From 93871ff58e90a91d359f72b00a92fe1e28310b82 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Mon, 15 Oct 2018 07:37:28 -0500 Subject: Add Servlet Sample Includes CA Bootstrap names for K8 Issue-ID: AAF-451 Change-Id: Ibc34a21cad0b38c5d56dbc20d84deb5bf66e9d64 Signed-off-by: Instrumental --- auth/docker/Dockerfile.client | 1 + auth/docker/aaf.sh | 1 + auth/docker/d.props.init | 1 + auth/docker/dbuild.sh | 9 +- auth/docker/drun.sh | 8 +- auth/helm/.gitignore | 1 + auth/helm/aaf/Chart.yaml | 2 +- auth/helm/aaf/templates/aaf-cm.yaml | 2 +- auth/helm/aaf/templates/aaf-fs.yaml | 2 +- auth/helm/aaf/templates/aaf-gui.yaml | 2 +- auth/helm/aaf/templates/aaf-hello.yaml | 2 +- auth/helm/aaf/templates/aaf-locate.yaml | 2 +- auth/helm/aaf/templates/aaf-oauth.yaml | 2 +- auth/helm/aaf/templates/aaf-service.yaml | 10 +- auth/helm/aaf/templates/aaf.yaml | 205 --------------------- auth/helm/aaf/values.yaml | 3 +- auth/sample/bin/client.sh | 3 + auth/sample/bin/service.sh | 4 +- auth/sample/etc/org.osaaf.aaf.cm.props | 2 +- auth/sample/etc/org.osaaf.aaf.fs.props | 2 +- auth/sample/etc/org.osaaf.aaf.gui.props | 2 +- auth/sample/etc/org.osaaf.aaf.hello.props | 2 +- auth/sample/etc/org.osaaf.aaf.locate.props | 2 +- auth/sample/etc/org.osaaf.aaf.oauth.props | 2 +- auth/sample/etc/org.osaaf.aaf.service.props | 2 +- cadi/servlet-sample/pom.xml | 39 +++- .../servlet-sample/src/assemble/servlet_sample.xml | 48 +++++ .../java/org/onap/aaf/sample/cadi/MyServlet.java | 127 +++++++++++++ .../org/onap/aaf/sample/cadi/jetty/Config.java | 45 +++++ .../aaf/sample/cadi/jetty/JettyServletServer.java | 112 +++++++++++ .../aaf/sample/cadi/jetty/JettyStandalone.java | 46 +++++ .../onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java | 101 ++++++++++ .../java/org/onap/aaf/sample/cadi/MyServlet.java | 127 ------------- .../org/onap/aaf/sample/cadi/jetty/Config.java | 45 ----- .../aaf/sample/cadi/jetty/JettyServletServer.java | 112 ----------- .../aaf/sample/cadi/jetty/JettyStandalone.java | 46 ----- .../onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java | 101 ---------- conf/CA/bootstrap.sh | 2 +- conf/CA/san_root.aaf | 2 +- 39 files changed, 552 insertions(+), 675 deletions(-) delete mode 100644 auth/helm/aaf/templates/aaf.yaml create mode 100644 cadi/servlet-sample/src/assemble/servlet_sample.xml create mode 100644 cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java create mode 100644 cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java create mode 100644 cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java create mode 100644 cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java create mode 100644 cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java delete mode 100644 cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java delete mode 100644 cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java delete mode 100644 cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java delete mode 100644 cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java delete mode 100644 cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java diff --git a/auth/docker/Dockerfile.client b/auth/docker/Dockerfile.client index 2ecf6a5d..3e61173d 100644 --- a/auth/docker/Dockerfile.client +++ b/auth/docker/Dockerfile.client @@ -8,6 +8,7 @@ LABEL version=${AAF_VERSION} COPY logs /opt/app/aaf_config/logs COPY bin/client.sh /opt/app/aaf_config/bin/agent.sh COPY bin/aaf-cadi*full.jar /opt/app/aaf_config/bin/ +COPY bin/aaf-cadi-servlet-sample-*-sample.jar /opt/app/aaf_config/bin/ COPY cert/*trust*.b64 /opt/app/aaf_config/cert/ ENTRYPOINT ["/bin/bash","/opt/app/aaf_config/bin/agent.sh"] diff --git a/auth/docker/aaf.sh b/auth/docker/aaf.sh index 7301c50e..29391597 100644 --- a/auth/docker/aaf.sh +++ b/auth/docker/aaf.sh @@ -13,6 +13,7 @@ function run_it() { --env HOSTNAME=${HOSTNAME} \ --env AAF_ENV=${AAF_ENV} \ --env AAF_REGISTER_AS=${AAF_REGISTER_AS} \ + --env AAF_LOCATOR_AS=${AAF_LOCATOR_AS} \ --env LATITUDE=${LATITUDE} \ --env LONGITUDE=${LONGITUDE} \ --env CASS_HOST=${CASS_HOST} \ diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init index bde88c88..178d66f5 100644 --- a/auth/docker/d.props.init +++ b/auth/docker/d.props.init @@ -14,6 +14,7 @@ HOST_IP= # AAF Machine info AAF_ENV=DEV AAF_REGISTER_AS=$HOSTNAME +AAF_LOCATE_AS=$AAF_REGISTER_AS LATITUDE= LONGITUDE= diff --git a/auth/docker/dbuild.sh b/auth/docker/dbuild.sh index 2b6c006c..80427cef 100755 --- a/auth/docker/dbuild.sh +++ b/auth/docker/dbuild.sh @@ -29,6 +29,7 @@ $DOCKER build -t ${ORG}/${PROJECT}/aaf_config:${VERSION} sample $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_config:${VERSION} $DOCKER tag ${ORG}/${PROJECT}/aaf_config:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/latest +cp ../cadi/servlet-sample/target/aaf-cadi-servlet-sample-${VERSION}-sample.jar sample/bin # AAF Agent Image (for Clients) sed -e 's/${AAF_VERSION}/'${VERSION}'/g' -e 's/${AAF_COMPONENT}/'${AAF_COMPONENT}'/g' docker/Dockerfile.client > sample/Dockerfile $DOCKER build -t ${ORG}/${PROJECT}/aaf_agent:${VERSION} sample @@ -36,7 +37,7 @@ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/$ $DOCKER tag ${ORG}/${PROJECT}/aaf_agent:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_agent:latest # Clean up -rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar +rm sample/Dockerfile sample/bin/aaf-cadi-aaf-${VERSION}-full.jar sample/bin/aaf-cadi-servlet-sample-${VERSION}-sample.jar rm -Rf sample/CA cd - @@ -52,8 +53,11 @@ $DOCKER tag ${ORG}/${PROJECT}/aaf_core:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${ rm aaf_${VERSION}/Dockerfile cd - +####### +# Do all the Containers related to AAF Services +####### if ["$1" == ""]; then - AAF_COMPONENTS=$(ls ../aaf_*HOT/bin | grep -v '\.') + AAF_COMPONENTS=$(ls ../aaf_${VERSION}/bin | grep -v '\.') else AAF_COMPONENTS=$1 fi @@ -69,6 +73,7 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do $DOCKER tag ${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:${VERSION} ${DOCKER_REPOSITORY}/${ORG}/${PROJECT}/aaf_${AAF_COMPONENT}:latest rm aaf_${VERSION}/Dockerfile cd - + done rm ../aaf_${VERSION}/pod/* rmdir ../aaf_${VERSION}/pod diff --git a/auth/docker/drun.sh b/auth/docker/drun.sh index be6795be..c6914a09 100644 --- a/auth/docker/drun.sh +++ b/auth/docker/drun.sh @@ -35,22 +35,22 @@ for AAF_COMPONENT in ${AAF_COMPONENTS}; do case "$AAF_COMPONENT" in "service") PORTMAP="8100:8100" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + LINKS="--link aaf_cass:cassandra " ;; "locate") PORTMAP="8095:8095" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + LINKS="--link aaf_cass:cassandra " ;; "oauth") PORTMAP="8140:8140" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + LINKS="--link aaf_cass:cassandra " ;; "gui") PORTMAP="8200:8200" ;; "cm") PORTMAP="8150:8150" - LINKS="--link aaf_cass:cassandra --add-host=$CASS_HOST" + LINKS="--link aaf_cass:cassandra " ;; "hello") PORTMAP="8130:8130" diff --git a/auth/helm/.gitignore b/auth/helm/.gitignore index a12eb33b..1c5fad92 100644 --- a/auth/helm/.gitignore +++ b/auth/helm/.gitignore @@ -1,2 +1,3 @@ aaf.orig/ pause/ +aaf.new/ diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml index b6ba288e..323a6e14 100644 --- a/auth/helm/aaf/Chart.yaml +++ b/auth/helm/aaf/Chart.yaml @@ -2,4 +2,4 @@ apiVersion: v1 appVersion: "1.0" description: AAF Helm Chart name: aaf -version: 2.1.3-SNAPSHOT +version: 2.1.4-SNAPSHOT diff --git a/auth/helm/aaf/templates/aaf-cm.yaml b/auth/helm/aaf/templates/aaf-cm.yaml index 0940de43..0a4c3149 100644 --- a/auth/helm/aaf/templates/aaf-cm.yaml +++ b/auth/helm/aaf/templates/aaf-cm.yaml @@ -48,7 +48,7 @@ spec: - name: AAF_REGISTER_AS value: "aaf-cm" - name: AAF_LOCATOR_AS - value: "aaf-locate" + value: "{{ .Values.cadi.aaf_locate_as }}" - name: LATITUDE value: "{{ .Values.cadi.cadi_latitude }}" - name: LONGITUDE diff --git a/auth/helm/aaf/templates/aaf-fs.yaml b/auth/helm/aaf/templates/aaf-fs.yaml index 7d596845..22935dc3 100644 --- a/auth/helm/aaf/templates/aaf-fs.yaml +++ b/auth/helm/aaf/templates/aaf-fs.yaml @@ -48,7 +48,7 @@ spec: - name: AAF_REGISTER_AS value: "aaf-fs" - name: AAF_LOCATOR_AS - value: "aaf-locate" + value: "{{ .Values.cadi.aaf_locate_as }}" - name: LATITUDE value: "{{ .Values.cadi.cadi_latitude }}" - name: LONGITUDE diff --git a/auth/helm/aaf/templates/aaf-gui.yaml b/auth/helm/aaf/templates/aaf-gui.yaml index bc2a23df..c5d11d0e 100644 --- a/auth/helm/aaf/templates/aaf-gui.yaml +++ b/auth/helm/aaf/templates/aaf-gui.yaml @@ -48,7 +48,7 @@ spec: - name: AAF_REGISTER_AS value: "aaf-gui" - name: AAF_LOCATOR_AS - value: "aaf-locate" + value: "{{ .Values.cadi.aaf_locate_as }}" - name: LATITUDE value: "{{ .Values.cadi.cadi_latitude }}" - name: LONGITUDE diff --git a/auth/helm/aaf/templates/aaf-hello.yaml b/auth/helm/aaf/templates/aaf-hello.yaml index b11365d2..033c9125 100644 --- a/auth/helm/aaf/templates/aaf-hello.yaml +++ b/auth/helm/aaf/templates/aaf-hello.yaml @@ -48,7 +48,7 @@ spec: - name: AAF_REGISTER_AS value: "aaf-hello" - name: AAF_LOCATOR_AS - value: "aaf-locate" + value: "{{ .Values.cadi.aaf_locate_as }}" - name: LATITUDE value: "{{ .Values.cadi.cadi_latitude }}" - name: LONGITUDE diff --git a/auth/helm/aaf/templates/aaf-locate.yaml b/auth/helm/aaf/templates/aaf-locate.yaml index 7f10fbf5..58c249ee 100644 --- a/auth/helm/aaf/templates/aaf-locate.yaml +++ b/auth/helm/aaf/templates/aaf-locate.yaml @@ -48,7 +48,7 @@ spec: - name: AAF_REGISTER_AS value: "aaf-locate" - name: AAF_LOCATOR_AS - value: "aaf-locate" + value: "{{ .Values.cadi.aaf_locate_as }}" - name: LATITUDE value: "{{ .Values.cadi.cadi_latitude }}" - name: LONGITUDE diff --git a/auth/helm/aaf/templates/aaf-oauth.yaml b/auth/helm/aaf/templates/aaf-oauth.yaml index a08e86fb..08984674 100644 --- a/auth/helm/aaf/templates/aaf-oauth.yaml +++ b/auth/helm/aaf/templates/aaf-oauth.yaml @@ -48,7 +48,7 @@ spec: - name: AAF_REGISTER_AS value: "aaf-oauth" - name: AAF_LOCATOR_AS - value: "aaf-locate" + value: "{{ .Values.cadi.aaf_locate_as }}" - name: LATITUDE value: "{{ .Values.cadi.cadi_latitude }}" - name: LONGITUDE