Making save&restore authorization/authentication optional

app/credentials-management/src/main/java/org/phoebus/applications/credentialsmanagement/CredentialsManagementApp.java

@@ -60,7 +60,8 @@ public String getDisplayName() {
     @Override
     public AppInstance create() {
         List<ServiceAuthenticationProvider> authenticationProviders =
-                ServiceLoader.load(ServiceAuthenticationProvider.class).stream().map(Provider::get).collect(Collectors.toList());
+                ServiceLoader.load(ServiceAuthenticationProvider.class).stream().map(Provider::get)
+                        .filter(ServiceAuthenticationProvider::isActive).collect(Collectors.toList());
         try {
             SecureStore secureStore = new SecureStore();
             new CredentialsManagementStage(authenticationProviders, secureStore).show();

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/Preferences.java

@@ -31,6 +31,9 @@ public class Preferences {
     @Preference
     public static String default_snapshot_name_date_format;
 
+    @Preference
+    public static boolean authentication_enabled;
+
     static
     {
         AnnotatedPreferences.initialize(Preferences.class, "/save_and_restore_preferences.properties");

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/authentication/SaveAndRestoreAuthenticationProvider.java

@@ -19,6 +19,7 @@
 
 package org.phoebus.applications.saveandrestore.authentication;
 
+import org.phoebus.applications.saveandrestore.Preferences;
 import org.phoebus.applications.saveandrestore.ui.SaveAndRestoreService;
 import org.phoebus.security.authorization.ServiceAuthenticationProvider;
 import org.phoebus.security.tokens.AuthenticationScope;
@@ -52,4 +53,9 @@ public void logout(String token) {
     public AuthenticationScope getAuthenticationScope(){
         return AuthenticationScope.SAVE_AND_RESTORE;
     }
+
+    @Override
+    public boolean isActive(){
+        return Preferences.authentication_enabled;
+    }
 }

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/client/SaveAndRestoreJerseyClient.java

@@ -102,8 +102,10 @@ private Client getClient() {
                 String password = scopedAuthenticationToken.getPassword();
                 httpBasicAuthFilter = new HTTPBasicAuthFilter(username, password);
                 client.addFilter(httpBasicAuthFilter);
-            } else if (httpBasicAuthFilter != null) {
-                client.removeFilter(httpBasicAuthFilter);
+            } else {//if (httpBasicAuthFilter != null) {
+                //client.removeFilter(httpBasicAuthFilter);
+                httpBasicAuthFilter = new HTTPBasicAuthFilter(System.getProperty("user.name"), "password");
+                client.addFilter(httpBasicAuthFilter);
             }
         } catch (Exception e) {
             logger.log(Level.WARNING, "Unable to retrieve credentials from secure store", e);

app/save-and-restore/app/src/main/java/org/phoebus/applications/saveandrestore/ui/ContextMenuBase.java

@@ -76,7 +76,7 @@ public ContextMenuBase(SaveAndRestoreController saveAndRestoreController) {
         deleteNodesMenuItem = new MenuItem(Messages.contextMenuDelete, new ImageView(ImageRepository.DELETE));
         deleteNodesMenuItem.setOnAction(ae -> saveAndRestoreController.deleteNodes());
         deleteNodesMenuItem.disableProperty().bind(Bindings.createBooleanBinding(() ->
-                        userIsAuthenticatedProperty.not().get() ||
+                        //userIsAuthenticatedProperty.not().get() ||
                                 hasSameParentProperty.not().get(),
                 userIsAuthenticatedProperty, hasSameParentProperty));
 

app/save-and-restore/app/src/main/resources/save_and_restore_preferences.properties

@@ -24,4 +24,7 @@ jmasar.service.url=http://localhost:8080/save-restore
 httpClient.readTimeout=1000
 
 # Connect timeout in (ms) used by the Jersey client
-httpClient.connectTimeout=1000
+httpClient.connectTimeout=1000
+
+# Authentication/authorization enabled/disabled
+authentication_enabled=false

core/security/src/main/java/org/phoebus/security/authorization/ServiceAuthenticationProvider.java

@@ -35,7 +35,7 @@ public interface ServiceAuthenticationProvider {
 
     /**
      * Signs out user from the service.
-     * @param token User name or other type of token (e.g. session cookie).
+     * @param token Username or other type of token (e.g. session cookie).
      */
     void logout(String token);
 
@@ -46,9 +46,18 @@ public interface ServiceAuthenticationProvider {
      * {@link org.phoebus.security.store.SecureStore}. Such keys are stored in
      * <b>lower</b> case in the key store that backs {@link org.phoebus.security.store.SecureStore}, and
      * is a behavior defined by the encryption scheme implementation.
-     * Consequently an identity like "UPPER" will be persisted as "upper", i.e. case insensitivity
+     * Consequently, an identity like "UPPER" will be persisted as "upper", i.e. case insensitivity
      * must be considered when defining an identity.
      * @return Service name
      */
     AuthenticationScope getAuthenticationScope();
+
+    /**
+     * Indicates if a provider is active. Inactive providers suggest authentication is disabled or should
+     * not be accessible in the credentials management UI.
+     * @return <code>true</code> if the authentication provider is active, otherwise <code>false</code>.
+     */
+    default boolean isActive(){
+        return true;
+    }
 }

services/save-and-restore/pom.xml

@@ -105,7 +105,6 @@
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-logging</artifactId>
-			<version>${spring.boot.version}</version>
 			<exclusions>
 				<exclusion>
 					<groupId>org.apache.logging.log4j</groupId>

services/save-and-restore/src/main/java/org/phoebus/service/saveandrestore/web/config/AuthEnabledCondition.java

@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2023 European Spallation Source ERIC.
+ *
+ *  This program is free software; you can redistribute it and/or
+ *  modify it under the terms of the GNU General Public License
+ *  as published by the Free Software Foundation; either version 2
+ *  of the License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, write to the Free Software
+ *  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
+ *
+ */
+
+package org.phoebus.service.saveandrestore.web.config;
+
+import org.springframework.context.annotation.Condition;
+import org.springframework.context.annotation.ConditionContext;
+import org.springframework.core.type.AnnotatedTypeMetadata;
+
+/**
+ * {@link Condition} subclass used to determine if authentication/authorization is enabled through an
+ * application property setting.
+ */
+public class AuthEnabledCondition implements Condition {
+    /**
+     * @param context  the condition context
+     * @param metadata the metadata of the {@link org.springframework.core.type.AnnotationMetadata class}
+     *                 or {@link org.springframework.core.type.MethodMetadata method} being checked
+     * @return <code>true</code> if application property <code>auth.impl</code> is anything other than <code>none</code>.
+     */
+    @Override
+    public boolean matches(ConditionContext context, AnnotatedTypeMetadata metadata) {
+        return !"none".equalsIgnoreCase(context.getEnvironment().getProperty("auth.impl").trim());
+    }
+}