diff options
6 files changed, 20 insertions, 4 deletions
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java index e4ddc2b1..3d226f7e 100644 --- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java +++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java @@ -45,7 +45,7 @@ public class Delg extends BaseCmd<User> { static final String AUTHZ_DELG = "/authz/delegate"; private static final String[] options = {"add","upd","del"}; - public Delg(User user) throws APIException { + public Delg(User user){ super(user,"delegate", new Param(optionsToString(options),true), new Param("from",true), diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java index cb44ab09..20a28cab 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/cui/CUI.java @@ -45,7 +45,7 @@ import org.onap.aaf.misc.env.TimeTaken; public class CUI extends HttpCode<AuthzTrans, Void> { private final AAF_GUI gui; - private final static Pattern userPerm = Pattern.compile("perm (create|delete).*@.*:id.*aaf.gui.*"); + private static final Pattern userPerm = Pattern.compile("perm (create|delete).*@.*:id.*aaf.gui.*"); public CUI(AAF_GUI gui) { @@ -90,6 +90,7 @@ public class CUI extends HttpCode<AuthzTrans, Void> { if(userPerm.matcher(cmdStr).matches()) { trans.clearCache(); Cookie cookie = new Cookie(Page.AAF_THEME,trans.getProperty(Page.AAF_THEME)); + cookie.setSecure(true); cookie.setMaxAge(-1); cookie.setComment("Remove AAF GUI Theme"); trans.hresp().addCookie(cookie); diff --git a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java index 8b6c1376..09b583bf 100644 --- a/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java +++ b/auth/auth-gui/src/main/java/org/onap/aaf/auth/gui/pages/RequestDetail.java @@ -73,7 +73,7 @@ public class RequestDetail extends Page { * */ private static class Model extends TableData<AAF_GUI,AuthzTrans> { - final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L; + static final long NUM_100NS_INTERVALS_SINCE_UUID_EPOCH = 0x01b21dd213814000L; private Slot sTicket; public Model(AuthzEnv env) { sTicket = env.slot(NAME+".ticket"); diff --git a/docs/sections/architecture/aaf_architecture.rst b/docs/sections/architecture/aaf_architecture.rst index 50d20eec..5513be8a 100644 --- a/docs/sections/architecture/aaf_architecture.rst +++ b/docs/sections/architecture/aaf_architecture.rst @@ -64,6 +64,17 @@ Enjoy stretching your mind AAF can support models of either side. In the meantime, enjoy the use of your mind to comtemplate things beyond tickets and this will help drive what you need to ask for in terms of Identities for your Apps. +Components +========== + +The running components of AAF include the following: + - "service" - RESTful HTTP/S - The main API Service for Authentication, Authorization and Management + - "locate" - RESTful HTTP/S - Provides Scaleble, Cross-Deployment Global location, inside or outside a container, of Registered Components (at minimum, AAF Components). Locate also provide Configuration information for Generated Configurations. + - "oauth" - RESTful HTTP/S - OAuth 2 implementation. Provides "token" and "introspection" methods, where Authorization data is included. + - "gui" - Browser HTTP/S - Management GUI, where user interactions occur, including a Web-based CMD-Line interface, API Docs, Approval pages, etc. + - "cm" - RESTful HTTP/S - Certificate Manager API, see more details below. + - "fs" - HTTP ONLY - File Server. This Component MUST NOT be HTTP/S, because it Provides HTTP Accessed RCLs as part of the TLS process. Other public information may be presented as well (such as Certificates, which are by definition Public) + Certificate Manager =================== diff --git a/docs/sections/architecture/security.rst b/docs/sections/architecture/security.rst index d1809935..ebfd63ba 100644 --- a/docs/sections/architecture/security.rst +++ b/docs/sections/architecture/security.rst @@ -33,6 +33,10 @@ Whenever two processing entities exist that need to communicate securely, it is Encryption is provided by HTTP/S with the TLS 1.2+ protocol. Lesser protocols can also be added, but it is highly recommended that the protocol go no lower than TLS 1.1 +ALL components of AAF are accessible only by HTTP/S (service, locate, oauth, gui, certman), EXCEPT the component "FS". + +FS *must* be HTTP, because it is responsible for being accessible DURING the TLS process for recent RCLs. (Revocation lists). Since it is part of the TLS process, it cannot be TLS itself. + .. image:: images/SecurityArchBasic_TLS.svg :width: 70% :align: center diff --git a/docs/sections/release-notes.rst b/docs/sections/release-notes.rst index 72198931..ed91732c 100644 --- a/docs/sections/release-notes.rst +++ b/docs/sections/release-notes.rst @@ -5,7 +5,7 @@ Release Notes ============= -Version: 2.1.15 (El Alto, Early Drop, 5.0.0) +Version: 2.1.15 (El Alto, 5.0.1) --------------------------------------------- :Release Date: 2019-08-12 |