diff --git a/auth/helm/aaf/templates/aaf-service.yaml b/auth/helm/aaf/templates/aaf-service.yaml index e76f61b3..306bd776 100644 --- a/auth/helm/aaf/templates/aaf-service.yaml +++ b/auth/helm/aaf/templates/aaf-service.yaml @@ -22,7 +22,7 @@ metadata: labels: app: aaf-service spec: - replicas: 2 + replicas: 1 selector: matchLabels: app: aaf-service @@ -32,9 +32,11 @@ spec: app: aaf-service spec: volumes: - # Use this Pod Sharing dir to declare various States of starting - name: {{ .Chart.Name }}-config-vol - emptyDir: {} + persistentVolumeClaim: + claimName: {{ .Chart.Name }}-config-pvc + #- name: {{ .Chart.Name }}-config-vol + # emptyDir: {} initContainers: - name: {{ .Chart.Name }}-config-container image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} @@ -48,7 +50,7 @@ spec: - name: AAF_REGISTER_AS value: "aaf-service" - name: AAF_LOCATOR_AS - value: "aaf-locate" + value: "{{ .Values.cadi.aaf_locate_as }}" - name: LATITUDE value: "{{ .Values.cadi.cadi_latitude }}" - name: LONGITUDE diff --git a/auth/helm/aaf/templates/aaf.yaml b/auth/helm/aaf/templates/aaf.yaml deleted file mode 100644 index c8eb2970..00000000 --- a/auth/helm/aaf/templates/aaf.yaml +++ /dev/null @@ -1,205 +0,0 @@ -kind: Service -apiVersion: v1 -metadata: - name: aaf -spec: - selector: - app: aaf - #type: ExternalName - #externalName: aaf.osaaf.org - externalIPs: - - 192.168.99.100 - ports: - - name: aaf-service - protocol: TCP - port: 8100 - targetPort: 8100 - - name: aaf-locate - protocol: TCP - port: 8095 - targetPort: 8095 - - name: aaf-oauth - protocol: TCP - port: 8140 - targetPort: 8140 - - name: aaf-gui - protocol: TCP - port: 8200 - targetPort: 8200 - - name: aaf-cm - protocol: TCP - port: 8150 - targetPort: 8150 - - name: aaf-hello - protocol: TCP - port: 8130 - targetPort: 8130 - - name: aaf-fs - protocol: TCP - port: 8096 - targetPort: 8096 ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: aaf-svcs - labels: - app: aaf -spec: - replicas: 1 - selector: - matchLabels: - app: aaf - template: - metadata: - labels: - app: aaf - spec: - volumes: - - name: {{ .Chart.Name }}-config-vol - persistentVolumeClaim: - claimName: {{ .Chart.Name }}-config-pvc - # Use this Pod Sharing dir to declare various States of starting - - name: {{ .Chart.Name }}-status-vol - persistentVolumeClaim: - claimName: {{ .Chart.Name }}-status-pvc - initContainers: - - name: {{ .Chart.Name }}-config-container - image: {{ .Values.image.repository }}onap/aaf/aaf_config:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - env: - - name: HOSTNAME - value: "{{ .Values.cadi.hostname }}" - - name: AAF_ENV - value: "{{ .Values.cadi.aaf_env }}" - - name: AAF_REGISTER_AS - value: "{{ .Values.cadi.aaf_register_as }}" - - name: LATITUDE - value: "{{ .Values.cadi.cadi_latitude }}" - - name: LONGITUDE - value: "{{ .Values.cadi.cadi_longitude }}" - - name: CASS_HOST - value: "aaf-cass" - containers: -### -### AAF-Service -### - - name: {{ .Chart.Name }}-service - image: {{ .Values.image.repository }}onap/aaf/aaf_service:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_service","sleep","30","/opt/app/aaf/bin/service"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - ports: - - name: service - protocol: TCP - containerPort: 8100 -# hostPort: 8100 -### -### AAF-Locate -### - - name: {{ .Chart.Name }}-locate - image: {{ .Values.image.repository }}onap/aaf/aaf_locate:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_locate","aaf_service","/opt/app/aaf/bin/locate"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - ports: - - name: locate - protocol: TCP - containerPort: 8095 - -### -### AAF-OAuth -### - - name: {{ .Chart.Name }}-oauth - image: {{ .Values.image.repository }}onap/aaf/aaf_oauth:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_oauth","aaf_locate","/opt/app/aaf/bin/oauth"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - ports: - - name: oauth - protocol: TCP - containerPort: 8096 -### -### AAF-GUI -### - - name: {{ .Chart.Name }}-gui - image: {{ .Values.image.repository }}onap/aaf/aaf_gui:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_gui","aaf_cm","/opt/app/aaf/bin/gui"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - ports: - - name: gui - protocol: TCP - containerPort: 8200 -### -### AAF-Certman -### - - name: {{ .Chart.Name }}-cm - image: {{ .Values.image.repository }}onap/aaf/aaf_cm:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_cm","aaf_locate","/opt/app/aaf/bin/cm"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - ports: - - name: cm - protocol: TCP - containerPort: 8150 - -### -### AAF-FS -### - - name: {{ .Chart.Name }}-fs - image: {{ .Values.image.repository }}onap/aaf/aaf_fs:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_fs","aaf_locate","/opt/app/aaf/bin/fs"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - ports: - - name: fs - protocol: TCP - containerPort: 8096 - -### -### AAF-Hello -### - - name: {{ .Chart.Name }}-hello - image: {{ .Values.image.repository }}onap/aaf/aaf_hello:{{ .Values.image.version }} - imagePullPolicy: IfNotPresent - command: ["/bin/bash","/opt/app/aaf/pod/pod_wait.sh","aaf_hello","aaf_locate","/opt/app/aaf/bin/hello"] - volumeMounts: - - mountPath: "/opt/app/osaaf" - name: {{ .Chart.Name }}-config-vol - - mountPath: "/opt/app/aaf/status" - name: {{ .Chart.Name }}-status-vol - ports: - - name: hello - protocol: TCP - containerPort: 8130 - diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml index bee28d5d..044ff426 100644 --- a/auth/helm/aaf/values.yaml +++ b/auth/helm/aaf/values.yaml @@ -19,6 +19,7 @@ cadi: cadi_longitude: "-72.0" aaf_env: "DEV" aaf_register_as: "aaf.onap" + aaf_locate_as: "aaf-locate" persistence: mountPath: "/mnt/data/aaf" @@ -47,7 +48,7 @@ image: # When using Docker Repo, add, and include trailing "/" # repository: nexus3.onap.org:10003/ # repository: localhost:5000/ - version: 2.1.3-SNAPSHOT + version: 2.1.4-SNAPSHOT resources: {} # We usually recommend not to specify default resources and to leave this as a conscious diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh index 99ed2793..a7095268 100755 --- a/auth/sample/bin/client.sh +++ b/auth/sample/bin/client.sh @@ -208,6 +208,9 @@ if [ ! "$CMD" = "" ]; then echo "--- agent Tool Comands ---" $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar ;; + sample) + echo "--- run Sample Servlet App ---" + $JAVA -Dcadi_prop_files=$LOCAL/${NS}.props -cp $CONFIG/bin/aaf-cadi-aaf-*-full.jar:$CONFIG/bin/aaf-cadi-servlet-sample-*-sample.jar org.onap.aaf.sample.cadi.jetty.JettyStandalone ${NS}.props esac echo "" ;; diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh index b6121ead..6b694adc 100644 --- a/auth/sample/bin/service.sh +++ b/auth/sample/bin/service.sh @@ -89,7 +89,7 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then echo cadi_longitude=${LONGITUDE} >> ${TMP} echo cadi_x509_issuers=${CADI_X509_ISSUERS} >> ${TMP} echo aaf_register_as=${AAF_REGISTER_AS} >> ${TMP} - LOCATOR_AS=${LOCATOR:=AAF_REGISTER_AS} + AAF_LOCATOR_AS=${AAF_LOCATOR_AS:=$AAF_REGISTER_AS} echo aaf_locate_url=https://${AAF_LOCATOR_AS}:8095 >> ${TMP} cat $TMP @@ -101,7 +101,7 @@ if [ ! -e $LOCAL/org.osaaf.aaf.props ]; then # Cassandra Config stuff # Default is expect a Cassandra on same Node - CASS_HOST=${CASS_HOST:="localhost:127.0.0.1"} + CASS_HOST=${CASS_HOST:="aaf_cass"} CASS_PASS=$("$JAVA" -jar $CONFIG/bin/aaf-cadi-aaf-*-full.jar cadi digest "${CASSANDRA_PASSWORD:-cassandra}" $LOCAL/org.osaaf.aaf.keyfile) CASS_NAME=${CASS_HOST/:*/} sed -i.backup -e "s/\\(cassandra.clusters=\\).*/\\1${CASSANDRA_CLUSTERS:=$CASS_HOST}/" \ diff --git a/auth/sample/etc/org.osaaf.aaf.cm.props b/auth/sample/etc/org.osaaf.aaf.cm.props index 661d8bb8..ada807ec 100644 --- a/auth/sample/etc/org.osaaf.aaf.cm.props +++ b/auth/sample/etc/org.osaaf.aaf.cm.props @@ -4,7 +4,7 @@ ## Note: Link to CA Properties in "local" dir ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cm.ca.props -aaf_component=AAF_NS.cm:2.1.2 +aaf_component=AAF_NS.cm:2.1.4 port=8150 #Certman diff --git a/auth/sample/etc/org.osaaf.aaf.fs.props b/auth/sample/etc/org.osaaf.aaf.fs.props index d0aac3ae..b4f4ae5f 100644 --- a/auth/sample/etc/org.osaaf.aaf.fs.props +++ b/auth/sample/etc/org.osaaf.aaf.fs.props @@ -3,7 +3,7 @@ ## AAF Fileserver Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props -aaf_component=AAF_NS.fs:2.1.2 +aaf_component=AAF_NS.fs:2.1.4 port=8096 aaf_public_dir=/opt/app/osaaf/public diff --git a/auth/sample/etc/org.osaaf.aaf.gui.props b/auth/sample/etc/org.osaaf.aaf.gui.props index 3cff29ba..3a23e5e5 100644 --- a/auth/sample/etc/org.osaaf.aaf.gui.props +++ b/auth/sample/etc/org.osaaf.aaf.gui.props @@ -3,7 +3,7 @@ ## AAF GUI Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props -aaf_component=AAF_NS.gui:2.1.2 +aaf_component=AAF_NS.gui:2.1.4 port=8200 aaf_gui_title=AAF diff --git a/auth/sample/etc/org.osaaf.aaf.hello.props b/auth/sample/etc/org.osaaf.aaf.hello.props index db64baf5..311aa113 100644 --- a/auth/sample/etc/org.osaaf.aaf.hello.props +++ b/auth/sample/etc/org.osaaf.aaf.hello.props @@ -3,6 +3,6 @@ ## AAF Hello Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props -aaf_component=AAF_NS.hello:2.1.2 +aaf_component=AAF_NS.hello:2.1.4 port=8130 diff --git a/auth/sample/etc/org.osaaf.aaf.locate.props b/auth/sample/etc/org.osaaf.aaf.locate.props index 25d6217b..43379160 100644 --- a/auth/sample/etc/org.osaaf.aaf.locate.props +++ b/auth/sample/etc/org.osaaf.aaf.locate.props @@ -3,6 +3,6 @@ ## AAF Locator Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props -aaf_component=AAF_NS.locator:2.1.2 +aaf_component=AAF_NS.locator:2.1.4 port=8095 diff --git a/auth/sample/etc/org.osaaf.aaf.oauth.props b/auth/sample/etc/org.osaaf.aaf.oauth.props index ac8b9a54..4575646a 100644 --- a/auth/sample/etc/org.osaaf.aaf.oauth.props +++ b/auth/sample/etc/org.osaaf.aaf.oauth.props @@ -3,6 +3,6 @@ ## AAF OAuth2 Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props -aaf_component=AAF_NS.oauth:2.1.2 +aaf_component=AAF_NS.oauth:2.1.4 port=8140 diff --git a/auth/sample/etc/org.osaaf.aaf.service.props