diff options
| author |   Nandkishor Patke <nandkishor-laxman.patke@t-systems.com> | 2025-01-27 14:47:47 +0000 |
|---|---|---|
| committer |   Gerrit Code Review <gerrit@onap.org> | 2025-01-27 14:47:47 +0000 |
| commit | 29eeae13c836a07ec145d2d2d1f7f08af15d3634 (patch) | |
| tree | 20918b72fc1eeea776d3e0bdb5f2e49cdcebf976 /aai-traversal | |
| parent | 6a5ae48f9ad5f46c707fbb3adfb93c584cf9a71a (diff) | |
| parent | 6288d8cc35c4c96ae1f9e5f1e0f16572d0d19c03 (diff) | |
Merge "Make aai-common agnostic of the embedded server (remove jetty-specific code)"
Diffstat (limited to 'aai-traversal')
42 files changed, 130 insertions, 1154 deletions
diff --git a/aai-traversal/pom.xml b/aai-traversal/pom.xml index adedcdb..b498bfb 100644 --- a/aai-traversal/pom.xml +++ b/aai-traversal/pom.xml @@ -26,7 +26,7 @@ <parent> <groupId>org.onap.aai.traversal</groupId> <artifactId>traversal</artifactId> - <version>1.15.4-SNAPSHOT</version> + <version>1.15.5-SNAPSHOT</version> </parent> <groupId>org.onap.aai.traversal</groupId> <artifactId>aai-traversal</artifactId> @@ -104,7 +104,6 @@ <javax.servlet.version>4.0.1</javax.servlet.version> <antlr.version>4.9.3</antlr.version> - <keycloak.version>11.0.2</keycloak.version> <io.swagger.version>1.6.14</io.swagger.version> <micrometer.version>1.6.6</micrometer.version> @@ -397,7 +396,7 @@ <dependency> <groupId>org.javatuples</groupId> <artifactId>javatuples</artifactId> - <scope>compile</scope> + <version>1.2</version> </dependency> <dependency> <groupId>com.google.code.gson</groupId> @@ -441,35 +440,25 @@ <groupId>org.onap.aai.aai-common</groupId> <artifactId>aai-rest</artifactId> </dependency> - <!-- Explicitly stating the security spring framework and exclude the bouncy - castle since that is somehow overwriting our p12 file decryption that's built - into java security This will cause the password is incorrect This needs to - be added back if org.bouncy castle dependency sneaks backs in and causing - issues with the two way ssl --> - <dependency> - <groupId>org.springframework.security</groupId> - <artifactId>spring-security-rsa</artifactId> - <exclusions> - <exclusion> - <groupId>org.bouncycastle</groupId> - <artifactId>bcpkix-jdk15on</artifactId> - </exclusion> - </exclusions> - </dependency> <dependency> <groupId>org.springframework.boot</groupId> - <artifactId>spring-boot-starter-web</artifactId> + <artifactId>spring-boot-starter-jersey</artifactId> <exclusions> <exclusion> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> </exclusion> - <exclusion> - <groupId>org.slf4j</groupId> - <artifactId>log4j-over-slf4j</artifactId> - </exclusion> </exclusions> </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-validation</artifactId> + </dependency> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-configuration-processor</artifactId> + <optional>true</optional> + </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-webflux</artifactId> @@ -539,28 +528,6 @@ <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> - <dependency> - <groupId>org.keycloak</groupId> - <artifactId>keycloak-spring-boot-starter</artifactId> - </dependency> - <dependency> - <groupId>com.github.dasniko</groupId> - <artifactId>testcontainers-keycloak</artifactId> - <version>${testcontainers.version}</version> - <scope>test</scope> - <exclusions> - <exclusion> - <groupId>junit</groupId> - <artifactId>junit</artifactId> - </exclusion> - </exclusions> - </dependency> - <dependency> - <groupId>org.keycloak</groupId> - <artifactId>keycloak-admin-client</artifactId> - <version>${keycloak.version}</version> - <scope>test</scope> - </dependency> <!-- TODO: Migrate tests to junit 5 and remove this dependency --> <dependency> <groupId>org.junit.vintage</groupId> @@ -577,24 +544,12 @@ <dependencyManagement> <dependencies> <dependency> - <groupId>org.keycloak.bom</groupId> - <artifactId>keycloak-adapter-bom</artifactId> - <version>${keycloak.version}</version> - <type>pom</type> - <scope>import</scope> - </dependency> - <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-dependencies</artifactId> <version>${spring-cloud.version}</version> <type>pom</type> <scope>import</scope> </dependency> - <dependency> - <groupId>com.google.guava</groupId> - <artifactId>guava</artifactId> - <version>25.0-jre</version> - </dependency> <!-- cassandra driver --> <dependency> <groupId>com.datastax.oss</groupId> @@ -652,8 +607,6 @@ <resource> <directory>${project.basedir}/src/main/resources/etc/auth/</directory> <includes> - <include>aai-client-cert.p12</include> - <include>tomcat_keystore</include> <include>aai_policy.json</include> </includes> <targetPath>${project.build.directory}/swm/package/nix/dist_files/opt/app/${project.artifactId}/appconfig</targetPath> diff --git a/aai-traversal/src/main/java/org/onap/aai/TraversalApp.java b/aai-traversal/src/main/java/org/onap/aai/TraversalApp.java index 2e0b43e..fccdeb3 100644 --- a/aai-traversal/src/main/java/org/onap/aai/TraversalApp.java +++ b/aai-traversal/src/main/java/org/onap/aai/TraversalApp.java @@ -26,7 +26,6 @@ import javax.annotation.PreDestroy; import org.apache.commons.lang3.exception.ExceptionUtils; import org.onap.aai.aailog.logs.AaiDebugLog; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.onap.aai.config.SpringContextAware; import