Package uk.ac.manchester.spinnaker.alloc

Class SpallocProperties.AuthProperties

java.lang.Object

uk.ac.manchester.spinnaker.alloc.SpallocProperties.AuthProperties

Enclosing class:

SpallocProperties

public static class SpallocProperties.AuthProperties
extends Object

Authentication and authorization configuration.

Constructor Summary

Constructors

Constructor	Description
AuthProperties(boolean basic, String realm, boolean localForm, boolean addDummyUser, boolean dummyRandomPass, String systemGroup, boolean debugFailures, int maxLoginFailures, Duration accountLockDuration, Duration unlockPeriod, SpallocProperties.OpenIDProperties openid)

Method Summary

Modifier and Type	Method	Description
@NotNull Duration	getAccountLockDuration()
@jakarta.validation.constraints.Positive int	getMaxLoginFailures()
@NotNull @Valid SpallocProperties.OpenIDProperties	getOpenid()	OpenID-related security properties.
@NotNull String	getRealm()	The authentication realm.
String	getSystemGroup()	The name of the system default group, that is internal and has no quota (initially).
@NotNull Duration	getUnlockPeriod()	How often do we look for users to end their lock-out?
boolean	isAddDummyUser()
boolean	isBasic()	Whether to enable HTTP BASIC authentication.
boolean	isDebugFailures()
boolean	isDummyRandomPass()	Whether to generate a random password for the default admin user.
boolean	isLocalForm()	Whether to enable HTTP form+session authentication.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

AuthProperties

@ConstructorBinding
public AuthProperties(@DefaultValue("true")
 boolean basic,
 @DefaultValue("SpallocService")
 String realm,
 @DefaultValue("true")
 boolean localForm,
 @DefaultValue("false")
 boolean addDummyUser,
 @DefaultValue("true")
 boolean dummyRandomPass,
 @DefaultValue("wheel")
 String systemGroup,
 @DefaultValue("false")
 boolean debugFailures,
 @DefaultValue("3")
 int maxLoginFailures,
 @DefaultValue("24h")
 Duration accountLockDuration,
 @DefaultValue("60s")
 Duration unlockPeriod,
 @DefaultValue
 SpallocProperties.OpenIDProperties openid)

Parameters:

basic - Whether to enable HTTP BASIC authentication. Useful for simple clients.

realm - The authentication realm. Must not contain quote characters!

localForm - Whether to enable HTTP form+session authentication. Much faster than BASIC, but requires a more complex client. You must enable this if you are supporting the Web UI.

addDummyUser - Force a known local admin user to exist with a known (by default) password.

dummyRandomPass - Whether to generate a random password for the above user. If so, the password will be written to the log.

systemGroup - The name of the system default group. Only made if the dummy user is made.

debugFailures - Provide extra information to callers on auth failures.

maxLoginFailures - Number of login failures before automatic lock-out.

accountLockDuration - Length of time that automatic lock-out lasts.

unlockPeriod - How often do we look for users to end their lock-out?

openid - OpenID-related security properties. Required for allowing people to use HBP/EBRAINS identities.

Method Details

isBasic

public boolean isBasic()

Whether to enable HTTP BASIC authentication. Useful for simple clients; not great with browsers.

Returns:

Whether to enable HTTP BASIC authentication.

getRealm

@NotNull
public @NotNull String getRealm()

The authentication realm. Must not contain quote characters!

Returns:

the realm.

isLocalForm

public boolean isLocalForm()

Whether to enable HTTP form+session authentication. Much faster than BASIC, but requires a more complex client. You must enable this if you are supporting the Web UI.

Returns:

Whether to enable HTTP form+session authentication.

isAddDummyUser

public boolean isAddDummyUser()

Returns:

Force a known local admin user to exist with a known password.

isDummyRandomPass

public boolean isDummyRandomPass()

Whether to generate a random password for the default admin user. If so, the password will be written to the log.

Returns:

Whether to generate a random password for the default admin user.

getSystemGroup

public String getSystemGroup()

The name of the system default group, that is internal and has no quota (initially). Only made if the dummy user is made.

Returns:

the name of the system group

isDebugFailures

public boolean isDebugFailures()

Returns:

Provide extra information to callers on auth failures.

getMaxLoginFailures

@Positive
public @jakarta.validation.constraints.Positive int getMaxLoginFailures()

Returns:

Number of login failures before automatic lock-out.

getAccountLockDuration

@NotNull
public @NotNull Duration getAccountLockDuration()

Returns:

Length of time that automatic lock-out lasts.

getUnlockPeriod

@NotNull
public @NotNull Duration getUnlockPeriod()

How often do we look for users to end their lock-out?

Returns:

How often do we look for users to end their lock-out?

getOpenid

@NotNull
@Valid
public @NotNull @Valid SpallocProperties.OpenIDProperties getOpenid()

OpenID-related security properties. Required for allowing people to use HBP/EBRAINS identities.

Returns:

OpenID-related security properties.