diff options
| author |   Pavel Paroulek <pavel.paroulek@orange.com> | 2018-08-23 18:21:46 +0200 |
|---|---|---|
| committer | Pavel Paroulek <pavel.paroulek@orange.com> | 2018-08-23 18:21:46 +0200 |
| commit | 87d493e0e6a94e4a405185de01a45eae64d978b1 (patch) | |
| tree | c99c7b2941e8ce3da2bd18597f8fd84ebf0b9224 | |
| parent | aaebcebde628f0b9d6a566e906d921bdfea8dd8e (diff) | |
Adding AAF basic auth filter
Adding a AAF Cadi filter. AAF is configured to communicate with Beijing AAF instance in the Windriver lab. To activate AAF filter set the profile aaf-auth
Change-Id: I1489f1b4e22658c3513ac89ff2e57302bfe265c8
Issue-ID: AAI-32
Signed-off-by: Pavel Paroulek <pavel.paroulek@orange.com>
| -rw-r--r-- | aai-resources/pom.xml | 6 | ||||
| -rw-r--r-- | aai-resources/src/main/java/org/onap/aai/Profiles.java | 1 | ||||
| -rw-r--r-- | aai-resources/src/main/java/org/onap/aai/config/AafFilter.java | 77 | ||||
| -rw-r--r-- | aai-resources/src/main/resources/aaf/aai | bin | 0 -> 860160 bytes | |||
| -rw-r--r-- | aai-resources/src/main/resources/aaf/org.onap.aai.keyfile | 27 | ||||
| -rw-r--r-- | aai-resources/src/main/resources/aaf/org.onap.aai.p12 | bin | 0 -> 4158 bytes | |||
| -rw-r--r-- | aai-resources/src/main/resources/aaf/org.onap.aai.props | 13 | ||||
| -rw-r--r-- | aai-resources/src/main/resources/aaf/org.osaaf.location.props | 26 | ||||
| -rw-r--r-- | aai-resources/src/main/resources/aaf/truststoreONAPall.jks | bin | 0 -> 114865 bytes | |||
| -rw-r--r-- | aai-resources/src/main/resources/cadi.properties | 8 |
10 files changed, 158 insertions, 0 deletions
diff --git a/aai-resources/pom.xml b/aai-resources/pom.xml index 3eafe0c..d4e1da0 100644 --- a/aai-resources/pom.xml +++ b/aai-resources/pom.xml @@ -70,6 +70,7 @@ <logback.version>1.2.3</logback.version> <hamcrest.junit.version>2.0.0.0</hamcrest.junit.version> <junit.version>4.12</junit.version> + <aaf.version>2.1.2-SNAPSHOT</aaf.version> <janino.version>2.7.8</janino.version> <google.guava.version>19.0</google.guava.version> <janusgraph.version>0.2.0</janusgraph.version> @@ -537,6 +538,11 @@ <version>${jaxb.version}</version> </dependency> <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-cadi-aaf</artifactId> + <version>${aaf.version}</version> + </dependency> + <dependency> <groupId>com.sun.xml.bind</groupId> <artifactId>jaxb-xjc</artifactId> <version>${jaxb.version}</version> diff --git a/aai-resources/src/main/java/org/onap/aai/Profiles.java b/aai-resources/src/main/java/org/onap/aai/Profiles.java index f0419d8..ea65b9a 100644 --- a/aai-resources/src/main/java/org/onap/aai/Profiles.java +++ b/aai-resources/src/main/java/org/onap/aai/Profiles.java @@ -25,6 +25,7 @@ public final class Profiles { public static final String DME2 = "dme2"; public static final String ONE_WAY_SSL = "one-way-ssl"; + public static final String AAF_AUTHENTICATION = "aaf-auth"; public static final String TWO_WAY_SSL = "two-way-ssl"; private Profiles(){} diff --git a/aai-resources/src/main/java/org/onap/aai/config/AafFilter.java b/aai-resources/src/main/java/org/onap/aai/config/AafFilter.java new file mode 100644 index 0000000..750540d --- /dev/null +++ b/aai-resources/src/main/java/org/onap/aai/config/AafFilter.java @@ -0,0 +1,77 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.aai.config; + +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.aai.Profiles; +import org.onap.aai.ResourcesApp; +import org.onap.aai.exceptions.AAIException; +import org.onap.aai.logging.ErrorLogHelper; +import org.springframework.boot.web.filter.OrderedRequestContextFilter; +import org.springframework.context.annotation.Profile; +import org.springframework.core.Ordered; +import org.springframework.stereotype.Component; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.MediaType; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Properties; + +/** + * AAF authentication filter + */ + +@Component +@Profile(Profiles.AAF_AUTHENTICATION) +public class AafFilter extends OrderedRequestContextFilter { + + private static final String ACCEPT_HEADER = "accept"; + private final CadiFilter cadiFilter; + + public AafFilter() throws IOException, ServletException { + Properties cadiProperties = new Properties(); + cadiProperties.load(ResourcesApp.class.getClassLoader().getResourceAsStream("cadi.properties")); + cadiFilter = new CadiFilter(new PropAccess(cadiProperties)); + this.setOrder(Ordered.HIGHEST_PRECEDENCE); + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { + cadiFilter.doFilter(request, response, filterChain); + if(response.getStatus() >=400 && response.getStatus() < 500){ + errorResponse(request, response); + } + } + + private void errorResponse(HttpServletRequest request, HttpServletResponse response) throws IOException { + String accept = request.getHeader(ACCEPT_HEADER) == null ? MediaType.APPLICATION_XML : request.getHeader(ACCEPT_HEADER); + AAIException aaie = new AAIException("AAI_3300"); + response.setStatus(aaie.getErrorObject().getHTTPResponseCode().getStatusCode()); + response.getWriter().write(ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)), aaie, new