b/auth/sample/etc/org.osaaf.aaf.service.props index ab050985..ef9bf01f 100644 --- a/auth/sample/etc/org.osaaf.aaf.service.props +++ b/auth/sample/etc/org.osaaf.aaf.service.props @@ -3,6 +3,6 @@ ## AAF Service Properties ## cadi_prop_files=/opt/app/osaaf/local/org.osaaf.aaf.props:/opt/app/osaaf/etc/org.osaaf.aaf.log4j.props:/opt/app/osaaf/local/org.osaaf.aaf.cassandra.props:/opt/app/osaaf/etc/org.osaaf.aaf.orgs.props -aaf_component=AAF_NS.service:2.1.2 +aaf_component=AAF_NS.service:2.1.4 port=8100 diff --git a/cadi/servlet-sample/pom.xml b/cadi/servlet-sample/pom.xml index 0eb2965d..2fb8bf65 100644 --- a/cadi/servlet-sample/pom.xml +++ b/cadi/servlet-sample/pom.xml @@ -25,18 +25,27 @@ + + + maven-assembly-plugin + + + sample + package + + single + + + + src/assemble/servlet_sample.xml + + + + + + - - true - org.apache.maven.plugins - maven-compiler-plugin - 3.1 - - 1.7 - 1.7 - - org.apache.maven.plugins 2.4 @@ -50,6 +59,16 @@ + + true + org.apache.maven.plugins + maven-compiler-plugin + 3.1 + + 1.7 + 1.7 + + diff --git a/cadi/servlet-sample/src/assemble/servlet_sample.xml b/cadi/servlet-sample/src/assemble/servlet_sample.xml new file mode 100644 index 00000000..cd95cd33 --- /dev/null +++ b/cadi/servlet-sample/src/assemble/servlet_sample.xml @@ -0,0 +1,48 @@ + + + + + sample + + jar + + + false + + + true + + org.onap.aaf.authz:aaf-cadi-servlet-sample + javax.servlet:javax.servlet-api + org.eclipse.jetty:jetty-webapp + org.eclipse.jetty:jetty-http + org.eclipse.jetty:jetty-util + org.eclipse.jetty:jetty-server + org.eclipse.jetty:jetty-servlet + org.eclipse.jetty:jetty-io + org.eclipse.jetty:jetty-security + + + + + \ No newline at end of file diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java new file mode 100644 index 00000000..7d1eae96 --- /dev/null +++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java @@ -0,0 +1,127 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.sample.cadi; + +import java.io.IOException; +import java.security.Principal; + +import javax.servlet.Servlet; +import javax.servlet.ServletConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; + +import org.onap.aaf.cadi.aaf.v2_0.AAFCon; +import org.onap.aaf.cadi.client.Future; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.principal.TaggedPrincipal; + +// Uncomment if you utilized the "MiniJASPIWrap" in the Servlet setup in "main()", and want to protect your service via Permission or mapped role +// @RolesAllowed({"com.att.aaf.myPerm|myInstance|myAction"}) + public class MyServlet implements Servlet { + private ServletConfig servletConfig; + + public void init(ServletConfig config) throws ServletException { + servletConfig = config; + } + + public ServletConfig getServletConfig() { + return servletConfig; + } + + public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException { + HttpServletRequest request; + try { + request = (HttpServletRequest)req; + } catch (ClassCastException e) { + throw new ServletException("Only serving HTTP today",e); + } + + res.getOutputStream().println("
CSP Servlet Test

You're good to go!

" +
+                    request.getUserPrincipal());
+            
+            String perm = request.getParameter("PERM");
+            if (perm!=null) {
+                if (request.isUserInRole(perm)) {
+                    if (perm.indexOf('|')<0) { 
+                        res.getOutputStream().println("\nCongrats!, You are in Role " + perm);
+                    } else { 
+                        res.getOutputStream().println("\nCongrats!, You have Permission " + perm);
+                    }
+                } else {
+                    if (perm.indexOf('|')<0) { 
+                        res.getOutputStream().println("\nSorry, you are NOT in Role " + perm);
+                    } else {
+                        res.getOutputStream().println("\nSorry, you do NOT have Permission " + perm);
+                    }
+                }
+            }
+            
+            // You can get the working AAFCon from Trans
+            AAFCon aafcon = AAFCon.obtain(req);
+            if (aafcon!=null) {
+                try {
+                    res.getOutputStream().println("----- Perms JSON from direct call -----");
+                    final Principal up = request.getUserPrincipal();
+                    TaggedPrincipal tp;
+                    if (up instanceof TaggedPrincipal) {
+                        tp = (TaggedPrincipal)up;
+                    } else {
+                        tp = new TaggedPrincipal() {
+                            @Override
+                            public String getName() {
+                                return up.getName();
+                            }
+
+                            @Override
+                            public String tag() {
+                                return "Unknown";
+                            }
+                        };
+                    }
+                    // This call will be "as the user calling", but only if permission is set to trust.
+//                    Future future = aafcon.clientAs(Config.AAF_DEFAULT_VERSION,tp).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
+                    Future future = aafcon.client(Config.AAF_DEFAULT_VERSION).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
+                    if (future.get(4000 /* timeout */)) {
+                        res.getOutputStream().print(future.value);
+                    } else {
+                        System.err.println(future.code() + ", " + future.body());
+                        res.getOutputStream().print(future.code() + ", " + future.body());
+                    }
+                } catch (Exception e) {
+                    e.printStackTrace();
+                }
+            } else {
+                res.getOutputStream().println("No AAFCon instantiated");
+            }
+            res.getOutputStream().print("
"); + + } + + public String getServletInfo() { + return "MyServlet"; + } + + public void destroy() { + } + } \ No newline at end of file diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java new file mode 100644 index 00000000..a45725d7 --- /dev/null +++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java @@ -0,0 +1,45 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.sample.cadi.jetty; + +import java.util.EnumSet; + +import javax.servlet.DispatcherType; + +import org.eclipse.jetty.webapp.WebAppContext; +import org.onap.aaf.cadi.filter.CadiFilter; + + + +public class Config { + /** + * Method to make jetty configurations (others?) with more complex function possible + * + * @param sc + */ + public static final void addToContext(WebAppContext sc, String propFile) { + sc.addFilter(CadiFilter.class,"/*",EnumSet.of(DispatcherType.REQUEST)); + sc.setInitParameter(org.onap.aaf.cadi.config.Config.CADI_PROP_FILES, propFile); + } + + +} diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java new file mode 100644 index 00000000..165acffb --- /dev/null +++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java @@ -0,0 +1,112 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.sample.cadi.jetty; + +import java.net.Inet4Address; +import java.util.concurrent.ArrayBlockingQueue; + +import javax.servlet.Servlet; + +import org.eclipse.jetty.server.Server; +import org.eclipse.jetty.server.ServerConnector; +import org.eclipse.jetty.server.handler.ContextHandler; +import org.eclipse.jetty.servlet.FilterHolder; +import org.eclipse.jetty.servlet.FilterMapping; +import org.eclipse.jetty.servlet.ServletContextHandler; +import org.eclipse.jetty.servlet.ServletHandler; +import org.eclipse.jetty.servlet.ServletHolder; +import org.eclipse.jetty.util.ssl.SslContextFactory; +import org.eclipse.jetty.util.thread.QueuedThreadPool; +import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.config.Config; +import org.onap.aaf.cadi.config.SecurityInfo; +import org.onap.aaf.cadi.filter.CadiFilter; + +public abstract class JettyServletServer implements Servlet { + + public static Server run(PropAccess access, String context, Class servletCls, int port, String ...args) throws Exception { + // Defaults: + int blockingQueueSize = 10; + int corePoolSize = 10; + int maxPoolSize = 10; + int keepAliveTime = 3000; + String hostname = access.getProperty(Config.HOSTNAME, null); + if (hostname==null) { + hostname = Inet4Address.getLocalHost().getHostName(); + } + + // Add your own Properties to override defaults + + ArrayBlockingQueue queue = new ArrayBlockingQueue(blockingQueueSize); + QueuedThreadPool pool = new QueuedThreadPool(maxPoolSize,corePoolSize,keepAliveTime,queue); + Server server = new Server(pool); + + String protocol; + if (access.getProperty(Config.CADI_KEYSTORE_PASSWORD,null)==null) { + ServerConnector conn = new ServerConnector(server); + conn.setHost(hostname); + conn.setPort(port); + server.addConnector(conn); + protocol = "http"; + } else { + // Setup Security + SecurityInfo securityInfo = new SecurityInfo(access); + SslContextFactory scf = new SslContextFactory(); + scf.setSslContext(securityInfo.getSSLContext()); + scf.setWantClientAuth(true); + ServerConnector sslConnector = new ServerConnector(server,scf); + sslConnector.setHost(hostname); + sslConnector.setPort(port); + server.addConnector(sslConnector); + protocol = "https"; + } + + // Setup Sample Servlet + CadiFilter cf = new CadiFilter(true,access); + FilterHolder cfh = new FilterHolder(cf); + + ServletHandler shand = new ServletHandler(); + shand.addFilterWithMapping(cfh, "/*", FilterMapping.ALL); + // To use normal Servlets, just add the class here... Actually, bug in Jetty... need to add with ServletHolder + ServletHolder sh = new ServletHolder(); + sh.setServlet(servletCls.newInstance()); + shand.addServletWithMapping(sh,"/*"); + + // To use JASPI Authorization Style to protect the servlet, wrap the Servlet + // with the "MiniJSAPIWrap class, as shown here. Then add "@RolesAllowed" on your + // servlet (see sample). Use Pipe delimited Permissions, not AAF Roles in the line + // shand.addServletWithMapping(new MiniJASPIWrap(MyServlet.class),"/*"); + // call initialize after start + ContextHandler ch = new ServletContextHandler(); + ch.setContextPath(context); + ch.setHandler(shand); + server.setHandler(ch); + // Startup the Server + server.setStopAtShutdown(true); + server.start(); + + access.log(Level.INFO,"TestServlet is running at " + protocol + "://"+hostname+':'+port+context); + return server; + } + +} diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java new file mode 100644 index 00000000..6edd6f5b --- /dev/null +++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java @@ -0,0 +1,46 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.sample.cadi.jetty; + +import org.eclipse.jetty.server.Server; +import org.onap.aaf.cadi.Access.Level; +import org.onap.aaf.sample.cadi.MyServlet; +import org.onap.aaf.cadi.PropAccess; + + + + +public class JettyStandalone { + public static void main(String[] args) { + PropAccess access = new PropAccess(args); + try { + Server server = JettyServletServer.run(access, "/caditest", MyServlet.class, 3456); + server.join(); + } catch (Exception e) { + access.log(Level.ERROR, e); + } finally { + access.log(Level.INFO,"Stopping Service"); + } + + } + +} diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java new file mode 100644 index 00000000..4d170f3f --- /dev/null +++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java @@ -0,0 +1,101 @@ +/** + * ============LICENSE_START==================================================== + * org.onap.aaf + * =========================================================================== + * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. + * =========================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END==================================================== + * + */ + +package org.onap.aaf.sample.cadi.jetty; + +import java.io.IOException; + +import javax.servlet.Servlet; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.UnavailableException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.eclipse.jetty.server.Request; +import org.eclipse.jetty.servlet.ServletHolder; +import org.onap.aaf.cadi.filter.RolesAllowed; + + + +/** + * MiniJASPIWrap + * + * Support the ability to check JASPI Annotation Style Authorizations. + * + * This can be a clean way to enforce API Authorization without mistakes in code. + * + * @author JonathanGathman + * + */ +public class MiniJASPIWrap extends ServletHolder { + private RolesAllowed rolesAllowed; + //private String roles; + public MiniJASPIWrap(Class servlet) { + super(servlet); + this.rolesAllowed = servlet.getAnnotation(RolesAllowed.class); + StringBuilder sb = new StringBuilder(); + boolean first = true; + if (rolesAllowed!=null) { + for (String str : rolesAllowed.value()) { + if (first)first=false; + else sb.append(','); + sb.append(str); + } + } + //roles = sb.toString(); + } + + /** + * handle + * + * When utilized, this class authorizes the transaction by first calling the standard J2EE API call + * "isUserInRole" with the role(s) found in the class Annotations (JASPI Style) + */ + @Override + public void handle(Request baseRequest, ServletRequest request, ServletResponse response) throws ServletException, UnavailableException, IOException { + if (rolesAllowed==null) { + super.handle(baseRequest, request, response); + } else { // Validate + try { + + HttpServletRequest hreq = (HttpServletRequest)request; + boolean proceed = false; + for (String role : rolesAllowed.value()) { + if (hreq.isUserInRole(role)) { + proceed = true; + break; + } + } + if (proceed) { + super.handle(baseRequest, request, response); + } else { + //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles); + ((HttpServletResponse)response).sendError(403); // forbidden + } + } catch (ClassCastException e) { + throw new ServletException("JASPIWrap only supports HTTPServletRequest/HttpServletResponse"); + } + } + } + +} diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java deleted file mode 100644 index 7d1eae96..00000000 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java +++ /dev/null @@ -1,127 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package org.onap.aaf.sample.cadi; - -import java.io.IOException; -import java.security.Principal; - -import javax.servlet.Servlet; -import javax.servlet.ServletConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; - -import org.onap.aaf.cadi.aaf.v2_0.AAFCon; -import org.onap.aaf.cadi.client.Future; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.principal.TaggedPrincipal; - -// Uncomment if you utilized the "MiniJASPIWrap" in the Servlet setup in "main()", and want to protect your service via Permission or mapped role -// @RolesAllowed({"com.att.aaf.myPerm|myInstance|myAction"}) - public class MyServlet implements Servlet { - private ServletConfig servletConfig; - - public void init(ServletConfig config) throws ServletException { - servletConfig = config; - } - - public ServletConfig getServletConfig() { - return servletConfig; - } - - public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException { - HttpServletRequest request; - try { - request = (HttpServletRequest)req; - } catch (ClassCastException e) { - throw new ServletException("Only serving HTTP today",e); - } - - res.getOutputStream().println("
CSP Servlet Test

You're good to go!

