Authentication in the IDS Connector should be Configurable

[edgardmarx]

Is your feature request related to a problem? Please describe. Currently the Authorization Requests are mapped inside the class io.dataspaceconnector.config.ConfigurationAdapter. This approach overrides properties passed as parameters in the i.e. application.properties configuration file.

A typical case is when a user wants to handle Access rights through different user authentication system i.e. Keycloak. In this case, a general solution is to disable the authentication by adding the following parameters to the application.properties:

security.ignored=/**
spring.security.enabled=false
management.security.enabled=false
security.basic.enabled=false

However, this approach will not work, because the URL Authorization Requests mappings are hardcoded:

 http
                .sessionManagement()
                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                    .and()
                .authorizeRequests()
                .antMatchers("/", "/api/ids/data").anonymous()
                .antMatchers("/api/subscriptions/**").authenticated()
                .antMatchers("/api/**").hasRole("ADMIN")
                .antMatchers("/actuator/**").hasRole("ADMIN")
                .antMatchers("/database/**").hasRole("ADMIN")
                .anyRequest().authenticated()
                .and()
                .csrf().disable()
                .httpBasic()
                .authenticationEntryPoint(authenticationEntryPoint());
        http.headers().xssProtection();

Describe the solution you'd like Pass the configuration of Authorization Requests through applicaton.properties or configuration files.

This feature request was also posted in the DaspaceConnector: https://github.com/International-Data-Spaces-Association/DataspaceConnector/issues/627

[sebplorenz]

I'm closing this since the underlying issue https://github.com/International-Data-Spaces-Association/DataspaceConnector/issues/627 has been closed as well.