ArrayList<>())); + response.getWriter().flush(); + response.getWriter().close(); + } +} diff --git a/aai-resources/src/main/resources/aaf/aai b/aai-resources/src/main/resources/aaf/aai Binary files differnew file mode 100644 index 0000000..093c773 --- /dev/null +++ b/aai-resources/src/main/resources/aaf/aai diff --git a/aai-resources/src/main/resources/aaf/org.onap.aai.keyfile b/aai-resources/src/main/resources/aaf/org.onap.aai.keyfile new file mode 100644 index 0000000..3416d4a --- /dev/null +++ b/aai-resources/src/main/resources/aaf/org.onap.aai.keyfile @@ -0,0 +1,27 @@ +2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf +jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm +4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe +moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf +GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT +74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh +iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb +p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt +3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW +hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 +RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX +xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk +8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q +ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i +5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe +GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE +_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k +zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf +S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU +LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw +hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W +nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP +bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN +JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk +Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y +J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP +mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/aai-resources/src/main/resources/aaf/org.onap.aai.p12 b/aai-resources/src/main/resources/aaf/org.onap.aai.p12 Binary files differnew file mode 100644 index 0000000..023e2ea --- /dev/null +++ b/aai-resources/src/main/resources/aaf/org.onap.aai.p12 diff --git a/aai-resources/src/main/resources/aaf/org.onap.aai.props b/aai-resources/src/main/resources/aaf/org.onap.aai.props new file mode 100644 index 0000000..70ab2f7 --- /dev/null +++ b/aai-resources/src/main/resources/aaf/org.onap.aai.props @@ -0,0 +1,13 @@ +############################################################ +# Properties Generated by AT&T Certificate Manager +# @copyright 2016, AT&T +############################################################ +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=aai-resources/src/main/resources/aaf/org.onap.aai.keyfile +cadi_keystore=aai-resources/src/main/resources/aaf/org.onap.aai.p12 +cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV +#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> +cadi_alias=aai@aai.onap.org +cadi_truststore=aai-resources/src/main/resources/aaf/truststoreONAPall.jks +cadi_truststore_password=enc:s77wlnZFoQ08NhnU3OSeWO6uKgRwC6sAK-wTvVubNz2 +cadi_loglevel=INFO
\ No newline at end of file diff --git a/aai-resources/src/main/resources/aaf/org.osaaf.location.props b/aai-resources/src/main/resources/aaf/org.osaaf.location.props new file mode 100644 index 0000000..73a3a1e --- /dev/null +++ b/aai-resources/src/main/resources/aaf/org.osaaf.location.props @@ -0,0 +1,26 @@ +## +## org.osaaf.location.props +## +## Localized Machine Information +## +# Almeda California ? +cadi_latitude=37.78187 +cadi_longitude=-122.26147 + +# Locate URL (which AAF Env) +#aaf_locate_url=https://aaf-onap-beijing-test.osaaf.org +#aaf_locate_url=https://aaf-onap-test.osaaf.org + +aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 + +# AAF URL +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 + +# AAF Environment Designation +aaf_env=DEV + +# OAuth2 Endpoints +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + + diff --git a/aai-resources/src/main/resources/aaf/truststoreONAPall.jks b/aai-resources/src/main/resources/aaf/truststoreONAPall.jks Binary files differnew file mode 100644 index 0000000..2da1dcc --- /dev/null +++ b/aai-resources/src/main/resources/aaf/truststoreONAPall.jks diff --git a/aai-resources/src/main/resources/cadi.properties b/aai-resources/src/main/resources/cadi.properties new file mode 100644 index 0000000..269610f --- /dev/null +++ b/aai-resources/src/main/resources/cadi.properties @@ -0,0 +1,8 @@ + +cadi_loglevel=INFO +cadi_prop_files=aai-resources/src/main/resources/aaf/org.osaaf.location.props:aai-resources/src/main/resources/aaf/org.onap.aai.props + +# OAuth2 +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect + |