofNullable(
          AuthUtils.isEligibleForForwarding(req) ? "urn:li:corpuser:UNKNOWN" : null);
    } else {
      // If Metadata Service auth is not enabled, verify the presence of a valid session cookie.
      return Optional.ofNullable(
          AuthUtils.hasValidSessionCookie(req) ? req.session().data().get(ACTOR) : null);
    }
  }

  @Override
  @Nonnull
  public Result onUnauthorized(@Nullable Http.Request req) {
    return unauthorized();
  }
}
feat(graphql): migrating GraphQL API to metadata-service (nee GMS) (#3131) 2021-08-20 10:58:07 -07:00			`package auth;`
feat(react): SSO support simple OIDC authentication (#2190) Co-authored-by: John Joyce <john@acryl.io> 2021-03-11 13:38:35 -08:00
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`import static auth.AuthUtils.*;`

feat(auth): Metadata Service Authentication! (#3598) 2021-11-22 16:33:14 -08:00			`import com.typesafe.config.Config;`
chore(deps): play - upgrade for CVEs (#4891) 2022-05-10 18:15:53 -05:00			`import java.util.Optional;`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`import javax.annotation.Nonnull;`
			`import javax.annotation.Nullable;`
feat(auth): Metadata Service Authentication! (#3598) 2021-11-22 16:33:14 -08:00			`import javax.inject.Inject;`
feat(react): SSO support simple OIDC authentication (#2190) Co-authored-by: John Joyce <john@acryl.io> 2021-03-11 13:38:35 -08:00			`import play.mvc.Http;`
			`import play.mvc.Result;`
			`import play.mvc.Security;`

			`/**`
			`* Implementation of base Play Authentication used to determine if a request to a route should be`
			`* authenticated.`
			`*/`
			`public class Authenticator extends Security.Authenticator {`
feat(auth): Metadata Service Authentication! (#3598) 2021-11-22 16:33:14 -08:00
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`private final boolean metadataServiceAuthEnabled;`
feat(auth): Metadata Service Authentication! (#3598) 2021-11-22 16:33:14 -08:00
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`@Inject`
			`public Authenticator(@Nonnull Config config) {`
			`this.metadataServiceAuthEnabled =`
			`config.hasPath(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH)`
chore(deps): play - upgrade for CVEs (#4891) 2022-05-10 18:15:53 -05:00			`&& config.getBoolean(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH);`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`}`

			`@Override`
			`public Optional<String> getUsername(@Nonnull Http.Request req) {`
			`if (this.metadataServiceAuthEnabled) {`
			`// If Metadata Service auth is enabled, we only want to verify presence of the`
			`// "Authorization" header OR the presence of a frontend generated session cookie.`
			`// At this time, the actor is still considered to be unauthenicated.`
			`return Optional.ofNullable(`
			`AuthUtils.isEligibleForForwarding(req) ? "urn:li:corpuser:UNKNOWN" : null);`
			`} else {`
			`// If Metadata Service auth is not enabled, verify the presence of a valid session cookie.`
			`return Optional.ofNullable(`
			`AuthUtils.hasValidSessionCookie(req) ? req.session().data().get(ACTOR) : null);`
feat(auth): Metadata Service Authentication! (#3598) 2021-11-22 16:33:14 -08:00			`}`
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`}`
feat(auth): Metadata Service Authentication! (#3598) 2021-11-22 16:33:14 -08:00
feat(lint): add spotless for java lint (#9373) 2023-12-06 11:02:42 +05:30			`@Override`
			`@Nonnull`
			`public Result onUnauthorized(@Nullable Http.Request req) {`
			`return unauthorized();`
			`}`
feat(react): SSO support simple OIDC authentication (#2190) Co-authored-by: John Joyce <john@acryl.io> 2021-03-11 13:38:35 -08:00			`}`