SSDM-13533: Disable SSO servlet by default

b4184b12 · juanf · 3fb8926f · b4184b12
Commit b4184b12 authored 2 years ago by juanf
--- a/server-application-server/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
+++ b/server-application-server/source/java/ch/ethz/sis/openbis/generic/server/SingleSignOnServlet.java
@@ -84,6 +84,8 @@ public class SingleSignOnServlet extends AbstractServlet

    public static final String DEFAULT_REDIRECT_URL = "webapp/eln-lims";

+    private static final String SINGLE_SIGN_ON_ENABLED_PROPERTY = "single-sign-on.enabled";
+
    private static final String SINGLE_SIGN_ON_REDIRECT_URL_TEMPLATE_PROPERTY = "single-sign-on.redirect-url-template";

    private static final String DEFAULT_SINGLE_SIGN_ON_REDIRECT_URL_TEMPLATE = "https://${host}/openbis/webapp/eln-lims";
@@ -103,9 +105,12 @@ public class SingleSignOnServlet extends AbstractServlet

    private Template template;

+    private boolean enabled;
+
    @Override
    protected void initServletContext(ServletContext servletContext)
    {
+        enabled = Boolean.parseBoolean(configurer.getResolvedProps().getProperty(SINGLE_SIGN_ON_ENABLED_PROPERTY, Boolean.toString(Boolean.FALSE)));
        template = new Template(configurer.getResolvedProps().getProperty(SINGLE_SIGN_ON_REDIRECT_URL_TEMPLATE_PROPERTY,
                DEFAULT_SINGLE_SIGN_ON_REDIRECT_URL_TEMPLATE));
        template.createFreshCopy().bind("host", ""); // Check that template contains '${host}'
@@ -116,6 +121,10 @@ public class SingleSignOnServlet extends AbstractServlet
    protected void respondToRequest(HttpServletRequest request, HttpServletResponse response) throws Exception, IOException
    {
        operationLog.info("handle sso event");
+        if (!enabled) {
+            response.setStatus(HttpServletResponse.SC_FORBIDDEN);
+            return;
+        }
        removeStaleSessions();
        String sessionId = getHeader(request, SESSION_ID_KEY, DEFAULT_SESSION_ID_KEY);
        synchronized (this)