org.onap.aai.dbmap.AAIGraph; import org.onap.aai.exceptions.AAIException; @@ -45,17 +44,23 @@ import org.springframework.boot.autoconfigure.data.cassandra.CassandraDataAutoCo import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.DataSourceTransactionManagerAutoConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; +import org.springframework.boot.autoconfigure.web.servlet.error.ErrorMvcAutoConfiguration; +import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.context.annotation.ComponentScan; import org.springframework.core.env.Environment; import org.springframework.core.env.Profiles; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +@EnableWebSecurity +@EnableConfigurationProperties @SpringBootApplication( exclude = { DataSourceAutoConfiguration.class, DataSourceTransactionManagerAutoConfiguration.class, HibernateJpaAutoConfiguration.class, CassandraDataAutoConfiguration.class, - CassandraAutoConfiguration.class + CassandraAutoConfiguration.class, + ErrorMvcAutoConfiguration.class }) // Component Scan provides a way to look for spring beans // It only searches beans in the following packages @@ -132,7 +137,6 @@ public class TraversalApp { SpringApplication app = new SpringApplication(TraversalApp.class); app.setLogStartupInfo(false); app.setRegisterShutdownHook(true); - app.addInitializers(new PropertyPasswordConfiguration()); env = app.run(args).getEnvironment(); } catch (Exception ex) { AAIException aai = schemaServiceExceptionTranslator(ex); diff --git a/aai-traversal/src/main/java/org/onap/aai/config/JettyPasswordDecoder.java b/aai-traversal/src/main/java/org/onap/aai/config/AuthProperties.java index bffb7fb..1ecffb6 100644 --- a/aai-traversal/src/main/java/org/onap/aai/config/JettyPasswordDecoder.java +++ b/aai-traversal/src/main/java/org/onap/aai/config/AuthProperties.java @@ -2,13 +2,13 @@ * ============LICENSE_START======================================================= * org.onap.aai * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. + * Copyright © 2025 Deutsche Telekom. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -17,17 +17,31 @@ * limitations under the License. * ============LICENSE_END========================================================= */ + package org.onap.aai.config; -import org.eclipse.jetty.util.security.Password; +import java.util.List; + +import javax.validation.constraints.NotEmpty; + +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.context.annotation.Configuration; + +import lombok.Data; + +@Data +@Configuration +@ConfigurationProperties(prefix = "aai.basic-auth") +public class AuthProperties { + + boolean enabled = true; -public class JettyPasswordDecoder implements PasswordDecoder { + @NotEmpty + List<User> users; - @Override - public String decode(String input) { - if (input.startsWith("OBF:")) { - return Password.deobfuscate(input); - } - return Password.deobfuscate("OBF:" + input); - } + @Data + public static class User { + private String username; + private String password; + } } diff --git a/aai-traversal/src/main/java/org/onap/aai/config/PasswordDecoder.java b/aai-traversal/src/main/java/org/onap/aai/config/PasswordDecoder.java deleted file mode 100644 index a257b34..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/config/PasswordDecoder.java +++ /dev/null @@ -1,25 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.config; - -public interface PasswordDecoder { - - String decode(String input); -} diff --git a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java b/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java deleted file mode 100644 index 34023e8..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/config/PropertyPasswordConfiguration.java +++ /dev/null @@ -1,159 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.config; - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.LinkedHashMap; -import java.util.Map; -import java.util.Properties; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import org.apache.commons.io.IOUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.ApplicationContextInitializer; -import org.springframework.context.ConfigurableApplicationContext; -import org.springframework.core.env.*; - -public class PropertyPasswordConfiguration - implements ApplicationContextInitializer<ConfigurableApplicationContext> { - - private static final Pattern decodePasswordPattern = Pattern.compile("password\\((.*?)