" +
-                    request.getUserPrincipal());
-            
-            String perm = request.getParameter("PERM");
-            if (perm!=null) {
-                if (request.isUserInRole(perm)) {
-                    if (perm.indexOf('|')<0) { 
-                        res.getOutputStream().println("\nCongrats!, You are in Role " + perm);
-                    } else { 
-                        res.getOutputStream().println("\nCongrats!, You have Permission " + perm);
-                    }
-                } else {
-                    if (perm.indexOf('|')<0) { 
-                        res.getOutputStream().println("\nSorry, you are NOT in Role " + perm);
-                    } else {
-                        res.getOutputStream().println("\nSorry, you do NOT have Permission " + perm);
-                    }
-                }
-            }
-            
-            // You can get the working AAFCon from Trans
-            AAFCon aafcon = AAFCon.obtain(req);
-            if (aafcon!=null) {
-                try {
-                    res.getOutputStream().println("----- Perms JSON from direct call -----");
-                    final Principal up = request.getUserPrincipal();
-                    TaggedPrincipal tp;
-                    if (up instanceof TaggedPrincipal) {
-                        tp = (TaggedPrincipal)up;
-                    } else {
-                        tp = new TaggedPrincipal() {
-                            @Override
-                            public String getName() {
-                                return up.getName();
-                            }
-
-                            @Override
-                            public String tag() {
-                                return "Unknown";
-                            }
-                        };
-                    }
-                    // This call will be "as the user calling", but only if permission is set to trust.
-//                    Future future = aafcon.clientAs(Config.AAF_DEFAULT_VERSION,tp).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
-                    Future future = aafcon.client(Config.AAF_DEFAULT_VERSION).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
-                    if (future.get(4000 /* timeout */)) {
-                        res.getOutputStream().print(future.value);
-                    } else {
-                        System.err.println(future.code() + ", " + future.body());
-                        res.getOutputStream().print(future.code() + ", " + future.body());
-                    }
-                } catch (Exception e) {
-                    e.printStackTrace();
-                }
-            } else {
-                res.getOutputStream().println("No AAFCon instantiated");
-            }
-            res.getOutputStream().print("
"); - - } - - public String getServletInfo() { - return "MyServlet"; - } - - public void destroy() { - } - } \ No newline at end of file diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java deleted file mode 100644 index a45725d7..00000000 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/Config.java +++ /dev/null @@ -1,45 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package org.onap.aaf.sample.cadi.jetty; - -import java.util.EnumSet; - -import javax.servlet.DispatcherType; - -import org.eclipse.jetty.webapp.WebAppContext; -import org.onap.aaf.cadi.filter.CadiFilter; - - - -public class Config { - /** - * Method to make jetty configurations (others?) with more complex function possible - * - * @param sc - */ - public static final void addToContext(WebAppContext sc, String propFile) { - sc.addFilter(CadiFilter.class,"/*",EnumSet.of(DispatcherType.REQUEST)); - sc.setInitParameter(org.onap.aaf.cadi.config.Config.CADI_PROP_FILES, propFile); - } - - -} diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java deleted file mode 100644 index 165acffb..00000000 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java +++ /dev/null @@ -1,112 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package org.onap.aaf.sample.cadi.jetty; - -import java.net.Inet4Address; -import java.util.concurrent.ArrayBlockingQueue; - -import javax.servlet.Servlet; - -import org.eclipse.jetty.server.Server; -import org.eclipse.jetty.server.ServerConnector; -import org.eclipse.jetty.server.handler.ContextHandler; -import org.eclipse.jetty.servlet.FilterHolder; -import org.eclipse.jetty.servlet.FilterMapping; -import org.eclipse.jetty.servlet.ServletContextHandler; -import org.eclipse.jetty.servlet.ServletHandler; -import org.eclipse.jetty.servlet.ServletHolder; -import org.eclipse.jetty.util.ssl.SslContextFactory; -import org.eclipse.jetty.util.thread.QueuedThreadPool; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.config.SecurityInfo; -import org.onap.aaf.cadi.filter.CadiFilter; - -public abstract class JettyServletServer implements Servlet { - - public static Server run(PropAccess access, String context, Class servletCls, int port, String ...args) throws Exception { - // Defaults: - int blockingQueueSize = 10; - int corePoolSize = 10; - int maxPoolSize = 10; - int keepAliveTime = 3000; - String hostname = access.getProperty(Config.HOSTNAME, null); - if (hostname==null) { - hostname = Inet4Address.getLocalHost().getHostName(); - } - - // Add your own Properties to override defaults - - ArrayBlockingQueue queue = new ArrayBlockingQueue(blockingQueueSize); - QueuedThreadPool pool = new QueuedThreadPool(maxPoolSize,corePoolSize,keepAliveTime,queue); - Server server = new Server(pool); - - String protocol; - if (access.getProperty(Config.CADI_KEYSTORE_PASSWORD,null)==null) { - ServerConnector conn = new ServerConnector(server); - conn.setHost(hostname); - conn.setPort(port); - server.addConnector(conn); - protocol = "http"; - } else { - // Setup Security - SecurityInfo securityInfo = new SecurityInfo(access); - SslContextFactory scf = new SslContextFactory(); - scf.setSslContext(securityInfo.getSSLContext()); - scf.setWantClientAuth(true); - ServerConnector sslConnector = new ServerConnector(server,scf); - sslConnector.setHost(hostname); - sslConnector.setPort(port); - server.addConnector(sslConnector); - protocol = "https"; - } - - // Setup Sample Servlet - CadiFilter cf = new CadiFilter(true,access); - FilterHolder cfh = new FilterHolder(cf); - - ServletHandler shand = new ServletHandler(); - shand.addFilterWithMapping(cfh, "/*", FilterMapping.ALL); - // To use normal Servlets, just add the class here... Actually, bug in Jetty... need to add with ServletHolder - ServletHolder sh = new ServletHolder(); - sh.setServlet(servletCls.newInstance()); - shand.addServletWithMapping(sh,"/*"); - - // To use JASPI Authorization Style to protect the servlet, wrap the Servlet - // with the "MiniJSAPIWrap class, as shown here. Then add "@RolesAllowed" on your - // servlet (see sample). Use Pipe delimited Permissions, not AAF Roles in the line - // shand.addServletWithMapping(new MiniJASPIWrap(MyServlet.class),"/*"); - // call initialize after start - ContextHandler ch = new ServletContextHandler(); - ch.setContextPath(context); - ch.setHandler(shand); - server.setHandler(ch); - // Startup the Server - server.setStopAtShutdown(true); - server.start(); - - access.log(Level.INFO,"TestServlet is running at " + protocol + "://"+hostname+':'+port+context); - return server; - } - -} diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java deleted file mode 100644 index 6edd6f5b..00000000 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java +++ /dev/null @@ -1,46 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package org.onap.aaf.sample.cadi.jetty; - -import org.eclipse.jetty.server.Server; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.sample.cadi.MyServlet; -import org.onap.aaf.cadi.PropAccess; - - - - -public class JettyStandalone { - public static void main(String[] args) { - PropAccess access = new PropAccess(args); - try { - Server server = JettyServletServer.run(access, "/caditest", MyServlet.class, 3456); - server.join(); - } catch (Exception e) { - access.log(Level.ERROR, e); - } finally { - access.log(Level.INFO,"Stopping Service"); - } - - } - -} diff --git a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java b/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java deleted file mode 100644 index 4d170f3f..00000000 --- a/cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java +++ /dev/null @@ -1,101 +0,0 @@ -/** - * ============LICENSE_START==================================================== - * org.onap.aaf - * =========================================================================== - * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - * - */ - -package org.onap.aaf.sample.cadi.jetty; - -import java.io.IOException; - -import javax.servlet.Servlet; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.UnavailableException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.eclipse.jetty.server.Request; -import org.eclipse.jetty.servlet.ServletHolder; -import org.onap.aaf.cadi.filter.RolesAllowed; - - - -/** - * MiniJASPIWrap - * - * Support the ability to check JASPI Annotation Style Authorizations. - * - * This can be a clean way to enforce API Authorization without mistakes in code. - * - * @author JonathanGathman - * - */ -public class MiniJASPIWrap extends ServletHolder { - private RolesAllowed rolesAllowed; - //private String roles; - public MiniJASPIWrap(Class servlet) { - super(servlet); - this.rolesAllowed = servlet.getAnnotation(RolesAllowed.class); - StringBuilder sb = new StringBuilder(); - boolean first = true; - if (rolesAllowed!=null) { - for (String str : rolesAllowed.value()) { - if (first)first=false; - else sb.append(','); - sb.append(str); - } - } - //roles = sb.toString(); - } - - /** - * handle - * - * When utilized, this class authorizes the transaction by first calling the standard J2EE API call - * "isUserInRole" with the role(s) found in the class Annotations (JASPI Style) - */ - @Override - public void handle(Request baseRequest, ServletRequest request, ServletResponse response) throws ServletException, UnavailableException, IOException { - if (rolesAllowed==null) { - super.handle(baseRequest, request, response); - } else { // Validate - try { - - HttpServletRequest hreq = (HttpServletRequest)request; - boolean proceed = false; - for (String role : rolesAllowed.value()) { - if (hreq.isUserInRole(role)) { - proceed = true; - break; - } - } - if (proceed) { - super.handle(baseRequest, request, response); - } else { - //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles); - ((HttpServletResponse)response).sendError(403); // forbidden - } - } catch (ClassCastException e) { - throw new ServletException("JASPIWrap only supports HTTPServletRequest/HttpServletResponse"); - } - } - } - -} diff --git a/conf/CA/bootstrap.sh b/conf/CA/bootstrap.sh index 056fb3a4..9699e30b 100644 --- a/conf/CA/bootstrap.sh +++ b/conf/CA/bootstrap.sh @@ -9,7 +9,7 @@ chmod 755 certs newcerts touch index.txt echo "unique_subject = no" > index.txt.attr if [ ! -e ./serial ]; then - echo $(date +%s) > ./serial + echo $(date +%s)_$(shuf -i 0-1000000 -n 1) > ./serial fi NAME=aaf.bootstrap diff --git a/conf/CA/san_root.aaf b/conf/CA/san_root.aaf index ec275a35..43b3b25d 100644 --- a/conf/CA/san_root.aaf +++ b/conf/CA/san_root.aaf @@ -1 +1 @@ -aaf.osaaf.org aaf.api.simpledemo.onap.org +aaf.osaaf.org aaf.api.simpledemo.onap.org aaf-service aaf-locate aaf-oauth aaf-gui aaf-cm aaf-fs aaf-hello -- cgit 1.2.3-korg