enhance anonymous access from two state mode to three state mode

lerna.json

@@ -5,5 +5,5 @@
   ],
   "npmClient": "yarn",
   "useWorkspaces": true,
-  "version": "2.3.0"
+  "version": "2.4.0-SNAPSHOT"
 }

scm-core/src/main/java/sonia/scm/config/ScmConfiguration.java

@@ -30,6 +30,7 @@ import com.google.inject.Singleton;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.event.ScmEventBus;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.util.HttpUtil;
 import sonia.scm.xml.XmlSetStringAdapter;
 
@@ -161,7 +162,7 @@ public class ScmConfiguration implements Configuration {
    * @see <a href="http://momentjs.com/docs/#/parsing/" target="_blank">http://momentjs.com/docs/#/parsing/</a>
    */
   private String dateFormat = DEFAULT_DATEFORMAT;
-  private boolean anonymousAccessEnabled = false;
+  private AnonymousMode anonymousMode = AnonymousMode.OFF;
 
   /**
    * Enables xsrf cookie protection.
@@ -200,7 +201,7 @@ public class ScmConfiguration implements Configuration {
     this.realmDescription = other.realmDescription;
     this.dateFormat = other.dateFormat;
     this.pluginUrl = other.pluginUrl;
-    this.anonymousAccessEnabled = other.anonymousAccessEnabled;
+    this.anonymousMode = other.anonymousMode;
     this.enableProxy = other.enableProxy;
     this.proxyPort = other.proxyPort;
     this.proxyServer = other.proxyServer;
@@ -311,8 +312,8 @@ public class ScmConfiguration implements Configuration {
     return realmDescription;
   }
 
-  public boolean isAnonymousAccessEnabled() {
-    return anonymousAccessEnabled;
+  public AnonymousMode getAnonymousMode() {
+    return anonymousMode;
   }
 
   public boolean isDisableGroupingGrid() {
@@ -360,8 +361,8 @@ public class ScmConfiguration implements Configuration {
     return skipFailedAuthenticators;
   }
 
-  public void setAnonymousAccessEnabled(boolean anonymousAccessEnabled) {
-    this.anonymousAccessEnabled = anonymousAccessEnabled;
+  public void setAnonymousMode(AnonymousMode mode) {
+    this.anonymousMode = mode;
   }
 
   public void setBaseUrl(String baseUrl) {

scm-core/src/main/java/sonia/scm/config/ScmConfigurationChangedListener.java

@@ -29,6 +29,7 @@ import com.google.inject.Inject;
 import sonia.scm.EagerSingleton;
 import sonia.scm.SCMContext;
 import sonia.scm.plugin.Extension;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.user.UserManager;
 
 @Extension
@@ -48,7 +49,7 @@ public class ScmConfigurationChangedListener {
   }
 
   private void createAnonymousUserIfRequired(ScmConfigurationChangedEvent event) {
-    if (event.getConfiguration().isAnonymousAccessEnabled() && !userManager.contains(SCMContext.USER_ANONYMOUS)) {
+    if (event.getConfiguration().getAnonymousMode() != AnonymousMode.OFF && !userManager.contains(SCMContext.USER_ANONYMOUS)) {
       userManager.create(SCMContext.ANONYMOUS);
     }
   }

scm-core/src/main/java/sonia/scm/security/AnonymousMode.java

@@ -0,0 +1,29 @@
+/*
+ * MIT License
+ *
+ * Copyright (c) 2020-present Cloudogu GmbH and Contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package sonia.scm.security;
+
+public enum AnonymousMode {
+  FULL, PROTOCOL_ONLY, OFF
+}

scm-core/src/main/java/sonia/scm/web/filter/AuthenticationFilter.java

@@ -36,6 +36,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.security.AnonymousToken;
 import sonia.scm.util.HttpUtil;
 import sonia.scm.util.Util;
@@ -303,7 +304,7 @@ public class AuthenticationFilter extends HttpFilter
    */
   private boolean isAnonymousAccessEnabled()
   {
-    return (configuration != null) && configuration.isAnonymousAccessEnabled();
+    return (configuration != null) && configuration.getAnonymousMode() != AnonymousMode.OFF;
   }
 