\\)"); - private PasswordDecoder passwordDecoder = new JettyPasswordDecoder(); - private static final Logger logger = - LoggerFactory.getLogger(PropertyPasswordConfiguration.class.getName()); - - @Override - public void initialize(ConfigurableApplicationContext applicationContext) { - ConfigurableEnvironment environment = applicationContext.getEnvironment(); - String certPath = environment.getProperty("server.certs.location"); - File passwordFile = null; - File passphrasesFile = null; - InputStream passwordStream = null; - InputStream passphrasesStream = null; - Map<String, Object> sslProps = new LinkedHashMap<>(); - - // Override the passwords from application.properties if we find AAF certman files - if (certPath != null) { - try { - passwordFile = new File(certPath + ".password"); - passwordStream = new FileInputStream(passwordFile); - - if (passwordStream != null) { - String keystorePassword = null; - - keystorePassword = IOUtils.toString(passwordStream); - if (keystorePassword != null) { - keystorePassword = keystorePassword.trim(); - } - sslProps.put("server.ssl.key-store-password", keystorePassword); - sslProps.put("schema.service.ssl.key-store-password", keystorePassword); - } else { - logger.debug("Not using AAF Certman password file"); - } - } catch (IOException e) { - logger.debug("Not using AAF Certman password file, e=" + e.getMessage()); - } finally { - if (passwordStream != null) { - try { - passwordStream.close(); - } catch (Exception e) { - } - } - } - try { - passphrasesFile = new File(certPath + ".passphrases"); - passphrasesStream = new FileInputStream(passphrasesFile); - - if (passphrasesStream != null) { - String truststorePassword = null; - Properties passphrasesProps = new Properties(); - passphrasesProps.load(passphrasesStream); - truststorePassword = passphrasesProps.getProperty("cadi_truststore_password"); - if (truststorePassword != null) { - truststorePassword = truststorePassword.trim(); - } - sslProps.put("server.ssl.trust-store-password", truststorePassword); - sslProps.put("schema.service.ssl.trust-store-password", truststorePassword); - } else { - logger.debug("Not using AAF Certman passphrases file"); - } - } catch (IOException e) { - logger.debug("Not using AAF Certman passphrases file, e=" + e.getMessage()); - } finally { - if (passphrasesStream != null) { - try { - passphrasesStream.close(); - } catch (Exception e) { - } - } - } - } - for (PropertySource<?> propertySource : environment.getPropertySources()) { - Map<String, Object> propertyOverrides = new LinkedHashMap<>(); - decodePasswords(propertySource, propertyOverrides); - if (!propertyOverrides.isEmpty()) { - PropertySource<?> decodedProperties = - new MapPropertySource("decoded " + propertySource.getName(), propertyOverrides); - environment.getPropertySources().addBefore(propertySource.getName(), - decodedProperties); - } - - } - if (!sslProps.isEmpty()) { - logger.debug("Using AAF Certman files"); - PropertySource<?> additionalProperties = - new MapPropertySource("additionalProperties", sslProps); - environment.getPropertySources().addFirst(additionalProperties); - } - } - - private void decodePasswords(PropertySource<?> source, Map<String, Object> propertyOverrides) { - if (source instanceof EnumerablePropertySource) { - EnumerablePropertySource<?> enumerablePropertySource = - (EnumerablePropertySource<?>) source; - for (String key : enumerablePropertySource.getPropertyNames()) { - Object rawValue = source.getProperty(key); - if (rawValue instanceof String) { - String decodedValue = decodePasswordsInString((String) rawValue); - propertyOverrides.put(key, decodedValue); - } - } - } - } - - private String decodePasswordsInString(String input) { - if (input == null) - return null; - StringBuffer output = new StringBuffer(); - Matcher matcher = decodePasswordPattern.matcher(input); - while (matcher.find()) { - String replacement = passwordDecoder.decode(matcher.group(1)); - matcher.appendReplacement(output, replacement); - } - matcher.appendTail(output); - return output.toString(); - } - -} diff --git a/aai-traversal/src/main/java/org/onap/aai/config/SecurityConfig.java b/aai-traversal/src/main/java/org/onap/aai/config/SecurityConfig.java new file mode 100644 index 0000000..62bcba3 --- /dev/null +++ b/aai-traversal/src/main/java/org/onap/aai/config/SecurityConfig.java @@ -0,0 +1,61 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.aai + * ================================================================================ + * Copyright © 2025 Deutsche Telekom. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.aai.config; + +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.provisioning.InMemoryUserDetailsManager; +import org.springframework.security.web.SecurityFilterChain; + +@Configuration +@ConditionalOnProperty(name = "aai.basic-auth.enabled", havingValue = "true", matchIfMissing = true) +public class SecurityConfig { + + @Bean + SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Exception{ + httpSecurity.csrf(csrf -> csrf.disable()) + .authorizeHttpRequests(requests -> requests + .antMatchers("/util/echo", "/actuator/**") + .permitAll() + .anyRequest() + .authenticated()) + .httpBasic(); + + return httpSecurity.build(); + } + + @Bean + InMemoryUserDetailsManager userDetailsService(AuthProperties userProperties) { + UserDetails[] users = userProperties.getUsers().stream() + .map(user -> User.withDefaultPasswordEncoder() + .username(user.getUsername()) + .password(user.getPassword()) + .roles("someRole") + .build()) + .toArray(UserDetails[]::new); + + return new InMemoryUserDetailsManager(users); + } +} diff --git a/aai-traversal/src/main/java/org/onap/aai/rest/DslConsumer.java b/aai-traversal/src/main/java/org/onap/aai/rest/DslConsumer.java index 8226ddd..43ad1ff 100644 --- a/aai-traversal/src/main/java/org/onap/aai/rest/DslConsumer.java +++ b/aai-traversal/src/main/java/org/onap/aai/rest/DslConsumer.java @@ -22,6 +22,7 @@ package org.onap.aai.rest; import java.io.FileNotFoundException; import