chibenwa commented on a change in pull request #788:
URL: https://github.com/apache/james-project/pull/788#discussion_r766283795
##########
File path:
server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
##########
@@ -75,15 +76,58 @@
private boolean compress;
private int maxLineLength;
private int inMemorySizeLimit;
- private boolean plainAuthDisallowed;
private int timeout;
private int literalSizeLimit;
+ private AuthenticationConfiguration authenticationConfiguration;
public static final int DEFAULT_MAX_LINE_LENGTH = 65536; // Use a big
default
public static final Size DEFAULT_IN_MEMORY_SIZE_LIMIT = Size.of(10L,
Size.Unit.M); // Use 10MB as default
public static final int DEFAULT_TIMEOUT = 30 * 60; // default timeout is
30 minutes
public static final int DEFAULT_LITERAL_SIZE_LIMIT = 0;
+ public static class AuthenticationConfiguration {
+ private static final boolean REQUIRE_SSL_DEFAULT = true;
+ private static final boolean PLAIN_AUTH_ENABLED_DEFAULT = true;
+
+ public static AuthenticationConfiguration
parse(HierarchicalConfiguration<ImmutableNode> configuration) {
+ return Optional.of(configuration.containsKey("auth"))
+ .filter(FunctionalUtils.identityPredicate())
+ .map(any -> configuration.configurationAt("auth"))
+ .map(authConfiguration -> parseAuth(configuration,
authConfiguration))
+ .orElseGet(() -> new
AuthenticationConfiguration(fallbackPlainAuthEnabled(configuration),
REQUIRE_SSL_DEFAULT));
+ }
+
+ private static AuthenticationConfiguration
parseAuth(HierarchicalConfiguration<ImmutableNode> configuration,
HierarchicalConfiguration<ImmutableNode> authConfiguration) {
+ boolean requireSSL =
Optional.ofNullable(authConfiguration.getBoolean("requireSSL", null))
+ .orElse(REQUIRE_SSL_DEFAULT);
+ boolean plainAuthEnabled =
Optional.ofNullable(authConfiguration.getBoolean("plainAuthEnabled", null))
+ .orElseGet(() -> fallbackPlainAuthEnabled(configuration));
+ return new AuthenticationConfiguration(plainAuthEnabled,
requireSSL);
+ }
+
+ private static boolean
fallbackPlainAuthEnabled(HierarchicalConfiguration<ImmutableNode>
configuration) {
+ return
Optional.ofNullable(configuration.getBoolean("plainAuthDisallowed", null))
+ .map(e -> !e)
Review comment:
e ?
##########
File path:
server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
##########
@@ -75,15 +76,58 @@
private boolean compress;
private int maxLineLength;
private int inMemorySizeLimit;
- private boolean plainAuthDisallowed;
private int timeout;
private int literalSizeLimit;
+ private AuthenticationConfiguration authenticationConfiguration;
public static final int DEFAULT_MAX_LINE_LENGTH = 65536; // Use a big
default
public static final Size DEFAULT_IN_MEMORY_SIZE_LIMIT = Size.of(10L,
Size.Unit.M); // Use 10MB as default
public static final int DEFAULT_TIMEOUT = 30 * 60; // default timeout is
30 minutes
public static final int DEFAULT_LITERAL_SIZE_LIMIT = 0;
+ public static class AuthenticationConfiguration {
+ private static final boolean REQUIRE_SSL_DEFAULT = true;
+ private static final boolean PLAIN_AUTH_ENABLED_DEFAULT = true;
+
+ public static AuthenticationConfiguration
parse(HierarchicalConfiguration<ImmutableNode> configuration) {
+ return Optional.of(configuration.containsKey("auth"))
+ .filter(FunctionalUtils.identityPredicate())
+ .map(any -> configuration.configurationAt("auth"))
+ .map(authConfiguration -> parseAuth(configuration,
authConfiguration))
+ .orElseGet(() -> new
AuthenticationConfiguration(fallbackPlainAuthEnabled(configuration),
REQUIRE_SSL_DEFAULT));
+ }
+
+ private static AuthenticationConfiguration
parseAuth(HierarchicalConfiguration<ImmutableNode> configuration,
HierarchicalConfiguration<ImmutableNode> authConfiguration) {
+ boolean requireSSL =
Optional.ofNullable(authConfiguration.getBoolean("requireSSL", null))
+ .orElse(REQUIRE_SSL_DEFAULT);
+ boolean plainAuthEnabled =
Optional.ofNullable(authConfiguration.getBoolean("plainAuthEnabled", null))
+ .orElseGet(() -> fallbackPlainAuthEnabled(configuration));
+ return new AuthenticationConfiguration(plainAuthEnabled,
requireSSL);
+ }
+
+ private static boolean
fallbackPlainAuthEnabled(HierarchicalConfiguration<ImmutableNode>
configuration) {
+ return
Optional.ofNullable(configuration.getBoolean("plainAuthDisallowed", null))
+ .map(e -> !e)
+ .orElse(PLAIN_AUTH_ENABLED_DEFAULT);
+ }
+
+ private final boolean plainAuthEnabled;
+ private final boolean requireSSL;
Review comment:
```suggestion
private final boolean requireSSL;
```
We should merge the two options as soon as possible IMO.
##########
File path:
server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
##########
@@ -75,15 +76,58 @@
private boolean compress;
private int maxLineLength;
private int inMemorySizeLimit;
- private boolean plainAuthDisallowed;
private int timeout;
private int literalSizeLimit;
+ private AuthenticationConfiguration authenticationConfiguration;
public static final int DEFAULT_MAX_LINE_LENGTH = 65536; // Use a big
default
public static final Size DEFAULT_IN_MEMORY_SIZE_LIMIT = Size.of(10L,
Size.Unit.M); // Use 10MB as default
public static final int DEFAULT_TIMEOUT = 30 * 60; // default timeout is
30 minutes
public static final int DEFAULT_LITERAL_SIZE_LIMIT = 0;
+ public static class AuthenticationConfiguration {
+ private static final boolean REQUIRE_SSL_DEFAULT = true;
+ private static final boolean PLAIN_AUTH_ENABLED_DEFAULT = true;
+
+ public static AuthenticationConfiguration
parse(HierarchicalConfiguration<ImmutableNode> configuration) {
+ return Optional.of(configuration.containsKey("auth"))
+ .filter(FunctionalUtils.identityPredicate())
+ .map(any -> configuration.configurationAt("auth"))
Review comment:
"auth" -> constant?
##########
File path:
server/protocols/protocols-imap4/src/main/java/org/apache/james/imapserver/netty/IMAPServer.java
##########
@@ -209,6 +252,7 @@ protected String getDefaultJMXName() {
protected ChannelUpstreamHandler createCoreHandler() {
ImapChannelUpstreamHandler coreHandler;
Encryption secure = getEncryption();
+ boolean plainAuthDisallowed = evaluatePlainAuthDisallowed();
if (secure != null && secure.isStartTLS()) {
coreHandler = new ImapChannelUpstreamHandler(hello, processor,
encoder, compress, plainAuthDisallowed, secure, imapMetrics);
Review comment:
```suggestion
coreHandler = new ImapChannelUpstreamHandler(hello, processor,
encoder, compress, plainAuthDisallowed, secure, imapMetrics);
```
IMO we should pass the full authentication configuration rather than
individual parameters.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