   //~--- fields ---------------------------------------------------------------

scm-core/src/test/java/sonia/scm/config/ScmConfigurationChangedListenerTest.java

@@ -29,6 +29,7 @@ import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.junit.jupiter.MockitoExtension;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.user.UserManager;
 
 import static org.mockito.ArgumentMatchers.any;
@@ -52,7 +53,7 @@ class ScmConfigurationChangedListenerTest {
     when(userManager.contains(any())).thenReturn(false);
 
     ScmConfiguration changes = new ScmConfiguration();
-    changes.setAnonymousAccessEnabled(true);
+    changes.setAnonymousMode(AnonymousMode.FULL);
     scmConfiguration.load(changes);
 
     listener.handleEvent(new ScmConfigurationChangedEvent(scmConfiguration));
@@ -64,7 +65,7 @@ class ScmConfigurationChangedListenerTest {
     when(userManager.contains(any())).thenReturn(true);
 
     ScmConfiguration changes = new ScmConfiguration();
-    changes.setAnonymousAccessEnabled(true);
+    changes.setAnonymousMode(AnonymousMode.FULL);
     scmConfiguration.load(changes);
 
     listener.handleEvent(new ScmConfigurationChangedEvent(scmConfiguration));

scm-it/src/test/java/sonia/scm/it/AnonymousAccessITCase.java

@@ -41,6 +41,7 @@ import sonia.scm.it.utils.ScmTypes;
 import sonia.scm.it.utils.TestData;
 import sonia.scm.repository.client.api.RepositoryClient;
 import sonia.scm.repository.client.api.RepositoryClientException;
+import sonia.scm.security.AnonymousMode;
 
 import javax.json.Json;
 import javax.json.JsonArray;
@@ -148,7 +149,7 @@ class AnonymousAccessITCase {
 
   private static void setAnonymousAccess(boolean anonymousAccessEnabled) {
     RestUtil.given("application/vnd.scmm-config+json;v=2")
-      .body(createConfig(anonymousAccessEnabled))
+      .body(createConfig(AnonymousMode.FULL))
 
       .when()
       .put(RestUtil.REST_BASE_URL.toASCIIString() + "config")
@@ -157,12 +158,12 @@ class AnonymousAccessITCase {
       .statusCode(HttpServletResponse.SC_NO_CONTENT);
   }
 
-  private static String createConfig(boolean anonymousAccessEnabled) {
+  private static String createConfig(AnonymousMode anonymousMode) {
     JsonArray emptyArray = Json.createBuilderFactory(emptyMap()).createArrayBuilder().build();
     return JSON_BUILDER
       .add("adminGroups", emptyArray)
       .add("adminUsers", emptyArray)
-      .add("anonymousAccessEnabled", anonymousAccessEnabled)
+      .add("anonymousMode", anonymousMode.toString())
       .add("baseUrl", "https://next-scm.cloudogu.com/scm")
       .add("dateFormat", "YYYY-MM-DD HH:mm:ss")
       .add("disableGroupingGrid", false)

scm-plugins/scm-git-plugin/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@scm-manager/scm-git-plugin",
   "private": true,
-  "version": "2.3.0",
+  "version": "2.4.0-SNAPSHOT",
   "license": "MIT",
   "main": "./src/main/js/index.ts",
   "scripts": {
@@ -20,6 +20,6 @@
   },
   "prettier": "@scm-manager/prettier-config",
   "dependencies": {
-    "@scm-manager/ui-plugins": "^2.3.0"
+    "@scm-manager/ui-plugins": "^2.4.0-SNAPSHOT"
   }
 }

scm-plugins/scm-hg-plugin/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@scm-manager/scm-hg-plugin",
   "private": true,
-  "version": "2.3.0",
+  "version": "2.4.0-SNAPSHOT",
   "license": "MIT",
   "main": "./src/main/js/index.ts",
   "scripts": {
@@ -19,6 +19,6 @@
   },
   "prettier": "@scm-manager/prettier-config",
   "dependencies": {
-    "@scm-manager/ui-plugins": "^2.3.0"
+    "@scm-manager/ui-plugins": "^2.4.0-SNAPSHOT"
   }
 }

scm-plugins/scm-legacy-plugin/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@scm-manager/scm-legacy-plugin",
   "private": true,
-  "version": "2.3.0",
+  "version": "2.4.0-SNAPSHOT",
   "license": "MIT",
   "main": "./src/main/js/index.tsx",
   "scripts": {
@@ -19,6 +19,6 @@
   },
   "prettier": "@scm-manager/prettier-config",
   "dependencies": {
-    "@scm-manager/ui-plugins": "^2.3.0"
+    "@scm-manager/ui-plugins": "^2.4.0-SNAPSHOT"
   }
 }

scm-plugins/scm-svn-plugin/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@scm-manager/scm-svn-plugin",
   "private": true,
-  "version": "2.3.0",
+  "version": "2.4.0-SNAPSHOT",
   "license": "MIT",
   "main": "./src/main/js/index.ts",
   "scripts": {
@@ -19,6 +19,6 @@
   },
   "prettier": "@scm-manager/prettier-config",
   "dependencies": {
-    "@scm-manager/ui-plugins": "^2.3.0"
+    "@scm-manager/ui-plugins": "^2.4.0-SNAPSHOT"
   }
 }

scm-ui/ui-components/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@scm-manager/ui-components",
-  "version": "2.3.0",
+  "version": "2.4.0-SNAPSHOT",
   "description": "UI Components for SCM-Manager and its plugins",
   "main": "src/index.ts",
   "files": [

scm-ui/ui-plugins/package.json

@@ -1,12 +1,12 @@
 {
   "name": "@scm-manager/ui-plugins",
-  "version": "2.3.0",
+  "version": "2.4.0-SNAPSHOT",
   "license": "MIT",
   "bin": {
     "ui-plugins": "./bin/ui-plugins.js"
   },
   "dependencies": {
-    "@scm-manager/ui-components": "^2.3.0",
+    "@scm-manager/ui-components": "^2.4.0-SNAPSHOT",
     "@scm-manager/ui-extensions": "^2.1.0",
     "classnames": "^2.2.6",
     "query-string": "^5.0.1",

scm-ui/ui-styles/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@scm-manager/ui-styles",
-  "version": "2.1.0",
+  "version": "2.4.0-SNAPSHOT",
   "description": "Styles for SCM-Manager",
   "main": "src/scm.scss",
   "license": "MIT",

scm-ui/ui-types/src/Config.ts

@@ -24,6 +24,8 @@
 
 import { Links } from "./hal";
 
+export type AnonymousMode = "FULL" | "PROTOCOL_ONLY" | "OFF";
+
 export type Config = {
   proxyPassword: string | null;
   proxyPort: number;
@@ -33,7 +35,7 @@ export type Config = {
   realmDescription: string;
   disableGroupingGrid: boolean;
   dateFormat: string;
-  anonymousAccessEnabled: boolean;
+  anonymousMode: AnonymousMode;
   baseUrl: string;
   forceBaseUrl: boolean;
   loginAttemptLimit: number;

scm-ui/ui-types/src/index.ts

@@ -42,7 +42,7 @@ export { AnnotatedSource, AnnotatedLine } from "./Annotate";
 
 export { Tag } from "./Tags";
 
-export { Config } from "./Config";
+export { Config, AnonymousMode } from "./Config";
 
 export { IndexResources } from "./IndexResources";
 

scm-ui/ui-webapp/package.json

@@ -1,9 +1,9 @@
 {
   "name": "@scm-manager/ui-webapp",
-  "version": "2.3.0",
+  "version": "2.4.0-SNAPSHOT",
   "private": true,
   "dependencies": {
-    "@scm-manager/ui-components": "^2.3.0",
+    "@scm-manager/ui-components": "^2.4.0-SNAPSHOT",
     "@scm-manager/ui-extensions": "^2.1.0",
     "classnames": "^2.2.5",
     "history": "^4.10.1",

scm-ui/ui-webapp/public/locales/de/config.json

@@ -38,7 +38,12 @@
     "realm-description": "Realm Beschreibung",
     "disable-grouping-grid": "Gruppen deaktivieren",
     "date-format": "Datumsformat",
-    "anonymous-access-enabled": "Anonyme Zugriffe erlauben",
+    "anonymousMode": {
+      "title": "Anonyme Zugriffe",
+      "full": "Aktivieren für Web-Oberfläche und Protokolle",
+      "protocolOnly": "Aktivieren für Protokolle",
+      "off": "Deaktivieren"
+    },
     "skip-failed-authenticators": "Fehlgeschlagene Authentifizierer überspringen",
     "plugin-url": "Plugin Center URL",
     "enabled-xsrf-protection": "XSRF Protection aktivieren",

scm-ui/ui-webapp/public/locales/en/config.json

@@ -38,7 +38,12 @@
     "realm-description": "Realm Description",
     "disable-grouping-grid": "Disable Grouping Grid",
     "date-format": "Date Format",
-    "anonymous-access-enabled": "Anonymous Access Enabled",
+    "anonymousMode": {
+      "title": "Anonymous Access",
+      "full": "Enabled for Web UI and protocols",
+      "protocolOnly": "Enabled for protocols",
+      "off": "Disabled"
+    },
     "skip-failed-authenticators": "Skip Failed Authenticators",
     "plugin-url": "Plugin Center URL",
     "enabled-xsrf-protection": "Enabled XSRF Protection",

scm-ui/ui-webapp/src/admin/components/form/ConfigForm.tsx

@@ -63,7 +63,7 @@ class ConfigForm extends React.Component<Props, State> {
         realmDescription: "",
         disableGroupingGrid: false,
         dateFormat: "",
-        anonymousAccessEnabled: false,
+        anonymousMode: "OFF",
         baseUrl: "",
         forceBaseUrl: false,
         loginAttemptLimit: 0,
@@ -140,7 +140,7 @@ class ConfigForm extends React.Component<Props, State> {
           realmDescription={config.realmDescription}
           disableGroupingGrid={config.disableGroupingGrid}
           dateFormat={config.dateFormat}
-          anonymousAccessEnabled={config.anonymousAccessEnabled}
+          anonymousMode={config.anonymousMode}
           skipFailedAuthenticators={config.skipFailedAuthenticators}
           pluginUrl={config.pluginUrl}
           enabledXsrfProtection={config.enabledXsrfProtection}

scm-ui/ui-webapp/src/admin/components/form/GeneralSettings.tsx

@@ -23,8 +23,8 @@
  */
 import React from "react";
 import { WithTranslation, withTranslation } from "react-i18next";
-import { Checkbox, InputField } from "@scm-manager/ui-components";
-import { NamespaceStrategies } from "@scm-manager/ui-types";
+import { Checkbox, InputField, Select } from "@scm-manager/ui-components";
+import { NamespaceStrategies, AnonymousMode } from "@scm-manager/ui-types";
 import NamespaceStrategySelect from "./NamespaceStrategySelect";
 
 type Props = WithTranslation & {
@@ -32,7 +32,7 @@ type Props = WithTranslation & {
   loginInfoUrl: string;
   disableGroupingGrid: boolean;
   dateFormat: string;
-  anonymousAccessEnabled: boolean;
+  anonymousMode: AnonymousMode;
   skipFailedAuthenticators: boolean;
   pluginUrl: string;
   enabledXsrfProtection: boolean;
@@ -50,7 +50,7 @@ class GeneralSettings extends React.Component<Props> {
       loginInfoUrl,
       pluginUrl,
       enabledXsrfProtection,
-      anonymousAccessEnabled,
+      anonymousMode,
       namespaceStrategy,
       hasUpdatePermission,
       namespaceStrategies
@@ -111,12 +111,16 @@ class GeneralSettings extends React.Component<Props> {
             />
           </div>
           <div className="column is-half">
-            <Checkbox
-              label={t("general-settings.anonymous-access-enabled")}
-              onChange={this.handleEnableAnonymousAccess}
-              checked={anonymousAccessEnabled}
-              title={t("general-settings.anonymous-access-enabled")}
+            <Select
+              label={t("general-settings.anonymousMode.title")}
+              onChange={this.handleAnonymousMode}
+              value={anonymousMode}
               disabled={!hasUpdatePermission}
+              options={[
+                { label: t("general-settings.anonymousMode.full"), value: "FULL" },
+                { label: t("general-settings.anonymousMode.protocolOnly"), value: "PROTOCOL_ONLY" },
+                { label: t("general-settings.anonymousMode.off"), value: "OFF" }
+              ]}
               helpText={t("help.allowAnonymousAccessHelpText")}
             />
           </div>
@@ -134,8 +138,8 @@ class GeneralSettings extends React.Component<Props> {
   handleEnabledXsrfProtectionChange = (value: boolean) => {
     this.props.onChange(true, value, "enabledXsrfProtection");
   };
-  handleEnableAnonymousAccess = (value: boolean) => {
-    this.props.onChange(true, value, "anonymousAccessEnabled");
+  handleAnonymousMode = (value: string) => {
+    this.props.onChange(true, value, "anonymousMode");
   };
   handleNamespaceStrategyChange = (value: string) => {
     this.props.onChange(true, value, "namespaceStrategy");

scm-webapp/src/main/java/sonia/scm/api/v2/resources/ConfigDto.java

@@ -29,6 +29,7 @@ import de.otto.edison.hal.Links;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import sonia.scm.security.AnonymousMode;
 
 import java.util.Set;
 
@@ -45,7 +46,7 @@ public class ConfigDto extends HalRepresentation {
   private String realmDescription;
   private boolean disableGroupingGrid;
   private String dateFormat;
-  private boolean anonymousAccessEnabled;
+  private AnonymousMode anonymousMode;
   private String baseUrl;
   private boolean forceBaseUrl;
   private int loginAttemptLimit;

scm-webapp/src/main/java/sonia/scm/filter/PropagatePrincipleFilter.java

@@ -33,6 +33,7 @@ import org.apache.shiro.subject.Subject;
 import sonia.scm.Priority;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.web.filter.HttpFilter;
 import sonia.scm.web.filter.PropagatePrincipleServletRequestWrapper;
 
@@ -89,7 +90,7 @@ public class PropagatePrincipleFilter extends HttpFilter
   private boolean hasPermission(Subject subject)
   {
     return ((configuration != null)
-      && configuration.isAnonymousAccessEnabled()) || subject.isAuthenticated()
+      && configuration.getAnonymousMode() != AnonymousMode.OFF) || subject.isAuthenticated()
         || subject.isRemembered();
   }
 

scm-webapp/src/main/java/sonia/scm/lifecycle/SetupContextListener.java

@@ -31,6 +31,7 @@ import org.slf4j.LoggerFactory;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.plugin.Extension;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.security.PermissionAssigner;
 import sonia.scm.security.PermissionDescriptor;
 import sonia.scm.user.User;
@@ -94,7 +95,7 @@ public class SetupContextListener implements ServletContextListener {
     }
 
     private boolean anonymousUserRequiredButNotExists() {
-      return scmConfiguration.isAnonymousAccessEnabled() && !userManager.contains(SCMContext.USER_ANONYMOUS);
+      return scmConfiguration.getAnonymousMode() != AnonymousMode.OFF && !userManager.contains(SCMContext.USER_ANONYMOUS);
     }
 
     private boolean shouldCreateAdminAccount() {

scm-webapp/src/main/java/sonia/scm/user/AnonymousUserDeletionEventHandler.java

@@ -31,6 +31,7 @@ import sonia.scm.HandlerEventType;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
 import sonia.scm.plugin.Extension;
+import sonia.scm.security.AnonymousMode;
 
 import javax.inject.Inject;
 
@@ -38,7 +39,7 @@ import javax.inject.Inject;
 @Extension
 public class AnonymousUserDeletionEventHandler {
 
-  private ScmConfiguration scmConfiguration;
+  private final ScmConfiguration scmConfiguration;
 
   @Inject
   public AnonymousUserDeletionEventHandler(ScmConfiguration scmConfiguration) {
@@ -55,6 +56,6 @@ public class AnonymousUserDeletionEventHandler {
   private boolean isAnonymousUserDeletionNotAllowed(UserEvent event) {
     return event.getEventType() == HandlerEventType.BEFORE_DELETE
       && event.getItem().getName().equals(SCMContext.USER_ANONYMOUS)
-      && scmConfiguration.isAnonymousAccessEnabled();
+      && scmConfiguration.getAnonymousMode() != AnonymousMode.OFF;
   }
 }

scm-webapp/src/test/java/sonia/scm/api/v2/resources/ConfigDtoToScmConfigurationMapperTest.java

@@ -29,6 +29,7 @@ import org.junit.Test;
 import org.mockito.InjectMocks;
 import org.mockito.internal.util.collections.Sets;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 import java.util.Arrays;
 
@@ -63,7 +64,7 @@ public class ConfigDtoToScmConfigurationMapperTest {
     assertEquals("realm" , config.getRealmDescription());
     assertTrue(config.isDisableGroupingGrid());
     assertEquals("yyyy" , config.getDateFormat());
-    assertTrue(config.isAnonymousAccessEnabled());
+    assertTrue(config.getAnonymousMode() == AnonymousMode.FULL);
     assertEquals("baseurl" , config.getBaseUrl());
     assertTrue(config.isForceBaseUrl());
     assertEquals(41 , config.getLoginAttemptLimit());
@@ -86,7 +87,7 @@ public class ConfigDtoToScmConfigurationMapperTest {
     configDto.setRealmDescription("realm");
     configDto.setDisableGroupingGrid(true);
     configDto.setDateFormat("yyyy");
-    configDto.setAnonymousAccessEnabled(true);
+    configDto.setAnonymousMode(AnonymousMode.FULL);
     configDto.setBaseUrl("baseurl");
     configDto.setForceBaseUrl(true);
     configDto.setLoginAttemptLimit(41);

scm-webapp/src/test/java/sonia/scm/api/v2/resources/ScmConfigurationToConfigDtoMapperTest.java

@@ -34,12 +34,14 @@ import org.junit.Test;
 import org.mockito.InjectMocks;
 import org.mockito.internal.util.collections.Sets;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 import java.net.URI;
 import java.util.Arrays;
 
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertTrue;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
@@ -93,7 +95,7 @@ public class ScmConfigurationToConfigDtoMapperTest {
     assertEquals("description" , dto.getRealmDescription());
     assertTrue(dto.isDisableGroupingGrid());
     assertEquals("dd" , dto.getDateFormat());
-    assertTrue(dto.isAnonymousAccessEnabled());
+    assertSame(dto.getAnonymousMode(), AnonymousMode.FULL);
     assertEquals("baseurl" , dto.getBaseUrl());
     assertTrue(dto.isForceBaseUrl());
     assertEquals(1 , dto.getLoginAttemptLimit());
@@ -131,7 +133,7 @@ public class ScmConfigurationToConfigDtoMapperTest {
     config.setRealmDescription("description");
     config.setDisableGroupingGrid(true);
     config.setDateFormat("dd");
-    config.setAnonymousAccessEnabled(true);
+    config.setAnonymousMode(AnonymousMode.FULL);
     config.setBaseUrl("baseurl");
     config.setForceBaseUrl(true);
     config.setLoginAttemptLimit(1);

scm-webapp/src/test/java/sonia/scm/filter/PropagatePrincipleFilterTest.java

@@ -38,6 +38,7 @@ import org.mockito.Mock;
 import org.mockito.junit.MockitoJUnitRunner;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.user.User;
 import sonia.scm.user.UserTestData;
 
@@ -110,7 +111,7 @@ public class PropagatePrincipleFilterTest {
    */
   @Test
   public void testAnonymousWithAccessEnabled() throws IOException, ServletException {
-    configuration.setAnonymousAccessEnabled(true);
+    configuration.setAnonymousMode(AnonymousMode.FULL);
     
     // execute
     propagatePrincipleFilter.doFilter(request, response, chain);

scm-webapp/src/test/java/sonia/scm/lifecycle/SetupContextListenerTest.java

@@ -37,6 +37,7 @@ import org.mockito.junit.jupiter.MockitoSettings;
 import org.mockito.quality.Strictness;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 import sonia.scm.security.PermissionAssigner;
 import sonia.scm.security.PermissionDescriptor;
 import sonia.scm.user.User;
@@ -82,7 +83,7 @@ class SetupContextListenerTest {
 
   @BeforeEach
   void mockScmConfiguration() {
-    when(scmConfiguration.isAnonymousAccessEnabled()).thenReturn(false);
+    when(scmConfiguration.getAnonymousMode()).thenReturn(AnonymousMode.OFF);
   }
 
   @BeforeEach
@@ -145,7 +146,7 @@ class SetupContextListenerTest {
   void shouldCreateAnonymousUserIfRequired() {
     List<User> users = Lists.newArrayList(UserTestData.createTrillian());
     when(userManager.getAll()).thenReturn(users);
-    when(scmConfiguration.isAnonymousAccessEnabled()).thenReturn(true);
+    when(scmConfiguration.getAnonymousMode()).thenReturn(AnonymousMode.FULL);
 
     setupContextListener.contextInitialized(null);
 
@@ -166,7 +167,7 @@ class SetupContextListenerTest {
   void shouldNotCreateAnonymousUserIfAlreadyExists() {
     List<User> users = Lists.newArrayList(SCMContext.ANONYMOUS);
     when(userManager.getAll()).thenReturn(users);
-    when(scmConfiguration.isAnonymousAccessEnabled()).thenReturn(true);
+    when(scmConfiguration.getAnonymousMode()).thenReturn(AnonymousMode.FULL);
 
     setupContextListener.contextInitialized(null);
 

scm-webapp/src/test/java/sonia/scm/user/AnonymousUserDeletionEventHandlerTest.java

@@ -29,6 +29,7 @@ import org.junit.jupiter.api.Test;
 import sonia.scm.HandlerEventType;
 import sonia.scm.SCMContext;
 import sonia.scm.config.ScmConfiguration;
+import sonia.scm.security.AnonymousMode;
 
 import static org.junit.jupiter.api.Assertions.assertThrows;
 
@@ -45,7 +46,7 @@ class AnonymousUserDeletionEventHandlerTest {
 
   @Test
   void shouldThrowAnonymousUserDeletionExceptionIfAnonymousAccessIsEnabled() {
-    scmConfiguration.setAnonymousAccessEnabled(true);
+    scmConfiguration.setAnonymousMode(AnonymousMode.FULL);
 
     hook = new AnonymousUserDeletionEventHandler(scmConfiguration);
     UserEvent deletionEvent = new UserEvent(HandlerEventType.BEFORE_DELETE, SCMContext.ANONYMOUS);
@@ -55,7 +56,7 @@ class AnonymousUserDeletionEventHandlerTest {
 
   @Test
   void shouldNotThrowAnonymousUserDeletionException() {
-    scmConfiguration.setAnonymousAccessEnabled(false);
+    scmConfiguration.setAnonymousMode(AnonymousMode.OFF);
 
     hook = new AnonymousUserDeletionEventHandler(scmConfiguration);
     UserEvent deletionEvent = new UserEvent(HandlerEventType.BEFORE_DELETE,  SCMContext.ANONYMOUS);