java.util.ArrayList; +import java.util.Collections; import java.util.List; import java.util.Map; import java.util.Objects; @@ -125,7 +126,7 @@ public class DslConsumer extends TraversalConsumer { @RequestParam(defaultValue = "-1") int resultSize, @RequestHeader HttpHeaders headers, HttpServletRequest request) throws FileNotFoundException, AAIException { - Set<String> roles = this.getRoles(request.getUserPrincipal()); + Set<String> roles = Collections.emptySet(); return processExecuteQuery(dslQuery, request, versionParam, format, subgraph, validate, headers, new Pageable(resultIndex, resultSize), roles); diff --git a/aai-traversal/src/main/java/org/onap/aai/rest/QueryConsumer.java b/aai-traversal/src/main/java/org/onap/aai/rest/QueryConsumer.java index 5aad81e..f775e0f 100644 --- a/aai-traversal/src/main/java/org/onap/aai/rest/QueryConsumer.java +++ b/aai-traversal/src/main/java/org/onap/aai/rest/QueryConsumer.java @@ -21,6 +21,7 @@ package org.onap.aai.rest; import java.net.URI; import java.util.ArrayList; +import java.util.Collections; import java.util.LinkedHashSet; import java.util.List; import java.util.Optional; @@ -124,7 +125,7 @@ public class QueryConsumer extends TraversalConsumer { @Context HttpHeaders headers, @Context HttpServletRequest req, @Context UriInfo info) { - Set<String> roles = this.getRoles(req.getUserPrincipal()); + Set<String> roles = Collections.emptySet(); return runner(TraversalConstants.AAI_TRAVERSAL_TIMEOUT_ENABLED, TraversalConstants.AAI_TRAVERSAL_TIMEOUT_APP, diff --git a/aai-traversal/src/main/java/org/onap/aai/rest/TraversalConsumer.java b/aai-traversal/src/main/java/org/onap/aai/rest/TraversalConsumer.java index bc74308..2a6ea48 100644 --- a/aai-traversal/src/main/java/org/onap/aai/rest/TraversalConsumer.java +++ b/aai-traversal/src/main/java/org/onap/aai/rest/TraversalConsumer.java @@ -34,8 +34,6 @@ import org.apache.tinkerpop.gremlin.process.traversal.P; import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource; import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.__; import org.apache.tinkerpop.gremlin.process.traversal.strategy.decoration.SubgraphStrategy; -import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount; -import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken; import org.onap.aai.config.SpringContextAware; import org.onap.aai.db.props.AAIProperties; import org.onap.aai.exceptions.AAIException; @@ -150,22 +148,6 @@ public abstract class TraversalConsumer extends RESTAPI { return traversalSource; } - protected Set<String> getRoles(Principal userPrincipal) { - KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) userPrincipal; - if (ObjectUtils.isEmpty(token)) { - return Collections.EMPTY_SET; - } - - SimpleKeycloakAccount account = (SimpleKeycloakAccount) token.getDetails(); - if (ObjectUtils.isEmpty(account)) { - return Collections.EMPTY_SET; - } - - return account.getRoles().stream() - .map(role -> StringUtils.removeEnd(role, OwnerCheck.READ_ONLY_SUFFIX)) - .collect(Collectors.toSet()); - } - protected void validateHistoryParams(Format format, MultivaluedMap<String, String> params) throws AAIException { getStartTime(format, params); @@ -181,7 +163,7 @@ public abstract class TraversalConsumer extends RESTAPI { * truncation time * In the state api, we should return an error if the timestamp provided is prior to the * truncation time - * + * * @param params * @return */ diff --git a/aai-traversal/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java b/aai-traversal/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java deleted file mode 100644 index e77c3b3..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/rest/security/WebSecurityConfig.java +++ /dev/null @@ -1,78 +0,0 @@ - -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright (C) 2019 Nordix Foundation. - * Modifications Copyright (C) 2019 AT&T Intellectual Property. - * Modifications Copyright (C) 2020 Bell Canada. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ -package org.onap.aai.rest.security; - -import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver; -import org.keycloak.adapters.springsecurity.KeycloakConfiguration; -import org.keycloak.adapters.springsecurity.authentication.KeycloakAuthenticationProvider; -import org.keycloak.adapters.springsecurity.config.KeycloakWebSecurityConfigurerAdapter; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.web.servlet.ServletListenerRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Import; -import org.springframework.context.annotation.Profile; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper; -import org.springframework.security.core.session.SessionRegistryImpl; -import org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy; -import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy; -import org.springframework.security.web.session.HttpSessionEventPublisher; - -@Profile("keycloak") -@KeycloakConfiguration -@Import({KeycloakSpringBootConfigResolver.class}) -public class WebSecurityConfig extends KeycloakWebSecurityConfigurerAdapter { - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) { - KeycloakAuthenticationProvider keycloakAuthenticationProvider = - keycloakAuthenticationProvider(); - keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new SimpleAuthorityMapper()); - auth.authenticationProvider(keycloakAuthenticationProvider); - } - - @Bean - public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() { - return new ServletListenerRegistrationBean<>(new HttpSessionEventPublisher()); - } - - @Bean - @Override - protected SessionAuthenticationStrategy sessionAuthenticationStrategy() { - return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl()); - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - super.configure(http); - http.authorizeRequests().antMatchers("/**").permitAll().and().csrf().disable(); - } - - @Override - public void configure(WebSecurity web) { - web.ignoring().regexMatchers("^.