diff options
Diffstat (limited to 'cadi/servlet-sample')
6 files changed, 236 insertions, 236 deletions
diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java index 466c02da..f11d8f89 100644 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java +++ b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java @@ -36,91 +36,91 @@ import org.onap.aaf.cadi.client.Future; import org.onap.aaf.cadi.principal.TaggedPrincipal; // Uncomment if you utilized the "MiniJASPIWrap" in the Servlet setup in "main()", and want to protect your service via Permission or mapped role -// @RolesAllowed({"com.att.aaf.myPerm|myInstance|myAction"}) - public class MyServlet implements Servlet { - private ServletConfig servletConfig; - - public void init(ServletConfig config) throws ServletException { - servletConfig = config; - } - - public ServletConfig getServletConfig() { - return servletConfig; - } - - public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException { - HttpServletRequest request; - try { - request = (HttpServletRequest)req; - } catch (ClassCastException e) { - throw new ServletException("Only serving HTTP today",e); - } - - res.getOutputStream().println("<html><header><title>CSP Servlet Test</title></header><body><h1>You're good to go!</h1><pre>" + - request.getUserPrincipal()); - - String perm = request.getParameter("PERM"); - if(perm!=null) { - if(request.isUserInRole(perm)) { - if(perm.indexOf('|')<0) { - res.getOutputStream().println("\nCongrats!, You are in Role " + perm); - } else { - res.getOutputStream().println("\nCongrats!, You have Permission " + perm); - } - } else { - if(perm.indexOf('|')<0) { - res.getOutputStream().println("\nSorry, you are NOT in Role " + perm); - } else { - res.getOutputStream().println("\nSorry, you do NOT have Permission " + perm); - } - } - } - - // You can get the working AAFCon from Trans - AAFCon<?> aafcon = AAFCon.obtain(req); - if(aafcon!=null) { - try { - res.getOutputStream().println("----- Perms JSON from direct call -----"); - final Principal up = request.getUserPrincipal(); - TaggedPrincipal tp; - if(up instanceof TaggedPrincipal) { - tp = (TaggedPrincipal)up; - } else { - tp = new TaggedPrincipal() { - @Override - public String getName() { - return up.getName(); - } +// @RolesAllowed({"com.att.aaf.myPerm|myInstance|myAction"}) + public class MyServlet implements Servlet { + private ServletConfig servletConfig; + + public void init(ServletConfig config) throws ServletException { + servletConfig = config; + } + + public ServletConfig getServletConfig() { + return servletConfig; + } + + public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException { + HttpServletRequest request; + try { + request = (HttpServletRequest)req; + } catch (ClassCastException e) { + throw new ServletException("Only serving HTTP today",e); + } + + res.getOutputStream().println("<html><header><title>CSP Servlet Test</title></header><body><h1>You're good to go!</h1><pre>" + + request.getUserPrincipal()); + + String perm = request.getParameter("PERM"); + if(perm!=null) { + if(request.isUserInRole(perm)) { + if(perm.indexOf('|')<0) { + res.getOutputStream().println("\nCongrats!, You are in Role " + perm); + } else { + res.getOutputStream().println("\nCongrats!, You have Permission " + perm); + } + } else { + if(perm.indexOf('|')<0) { + res.getOutputStream().println("\nSorry, you are NOT in Role " + perm); + } else { + res.getOutputStream().println("\nSorry, you do NOT have Permission " + perm); + } + } + } + + // You can get the working AAFCon from Trans + AAFCon<?> aafcon = AAFCon.obtain(req); + if(aafcon!=null) { + try { + res.getOutputStream().println("----- Perms JSON from direct call -----"); + final Principal up = request.getUserPrincipal(); + TaggedPrincipal tp; + if(up instanceof TaggedPrincipal) { + tp = (TaggedPrincipal)up; + } else { + tp = new TaggedPrincipal() { + @Override + public String getName() { + return up.getName(); + } - @Override - public String tag() { - return "Unknown"; - } - }; - } - // This call will be "as the user calling", but only if permission is set to trust. -// Future<String> future = aafcon.clientAs("2.0",tp).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json"); - Future<String> future = aafcon.client("2.0").read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json"); - if(future.get(4000 /* timeout */)) { - res.getOutputStream().print(future.value); - } else { - System.err.println(future.code() + ", " + future.body()); - res.getOutputStream().print(future.code() + ", " + future.body()); - } - } catch (Exception e) { - e.printStackTrace(); - } - } else { - res.getOutputStream().println("No AAFCon instantiated"); - } - res.getOutputStream().print("</pre></body></html>"); - - } - - public String getServletInfo() { - return "MyServlet"; - } - - public void destroy() { - } - }
\ No newline at end of file + @Override + public String tag() { + return "Unknown"; + } + }; + } + // This call will be "as the user calling", but only if permission is set to trust. +// Future<String> future = aafcon.clientAs("2.0",tp).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json"); + Future<String> future = aafcon.client("2.0").read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json"); + if(future.get(4000 /* timeout */)) { + res.getOutputStream().print(future.value); + } else { + System.err.println(future.code() + ", " + future.body()); + res.getOutputStream().print(future.code() + ", " + future.body()); + } + } catch (Exception e) { + e.printStackTrace(); + } + } else { + res.getOutputStream().println("No AAFCon instantiated"); + } + res.getOutputStream().print("</pre></body></html>"); + + } + + public String getServletInfo() { + return "MyServlet"; + } + + public void destroy() { + } + }
\ No newline at end of file diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java index 17f9b198..a45725d7 100644 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java +++ b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java @@ -31,15 +31,15 @@ import org.onap.aaf.cadi.filter.CadiFilter; public class Config { - /** - * Method to make jetty configurations (others?) with more complex function possible - * - * @param sc - */ - public static final void addToContext(WebAppContext sc, String propFile) { - sc.addFilter(CadiFilter.class,"/*",EnumSet.of(DispatcherType.REQUEST)); - sc.setInitParameter(org.onap.aaf.cadi.config.Config.CADI_PROP_FILES, propFile); - } - + /** + * Method to make jetty configurations (others?) with more complex function possible + * + * @param sc + */ + public static final void addToContext(WebAppContext sc, String propFile) { + sc.addFilter(CadiFilter.class,"/*",EnumSet.of(DispatcherType.REQUEST)); + sc.setInitParameter(org.onap.aaf.cadi.config.Config.CADI_PROP_FILES, propFile); + } + } diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java index 2d1fc097..cec8a539 100644 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java +++ b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java @@ -43,70 +43,70 @@ import org.onap.aaf.cadi.config.SecurityInfo; import org.onap.aaf.cadi.filter.CadiFilter; public abstract class JettyServletServer implements Servlet { - - public static Server run(PropAccess access, String context, Class<? extends Servlet> servletCls, int port, String ...args) throws Exception { - // Defaults: - int blockingQueueSize = 10; + + public static Server run(PropAccess access, String context, Class<? extends Servlet> servletCls, int port, String ...args) throws Exception { + // Defaults: + int blockingQueueSize = 10; int corePoolSize = 10; int maxPoolSize = 10; int keepAliveTime = 3000; - String hostname = access.getProperty(Config.HOSTNAME, null); - if(hostname==null) { - hostname = Inet4Address.getLocalHost().getHostName(); - } + String hostname = access.getProperty(Config.HOSTNAME, null); + if(hostname==null) { + hostname = Inet4Address.getLocalHost().getHostName(); + } // Add your own Properties to override defaults ArrayBlockingQueue<Runnable> queue = new ArrayBlockingQueue<Runnable>(blockingQueueSize); QueuedThreadPool pool = new QueuedThreadPool(maxPoolSize,corePoolSize,keepAliveTime,queue); - Server server = new Server(pool); + Server server = new Server(pool); - String protocol; - if(access.getProperty(Config.CADI_KEYSTORE_PASSWORD,null)==null) { - ServerConnector conn = new ServerConnector(server); - conn.setHost(hostname); - conn.setPort(port); - server.addConnector(conn); - protocol = "http"; - } else { - // Setup Security - SecurityInfo securityInfo = new SecurityInfo(access); - SslContextFactory scf = new SslContextFactory(); - scf.setSslContext(securityInfo.getSSLContext()); - scf.setWantClientAuth(true); - ServerConnector sslConnector = new ServerConnector(server,scf); - sslConnector.setHost(hostname); - sslConnector.setPort(port); - server.addConnector(sslConnector); - protocol = "https"; - } + String protocol; + if(access.getProperty(Config.CADI_KEYSTORE_PASSWORD,null)==null) { + ServerConnector conn = new ServerConnector(server); + conn.setHost(hostname); + conn.setPort(port); + server.addConnector(conn); + protocol = "http"; + } else { + // Setup Security + SecurityInfo securityInfo = new SecurityInfo(access); + SslContextFactory scf = new SslContextFactory(); + scf.setSslContext(securityInfo.getSSLContext()); + scf.setWantClientAuth(true); + ServerConnector