Mercurial > hg > orthanc-authorization
comparison Plugin/Plugin.cpp @ 81:fac45493d547
more flexibility wrt configuration
author | Alain Mazy <am@osimis.io> |
---|---|
date | Thu, 16 Mar 2023 17:38:03 +0100 |
parents | 94a9484d7f8f |
children | 1c91a1cbbc35 |
comparison
equal
deleted
inserted
replaced
80:0ffad746a16b | 81:fac45493d547 |
---|---|
604 OrthancPlugins::MemoryCache::Factory factory(10000); | 604 OrthancPlugins::MemoryCache::Factory factory(10000); |
605 | 605 |
606 std::string dicomWebRoot = "/dicom-web/"; | 606 std::string dicomWebRoot = "/dicom-web/"; |
607 std::string oe2Root = "/ui/"; | 607 std::string oe2Root = "/ui/"; |
608 | 608 |
609 bool hasBasicAuthEnabled = orthancFullConfiguration.GetBooleanValue("AuthenticationEnabled", "true"); | |
610 | |
609 if (orthancFullConfiguration.IsSection("DicomWeb")) | 611 if (orthancFullConfiguration.IsSection("DicomWeb")) |
610 { | 612 { |
611 OrthancPlugins::OrthancConfiguration dicomWeb; | 613 OrthancPlugins::OrthancConfiguration dicomWeb; |
612 dicomWeb.GetSection(orthancFullConfiguration, "DicomWeb"); | 614 dicomWeb.GetSection(orthancFullConfiguration, "DicomWeb"); |
613 dicomWebRoot = dicomWeb.GetStringValue("Root", "/dicom-web/"); | 615 dicomWebRoot = dicomWeb.GetStringValue("Root", "/dicom-web/"); |
723 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation"; | 725 LOG(WARNING) << "Authorization plugin: no base url defined for Token Creation"; |
724 } | 726 } |
725 | 727 |
726 if (authorizationParser_.get() == NULL && permissionParser_.get() == NULL) | 728 if (authorizationParser_.get() == NULL && permissionParser_.get() == NULL) |
727 { | 729 { |
728 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: No Token Validation or User Profile url defined"); | 730 if (hasBasicAuthEnabled) |
731 { | |
732 LOG(WARNING) << "Authorization plugin: No Token Validation or User Profile url defined -> will only be able to generate tokens. All API routes are accessible to all registered users."; | |
733 } | |
734 else | |
735 { | |
736 LOG(WARNING) << "Authorization plugin: ----------- insecure setup ---------- No Token Validation or User Profile url defined -> will only be able to generate tokens. Authentication is not enabled -> anyone will have access to all API routes."; | |
737 } | |
729 } | 738 } |
730 | 739 |
731 std::set<std::string> standardConfigurations; | 740 std::set<std::string> standardConfigurations; |
732 if (pluginConfiguration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false)) | 741 if (pluginConfiguration.LookupSetOfStrings(standardConfigurations, "StandardConfigurations", false)) |
733 { | 742 { |
852 { | 861 { |
853 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true); | 862 OrthancPlugins::RegisterRestCallback<CreateToken>("/auth/tokens/(.*)", true); |
854 } | 863 } |
855 | 864 |
856 | 865 |
866 if (authorizationParser_.get() != NULL || permissionParser_.get() != NULL) | |
867 { | |
868 if (hasBasicAuthEnabled) | |
869 { | |
870 throw Orthanc::OrthancException(Orthanc::ErrorCode_BadFileFormat, "Authorization plugin: you are using the plugin to grant access to resources or handle user permissions. This is not compatible with \"AuthenticationEnabled\" = true"); | |
871 } | |
872 | |
873 LOG(WARNING) << "Authorization plugin: Registering Incoming HTTP Request Filter"; | |
874 | |
857 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1) | 875 #if ORTHANC_PLUGINS_VERSION_IS_ABOVE(1, 2, 1) |
858 OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests); | 876 OrthancPluginRegisterIncomingHttpRequestFilter2(context, FilterHttpRequests); |
859 #else | 877 #else |
860 OrthancPluginRegisterIncomingHttpRequestFilter(context, FilterHttpRequestsFallback); | 878 OrthancPluginRegisterIncomingHttpRequestFilter(context, FilterHttpRequestsFallback); |
861 #endif | 879 #endif |
880 } | |
881 | |
862 } | 882 } |
863 else | 883 else |
864 { | 884 { |
865 LOG(WARNING) << "No section \"" << PLUGIN_SECTION << "\" in the configuration file, " | 885 LOG(WARNING) << "No section \"" << PLUGIN_SECTION << "\" in the configuration file, " |
866 << "the authorization plugin is disabled"; | 886 << "the authorization plugin is disabled"; |