*/util/echo$"); - } -} diff --git a/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java b/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java index e430e77..883b9d2 100644 --- a/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java +++ b/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java @@ -33,7 +33,6 @@ import java.util.logging.Logger; import javax.annotation.Priority; import org.glassfish.jersey.server.ResourceConfig; -import org.glassfish.jersey.servlet.ServletProperties; import org.onap.aai.rest.*; import org.onap.aai.rest.search.ModelAndNamedQueryRestProvider; import org.onap.aai.rest.search.SearchProvider; @@ -65,7 +64,7 @@ public class JerseyConfiguration { public ResourceConfig resourceConfig() { ResourceConfig resourceConfig = new ResourceConfig(); - resourceConfig.property(ServletProperties.FILTER_FORWARD_ON_404, true); + resourceConfig.property("jersey.config.servlet.filter.forwardOn404", true); Set<Class<?>> classes = Sets.newHashSet(SearchProvider.class, ModelAndNamedQueryRestProvider.class, QueryConsumer.class, RecentAPIConsumer.class, EchoResponse.class, CQ2Gremlin.class, CQ2GremlinTest.class); Set<Class<?>> filterClasses = @@ -80,7 +79,7 @@ public class JerseyConfiguration { org.onap.aai.interceptors.pre.RequestHeaderManipulation.class, org.onap.aai.interceptors.pre.RequestModification.class, org.onap.aai.interceptors.post.InvalidResponseStatus.class, - + org.onap.aai.interceptors.post.ResponseTransactionLogging.class, org.onap.aai.interceptors.post.ResponseHeaderManipulation.class ); diff --git a/aai-traversal/src/main/resources/aaf/bath_config.csv b/aai-traversal/src/main/resources/aaf/bath_config.csv deleted file mode 100644 index 433b333..0000000 --- a/aai-traversal/src/main/resources/aaf/bath_config.csv +++ /dev/null @@ -1,32 +0,0 @@ -# AAI -> aai@aai.onap.org -Basic QUFJOkFBSQ==,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 - -# ModelLoader -> aai@aai.onap.org -Basic TW9kZWxMb2FkZXI6TW9kZWxMb2FkZXI=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 - -# AaiUI -> aai@aai.onap.org, -Basic QWFpVUk6QWFpVUk=,Basic YWFpQGFhaS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 - -# MSO -> so@so.onap.org -Basic TVNPOk1TTw==,Basic c29Ac28ub25hcC5vcmc6ZGVtbzEyMzQ1NiE=,2050-03-03 - -# SDNC -> sdnc@sdnc.onap.org -Basic U0ROQzpTRE5D,Basic c2RuY0BzZG5jLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 - -# DCAE -> dcae@dcae.onap.org -Basic RENBRTpEQ0FF,Basic ZGNhZUBkY2FlLm9uYXAub3JnOmRlbW8xMjMzNDU2IQ==,2050-03-03 - -# POLICY -> policy@policy.onap.org -Basic UE9MSUNZOlBPTElDWQ==,Basic cG9saWN5QHBvbGljeS5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 - -# ASDC -> sdc@sdc.onap.org -Basic QVNEQzpBU0RD,Basic c2RjQHNkYy5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 - -# VID -> vid@vid.onap.org -Basic VklEOlZJRA==,Basic dmlkQHZpZC5vbmFwLm9yZzpkZW1vMTIzNDU2IQ==,2050-03-03 - -# APPC -> appc@appc.onap.org -Basic QVBQQzpBUFBD,Basic YXBwY0BhcHBjLm9uYXAub3JnOmRlbW8xMjM0NTYh,2050-03-03 - -# OOF -> oof@oof.onap.org -Basic T09GOk9PRg==,Basic b29mQG9vZi5vbmFwLm9yZzpkZW1vMTIzNDQ2IQ==,2050-03-03 diff --git a/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.keyfile b/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.keyfile deleted file mode 100644 index 3416d4a..0000000 --- a/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf -jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm -4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe -moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf -GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT -74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh -iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb -p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt -3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW -hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 -RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX -xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk -8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q -ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i -5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe -GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE -_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k -zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf -S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU -LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw -hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W -nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP -bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN -JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk -Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y -J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP -mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.p12 b/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.p12 Binary files differdeleted file mode 100644 index 023e2ea..0000000 --- a/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.p12 +++ /dev/null diff --git a/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.props b/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.props deleted file mode 100644 index 279c776..0000000 --- a/aai-traversal/src/main/resources/aaf/onap/org.onap.aai.props +++ /dev/null @@ -1,13 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# @copyright 2016, AT&T -############################################################ -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile -cadi_keystore=aai-traversal/src/main/resources/aaf/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> -cadi_alias=aai@aai.onap.org -cadi_truststore=aai-traversal/src/main/resources/aaf/truststoreONAPall.jks -cadi_truststore_password=enc:s77wlnZFoQ08NhnU3OSeWO6uKgRwC6sAK-wTvVubNz2 -cadi_loglevel=INFO
\ No newline at end of file diff --git a/aai-traversal/src/main/resources/aaf/onap/org.osaaf.location.props b/aai-traversal/src/main/resources/aaf/onap/org.osaaf.location.props deleted file mode 100644 index 73a3a1e..0000000 --- a/aai-traversal/src/main/resources/aaf/onap/org.osaaf.location.props +++ /dev/null @@ -1,26 +0,0 @@ -## -## org.osaaf.location.props -## -## Localized Machine Information -## -# Almeda California ? -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -#aaf_locate_url=https://aaf-onap-beijing-test.osaaf.org -#aaf_locate_url=https://aaf-onap-test.osaaf.org - -aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 - -# AAF Environment Designation -aaf_env=DEV - -# OAuth2 Endpoints -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect - - diff --git a/aai-traversal/src/main/resources/aaf/onap/truststoreONAPall.jks b/aai-traversal/src/main/resources/aaf/onap/truststoreONAPall.jks Binary files differdeleted file mode 100644 index 2da1dcc..0000000 --- a/aai-traversal/src/main/resources/aaf/onap/truststoreONAPall.jks +++ /dev/null diff --git a/aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile b/aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile deleted file mode 100644 index 3416d4a..0000000 --- a/aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile +++ /dev/null @@ -1,27 +0,0 @@ -2otP92kNFHdexroZxvgYY7ffslFiwCD3CiVYMIfUF2edqZK7972NwkvE_mbaBo6jh8lByLIqrWAf -jyzoiVsvQ_kCa0cS1xaRLpcxv3bx1b7o3hGPBqpd6vmSG4y2JLzNlCBZWuTJz827wr8p_fWrYuUm -4L1WoaEe8W5PRnXjl4hDqbJBAlEoRIBXugUDt_7O5wgx2Rl3HVoOczZtf0RzONZ1F0BmKf3QlAUe -moSbARitYRgIPt5sLbT7qPyoEpGDhQ1XBowR744-wsjBc-14yO62Ajp5xWKTp15uWn3_HHuw1SAf -GWSBRGlSlEVkXQqi9Hw5jDttKVzHX1ckwR0SQOirbtHPHplxPX3WKjKhSdSeMzw6LOAHIQYRMKBT -74oGnULAfPtV7TaGwOKriT3P49CoPdt9On89-LGyCZSxDWKH0K-rgB6I2_hPT2Uzr3jmXiMa-sfh -iMvyQ7ABBVx0OFsUuNb5mcU2O6dWiQreL5RerrloV_X3ZtnNjxENXKjQ5KBR1A5ISPjFFK-kf4Rb -p6FSII8LcsiqgdWuZ4GX_C6x8HX4A-vD0x3Uc9CfoXY-k23cNIy-R-W-oB-P2OgdWDNgZ7VaOLNt -3L-NwWpNblfYvs93cNmkbVAwCZ3r0OP7RFeuON84TRaynK_Fh2S3rypRyJcUmM1pvpZqJ5_-umSW -hUs1OqkdLv3xjlVzzK-3nMr0q3Zcyp4XdyLYtcX5I3Xqk9ZcsyAT7ghmHhV8KjUjue7OcfAWg0m7 -RJLGq6VC8HeK4HEMa4lF677Qh7DRufghIDEmQSIDfGA790WGSA8HqcOvAL4hURCHyCWiPa5i8ksX -xX4HyqF8PCVCLJ_ZhzcuIlc0jStAexWbJU_vcyX7XgUaHCkF-M-zv1FP6Z3DHBMD2QqSWjmyNCCk -8sIuwzs62P_j2o9jG33kssedCrUWOwZancU107-5H0Zw-UWvtCqUfmRZ7TsEbWY7lk_SKfLfAN5q -ncOQgU_VxDXUFDST4LN_WVECRafK3UtwWomxWSji25Lbf6NVni3ok-yLMDZR-wrE-54jLPES9j0i -5N0xrk9CfsvGUpUZ1_XQcgaxI6m27DtCCJXb5ywenPBiUIJCMCTq88CqNZxGpju2i4BJcUH2hUHe -GKhO8pgslwhtEVot9EDwdzSrJkWFCfb6ud4zMxrqdi7-mLWMOydg6lhpEFEX5wu2BLIujGsZlEGE -_K9jGfBypjXuJCKDZIuPfEnf_7idjKis_JcFB7x4Hx2HHDcBjlWWFZN_VIEnPkQSyZEC26RTFP3k -zkY3GwUfA36a4XW2pu3gE9wz-W6fkONfzOZ6YiyCm_dRFUVuGSdJG02Hh5iXYlMOGJltPzWH2jVf -S-QTOmXQTKSOheXoJO6O-9uQbsRf-kq-6w1pvIOp4ms35w4_0Xj0Xr2a9y-L9PdBZvrUsa-jxsZU -LyA-YY4Ej6QwDBDTD2MGjF1E5_ekYgjoNlltM9rJjofruM4ym0n7LPHC7YXXQSEFOZYeTKi6wUDw -hQ1DoWHgu4PQ2lexada8sxQdConbPe2iW16h-PrO5D12E4XbT00fqaMlBmjQwzdNRdCC2NRPIQ5W -nwaO8dZ9yjxsjT7ZVHb9-DRblb3XDocponzxVXqUGtJAie4WXQnerX0ApTWGaHEr5y56JJVS_3LP -bKrbXBXcs4jTUX4ECXRrOs8JQDQNysXhvTPCu0XUxNZpjx6KLxDs93k2OcESHjl5J6n6OKKJqqoN -JEyFO5LGXpnmUJbn0-CaHHPRI1mHwEu4brY8wDZd9A0PD1KGXDoCHMfEk1lGblQdyOcVrXZ6uSBk -Z6zHDnwSCHO1mPYqtelJQehZoFuPSv9PIgKLxs_qJOtZFnXII5YO1mGXgiIBWBjUFDR5HG4ENS6y -J4MCF-JLMp-PVMAkOaCIQRRDpRnMm_fT1sc_P562Diu_pcdt-r55pMFQYGoGfjRmxQBKk0-SsdnP -mlZIiis9DfQEN0q3QQdNRYBJD7tmhUwhAPZdLgXqJA8sZf8UyFQhhpsky79NT343YL9smUlF