sslConnector = new ServerConnector(server,scf); + sslConnector.setHost(hostname); + sslConnector.setPort(port); + server.addConnector(sslConnector); + protocol = "https"; + } // Setup Sample Servlet CadiFilter cf = new CadiFilter(true,access); - FilterHolder cfh = new FilterHolder(cf); - - ServletHandler shand = new ServletHandler(); - shand.addFilterWithMapping(cfh, "/*", FilterMapping.ALL); - // To use normal Servlets, just add the class here... Actually, bug in Jetty... need to add with ServletHolder - ServletHolder sh = new ServletHolder(); - sh.setServlet(servletCls.newInstance()); - shand.addServletWithMapping(sh,"/*"); - - // To use JASPI Authorization Style to protect the servlet, wrap the Servlet - // with the "MiniJSAPIWrap class, as shown here. Then add "@RolesAllowed" on your - // servlet (see sample). Use Pipe delimited Permissions, not AAF Roles in the line - // shand.addServletWithMapping(new MiniJASPIWrap(MyServlet.class),"/*"); - // call initialize after start - ContextHandler ch = new ServletContextHandler(); - ch.setContextPath(context); - ch.setHandler(shand); - server.setHandler(ch); - // Startup the Server + FilterHolder cfh = new FilterHolder(cf); + + ServletHandler shand = new ServletHandler(); + shand.addFilterWithMapping(cfh, "/*", FilterMapping.ALL); + // To use normal Servlets, just add the class here... Actually, bug in Jetty... need to add with ServletHolder + ServletHolder sh = new ServletHolder(); + sh.setServlet(servletCls.newInstance()); + shand.addServletWithMapping(sh,"/*"); + + // To use JASPI Authorization Style to protect the servlet, wrap the Servlet + // with the "MiniJSAPIWrap class, as shown here. Then add "@RolesAllowed" on your + // servlet (see sample). Use Pipe delimited Permissions, not AAF Roles in the line + // shand.addServletWithMapping(new MiniJASPIWrap(MyServlet.class),"/*"); + // call initialize after start + ContextHandler ch = new ServletContextHandler(); + ch.setContextPath(context); + ch.setHandler(shand); + server.setHandler(ch); + // Startup the Server server.setStopAtShutdown(true); server.start(); access.log(Level.INFO,"TestServlet is running at " + protocol + "://"+hostname+':'+port+context); return server; - } + } } diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java index 049e45e8..6edd6f5b 100644 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java +++ b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java @@ -30,17 +30,17 @@ import org.onap.aaf.cadi.PropAccess; public class JettyStandalone { - public static void main(String[] args) { - PropAccess access = new PropAccess(args); - try { - Server server = JettyServletServer.run(access, "/caditest", MyServlet.class, 3456); - server.join(); - } catch (Exception e) { - access.log(Level.ERROR, e); - } finally { - access.log(Level.INFO,"Stopping Service"); - } - - } + public static void main(String[] args) { + PropAccess access = new PropAccess(args); + try { + Server server = JettyServletServer.run(access, "/caditest", MyServlet.class, 3456); + server.join(); + } catch (Exception e) { + access.log(Level.ERROR, e); + } finally { + access.log(Level.INFO,"Stopping Service"); + } + + } } diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java index 904f3cdc..29462cfb 100644 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java +++ b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java @@ -48,54 +48,54 @@ import org.onap.aaf.cadi.filter.RolesAllowed; * */ public class MiniJASPIWrap extends ServletHolder { - private RolesAllowed rolesAllowed; - //private String roles; - public MiniJASPIWrap(Class<? extends Servlet> servlet) { - super(servlet); - this.rolesAllowed = servlet.getAnnotation(RolesAllowed.class); - StringBuilder sb = new StringBuilder(); - boolean first = true; - if(rolesAllowed!=null) { - for(String str : rolesAllowed.value()) { - if(first)first=false; - else sb.append(','); - sb.append(str); - } - } - //roles = sb.toString(); - } + private RolesAllowed rolesAllowed; + //private String roles; + public MiniJASPIWrap(Class<? extends Servlet> servlet) { + super(servlet); + this.rolesAllowed = servlet.getAnnotation(RolesAllowed.class); + StringBuilder sb = new StringBuilder(); + boolean first = true; + if(rolesAllowed!