datahub/datahub-frontend/app/auth/Authenticator.java

package auth;

import com.typesafe.config.Config;
import javax.inject.Inject;
import play.mvc.Http;
import play.mvc.Result;
import play.mvc.Security;

import javax.annotation.Nonnull;
import javax.annotation.Nullable;

import static auth.AuthUtils.*;


/**
 * Implementation of base Play Authentication used to determine if a request to a route should be
 * authenticated.
 */
public class Authenticator extends Security.Authenticator {

    private final boolean metadataServiceAuthEnabled;

    @Inject
    public Authenticator(@Nonnull Config config) {
        this.metadataServiceAuthEnabled = config.hasPath(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH) && config.getBoolean(METADATA_SERVICE_AUTH_ENABLED_CONFIG_PATH);
    }

    @Override
    public String getUsername(@Nonnull Http.Context ctx) {
        if (this.metadataServiceAuthEnabled) {
            // If Metadata Service auth is enabled, we only want to verify presence of the
            // "Authorization" header OR the presence of a frontend generated session cookie.
            // At this time, the actor is still considered to be unauthenicated.
            return AuthUtils.isEligibleForForwarding(ctx) ? "urn:li:corpuser:UNKNOWN" : null;
        } else {
            // If Metadata Service auth is not enabled, verify the presence of a valid session cookie.
            return AuthUtils.hasValidSessionCookie(ctx) ? ctx.session().get(ACTOR) : null;
        }
    }

    @Override
    @Nonnull
    public Result onUnauthorized(@Nullable Http.Context ctx) {
        return unauthorized();
    }
}