\ No newline at end of file diff --git a/aai-traversal/src/main/resources/aaf/org.onap.aai.p12 b/aai-traversal/src/main/resources/aaf/org.onap.aai.p12 Binary files differdeleted file mode 100644 index 023e2ea..0000000 --- a/aai-traversal/src/main/resources/aaf/org.onap.aai.p12 +++ /dev/null diff --git a/aai-traversal/src/main/resources/aaf/org.onap.aai.props b/aai-traversal/src/main/resources/aaf/org.onap.aai.props deleted file mode 100644 index f9a0789..0000000 --- a/aai-traversal/src/main/resources/aaf/org.onap.aai.props +++ /dev/null @@ -1,14 +0,0 @@ -############################################################ -# Properties Generated by AT&T Certificate Manager -# @copyright 2016, AT&T -############################################################ -cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US -cadi_keyfile=aai-traversal/src/main/resources/aaf/org.onap.aai.keyfile -cadi_keystore=aai-traversal/src/main/resources/aaf/org.onap.aai.p12 -cadi_keystore_password=enc:383RDJRFA6yQz9AOxUxC1iIg3xTJXityw05MswnpnEtelRQy2D4r5INQjrea7GTV -#cadi_key_password=enc:<KEY PASSWORD (optional if the same as KEYSTORE PASSWORD)> -cadi_alias=aai@aai.onap.org -cadi_truststore=aai-traversal/src/main/resources/aaf/truststoreONAPall.jks -cadi_truststore_password=enc:s77wlnZFoQ08NhnU3OSeWO6uKgRwC6sAK-wTvVubNz2 -cadi_loglevel=DEBUG -cadi_bath_convert=aai-traversal/src/main/resources/aaf/bath_config.csv diff --git a/aai-traversal/src/main/resources/aaf/org.osaaf.location.props b/aai-traversal/src/main/resources/aaf/org.osaaf.location.props deleted file mode 100644 index 73a3a1e..0000000 --- a/aai-traversal/src/main/resources/aaf/org.osaaf.location.props +++ /dev/null @@ -1,26 +0,0 @@ -## -## org.osaaf.location.props -## -## Localized Machine Information -## -# Almeda California ? -cadi_latitude=37.78187 -cadi_longitude=-122.26147 - -# Locate URL (which AAF Env) -#aaf_locate_url=https://aaf-onap-beijing-test.osaaf.org -#aaf_locate_url=https://aaf-onap-test.osaaf.org - -aaf_locate_url=https://aaf-onap-test.osaaf.org:8095 - -# AAF URL -aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.0 - -# AAF Environment Designation -aaf_env=DEV - -# OAuth2 Endpoints -aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token -aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect - - diff --git a/aai-traversal/src/main/resources/aaf/permissions.properties b/aai-traversal/src/main/resources/aaf/permissions.properties deleted file mode 100644 index d4956f5..0000000 --- a/aai-traversal/src/main/resources/aaf/permissions.properties +++ /dev/null @@ -1,2 +0,0 @@ -permission.type=org.onap.aai.traversal -permission.instance=*
\ No newline at end of file diff --git a/aai-traversal/src/main/resources/aaf/truststoreONAPall.jks b/aai-traversal/src/main/resources/aaf/truststoreONAPall.jks Binary files differdeleted file mode 100644 index 2da1dcc..0000000 --- a/aai-traversal/src/main/resources/aaf/truststoreONAPall.jks +++ /dev/null diff --git a/aai-traversal/src/main/resources/application-keycloak.properties b/aai-traversal/src/main/resources/application-keycloak.properties deleted file mode 100644 index 86adb59..0000000 --- a/aai-traversal/src/main/resources/application-keycloak.properties +++ /dev/null @@ -1,13 +0,0 @@ -spring.autoconfigure.exclude=\ - org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ - org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration - -multi.tenancy.enabled=true -keycloak.auth-server-url=http://localhost:8180/auth -keycloak.realm=aai-traversal -keycloak.resource=aai-traversal-app -keycloak.public-client=false -keycloak.principal-attribute=preferred_username - -keycloak.ssl-required=external -keycloak.bearer-only=true diff --git a/aai-traversal/src/main/resources/application.properties b/aai-traversal/src/main/resources/application.properties index 0416af4..0f37151 100644 --- a/aai-traversal/src/main/resources/application.properties +++ b/aai-traversal/src/main/resources/application.properties @@ -19,7 +19,6 @@ server.servlet.context-path=${schema.uri.base.path} spring.autoconfigure.exclude=\ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,\ - org.keycloak.adapters.springboot.KeycloakAutoConfiguration,\ org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration, \ org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration @@ -38,29 +37,10 @@ server.local.startpath=aai-traversal/src/main/resources server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties server.port=8446 -server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.compression.excluded-user-agents= -# By default spring boot jetty will exclude the following ciphers -# We need to specifically add this to support tls v1.1 -server.ssl.ciphers=^.*_(MD5|SHA|SHA1)$ -server.ssl.client-auth=want -server.ssl.key-store-type=JKS # Start of Internal Specific Properties # Switch to one-way-ssl spring.profiles.active=production,one-way-ssl -# Switch to keycloak -#spring.profiles.active=production, keycloak -### -server.certs.location=${server.local.startpath}/etc/auth/ -server.keystore.name.pkcs12=aai_keystore -server.keystore.name=aai_keystore -server.truststore.name=aai_keystore -### -server.ssl.key-store=${server.certs.location}${server.keystore.name} -server.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -server.ssl.trust-store=${server.certs.location}${server.truststore.name} -server.