=null) { + for(String str : rolesAllowed.value()) { + if(first)first=false; + else sb.append(','); + sb.append(str); + } + } + //roles = sb.toString(); + } - /** - * handle - * - * When utilized, this class authorizes the transaction by first calling the standard J2EE API call - * "isUserInRole" with the role(s) found in the class Annotations (JASPI Style) - */ - @Override - public void handle(Request baseRequest, ServletRequest request, ServletResponse response) throws ServletException, UnavailableException, IOException { - if(rolesAllowed==null) { - super.handle(baseRequest, request, response); - } else { // Validate - try { - - HttpServletRequest hreq = (HttpServletRequest)request; - boolean proceed = false; - for(String role : rolesAllowed.value()) { - if(hreq.isUserInRole(role)) { - proceed = true; - break; - } - } - if(proceed) { - super.handle(baseRequest, request, response); - } else { - //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles); - ((HttpServletResponse)response).sendError(403); // forbidden - } - } catch(ClassCastException e) { - throw new ServletException("JASPIWrap only supports HTTPServletRequest/HttpServletResponse"); - } - } - } + /** + * handle + * + * When utilized, this class authorizes the transaction by first calling the standard J2EE API call + * "isUserInRole" with the role(s) found in the class Annotations (JASPI Style) + */ + @Override + public void handle(Request baseRequest, ServletRequest request, ServletResponse response) throws ServletException, UnavailableException, IOException { + if(rolesAllowed==null) { + super.handle(baseRequest, request, response); + } else { // Validate + try { + + HttpServletRequest hreq = (HttpServletRequest)request; + boolean proceed = false; + for(String role : rolesAllowed.value()) { + if(hreq.isUserInRole(role)) { + proceed = true; + break; + } + } + if(proceed) { + super.handle(baseRequest, request, response); + } else { + //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles); + ((HttpServletResponse)response).sendError(403); // forbidden + } + } catch(ClassCastException e) { + throw new ServletException("JASPIWrap only supports HTTPServletRequest/HttpServletResponse"); + } + } + } } diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/tomcate/TomcatEmbedded.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/tomcate/TomcatEmbedded.java index 415283a5..1597dbd5 100644 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/tomcate/TomcatEmbedded.java +++ b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/tomcate/TomcatEmbedded.java @@ -39,7 +39,7 @@ import org.onap.aaf.cadi.PropAccess; */ public class TomcatEmbedded { - public static void main(String[] args) throws Exception { + public static void main(String[] args) throws Exception { System.setProperty("org.apache.catalina.startup.EXIT_ON_INIT_FAILURE", "true"); Tomcat tomcat = new Tomcat(); @@ -51,8 +51,8 @@ public class TomcatEmbedded { tomcat.start(); tomcat.getServer().await(); - } - + } + private static Connector getSslConnector(PropAccess access, int port) throws IOException { Connector connector = new Connector(); connector.setPort(port); @@ -75,34 +75,34 @@ public class TomcatEmbedded { } private static void setAttr(Connector connector, Access access, String ctag, String atag) throws IOException { - String value = access.getProperty(atag, null); - if(value==null) { - access.log(Level.ERROR, atag, "is null"); - } else { - if(value.startsWith("enc:")) { - access.log(Level.INIT,atag,"=enc:************"); - value = access.decrypt(value, false); - } else { - access.log(Level.INIT,atag,"=",value); - } - connector.setAttribute(ctag, value); - } + String value = access.getProperty(atag, null); + if(value==null) { + access.log(Level.ERROR, atag, "is null"); + } else { + if(value.startsWith("enc:")) { + access.log(Level.INIT,atag,"=enc:************"); + value = access.decrypt(value, false); + } else { + access.log(Level.INIT,atag,"=",value); + } + connector.setAttribute(ctag, value); + } } - private static File getRootFolder() { - try { - File root; - String runningJarPath = Main.class.getProtectionDomain().getCodeSource().getLocation().toURI().getPath().replaceAll("\\\\", "/"); - int lastIndexOf = runningJarPath.lastIndexOf("/target/"); - if (lastIndexOf < 0) { - root = new File(""); - } else { - root = new File(runningJarPath.substring(0, lastIndexOf)); - } - System.out.println("application resolved root folder: " + root.getAbsolutePath()); - return root; - } catch (URISyntaxException ex) { - throw new RuntimeException(ex); - } - } + private static File getRootFolder() { + try { + File root; + String runningJarPath = Main.class.getProtectionDomain().getCodeSource().getLocation().toURI().getPath().replaceAll("\\\\", "/"); + int lastIndexOf = runningJarPath.lastIndexOf("/target/"); + if (lastIndexOf < 0) { + root = new File(""); + } else { + root = new File(runningJarPath.substring(0, lastIndexOf)); + } + System.out.println("application resolved root folder: " + root.getAbsolutePath()); + return root; + } catch (URISyntaxException ex) { + throw new RuntimeException(ex); + } + } } |