[#3283] Remove featureflag package #3389
Conversation
We want to keep 2 authentication methods for now. ODIC based (Auth0) in Production, and GAE accounts for local development
|
Is this a subset of the work to remove the feature flag? |
|
We're not going to remove the 2 auth methods, so I removed the misleading |
|
Can you also switch to make the auth0 the default method. Right now it is the alternative entry point? |
There was a problem hiding this comment.
We should clean up the "showAltAuthButton" and related functionality. There is no need to keep the feature flag that allows both auth methods to work at the same time.
We still want to chose which auth method to use at start up time (for dev vs prod).
Removing this feature will simplify the code as there is no "default" vs "alt" method, but just one and only one auth method.
The org.akvo.flow.rest.security.featureflag.EntryPoint class probably can be deleted.
- Use GAE accounts in development and OIDC (Auth0) in production
|
I've tested the changes. In development we use GAE accounts, and OIDC in production. - Right now this branch is deployed in |
| } | ||
|
|
||
| @Override | ||
| public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { | ||
| if ("auth0".equals(defaultAuthProvider)) { | ||
| alternativeEntryPoint.commence(request, response, authException); | ||
| if (SystemProperty.environment.value() == SystemProperty.Environment.Value.Production) { |
There was a problem hiding this comment.
Explicit configuration please, so that developers can chose which auth method to use locally.
GAE/war/WEB-INF/webapp-security.xml
Outdated
| <custom-filter position="PRE_AUTH_FILTER" ref="gaeFilter"/> | ||
| <csrf disabled="true" /> | ||
| </http> | ||
|
|
||
| <http use-expressions="true" entry-point-ref="defaultEntryPoint" authentication-manager-ref="authenticationManager" |
There was a problem hiding this comment.
Maybe we can remove the defaultEntryPoint and use Spring's PropertyPlaceholderBlaBlabla... to configure the bean to use here, using as default value the auth0 bean (https://stackoverflow.com/questions/2513484/is-there-a-way-to-specify-a-default-property-value-in-spring-xml).
AFAIK, there is not PropertyPlaceholderBlaBlabla... yet in the Spring config, so it should be added if we opt for this.
* Together with @dlebrero we managed to simplify the code and use `System.properties` (defined in `appengine-web.xml`) and override the default authentication entrypoint `oidc` with `gae`
We want to keep 2 authentication methods for now. ODIC based (Auth0)
in Production, and GAE accounts for local development