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.version.list=v10,v11,v12,v13,v14,v15,v16,v17,v18,v19,v20,v21,v22,v23,v24,v25,v26,v27,v28,v29,v30 # Specifies which component should the oxm be looking at @@ -112,16 +92,8 @@ schema.service.edges.endpoint=edgerules?version= schema.service.versions.endpoint=versions schema.service.custom.queries.endpoint=stored-queries -schema.service.ssl.key-store=${server.certs.location}${server.keystore.name.pkcs12} -schema.service.ssl.trust-store=${server.certs.location}${server.truststore.name} - -schema.service.ssl.key-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) -schema.service.ssl.trust-store-password=password(OBF:1vn21ugu1saj1v9i1v941sar1ugw1vo0) schema.service.versions.override=false -# Location of the cadi properties file should be specified here -aaf.cadi.file=${server.local.startpath}/cadi.properties - history.enabled=false; history.truncate.window.days=365 @@ -149,3 +121,7 @@ BOOTSTRAP_SERVERS=localhost:9092 JAAS_CONFIG="" aai.notifications.enabled=false aai.graph.properties.path=${server.local.startpath}/etc/appprops/janusgraph-realtime.properties + +aai.basic-auth.enabled=true +aai.basic-auth.users[0].username=AAI +aai.basic-auth.users[0].password=AAI diff --git a/aai-traversal/src/test/java/org/onap/aai/AAIGremlinQueryTest.java b/aai-traversal/src/test/java/org/onap/aai/AAIGremlinQueryTest.java index 0bac97e..57930f8 100644 --- a/aai-traversal/src/test/java/org/onap/aai/AAIGremlinQueryTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/AAIGremlinQueryTest.java @@ -39,7 +39,6 @@ import org.junit.BeforeClass; import org.junit.ClassRule; import org.junit.Rule; import org.junit.Test; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.onap.aai.dbmap.AAIGraph; import org.onap.aai.exceptions.AAIException; import org.onap.aai.serialization.queryformats.Format; @@ -51,7 +50,7 @@ import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.cassandra.CassandraAutoConfiguration; import org.springframework.boot.autoconfigure.data.cassandra.CassandraDataAutoConfiguration; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.web.server.LocalServerPort; +import org.springframework.boot.test.web.server.LocalServerPort; import org.springframework.context.annotation.Import; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; @@ -82,7 +81,6 @@ import com.jayway.jsonpath.JsonPath; webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = TraversalApp.class) @TestPropertySource(locations = "classpath:application-test.properties") -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @EnableAutoConfiguration(exclude={CassandraDataAutoConfiguration.class, CassandraAutoConfiguration.class}) // there is no running cassandra instance for the test @Import(TraversalTestConfiguration.class) public class AAIGremlinQueryTest { @@ -191,6 +189,7 @@ public class AAIGremlinQueryTest { headers.add("Real-Time", "true"); headers.add("X-FromAppId", "JUNIT"); headers.add("X-TransactionId", "JUNIT"); + headers.add("Authorization", "Basic QUFJOkFBSQ=="); Map<String, String> gremlinQueryMap = new HashMap<>(); gremlinQueryMap.put("gremlin-query", "g.V().has('hostname', 'test-pserver').count()"); diff --git a/aai-traversal/src/test/java/org/onap/aai/QueryParameterTest.java b/aai-traversal/src/test/java/org/onap/aai/QueryParameterTest.java index 8526ace..9e6684d 100644 --- a/aai-traversal/src/test/java/org/onap/aai/QueryParameterTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/QueryParameterTest.java @@ -30,7 +30,6 @@ import javax.ws.rs.core.Response; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -51,7 +50,6 @@ import org.springframework.web.client.RestTemplate; webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = TraversalApp.class) @TestPropertySource(locations = "classpath:application-test.properties") -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @EnableAutoConfiguration(exclude={CassandraDataAutoConfiguration.class, CassandraAutoConfiguration.class}) // there is no running cassandra instance for the test @Import(TraversalTestConfiguration.class) public class QueryParameterTest { diff --git a/aai-traversal/src/test/java/org/onap/aai/SubgraphPruneTest.java b/aai-traversal/src/test/java/org/onap/aai/SubgraphPruneTest.java index d6d385f..4955bad 100644 --- a/aai-traversal/src/test/java/org/onap/aai/SubgraphPruneTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/SubgraphPruneTest.java @@ -29,7 +29,6 @@ import javax.ws.rs.core.Response; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.cassandra.CassandraAutoConfiguration; @@ -48,7 +47,6 @@ import org.springframework.web.client.RestTemplate; webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = TraversalApp.class) @TestPropertySource(locations = "classpath:application-test.properties") -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @EnableAutoConfiguration(exclude={CassandraDataAutoConfiguration.class, CassandraAutoConfiguration.class}) // there is no running cassandra instance for the test @Import(TraversalTestConfiguration.class) public class SubgraphPruneTest { diff --git a/aai-traversal/src/test/java/org/onap/aai/TraversalTestConfiguration.java b/aai-traversal/src/test/java/org/onap/aai/TraversalTestConfiguration.java index 8e2e823..5bc2b88 100644 --- a/aai-traversal/src/test/java/org/onap/aai/TraversalTestConfiguration.java +++ b/aai-traversal/src/test/java/org/onap/aai/TraversalTestConfiguration.java @@ -23,7 +23,6 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; -import java.security.KeyStore; import javax.net.ssl.SSLContext; @@ -67,25 +66,12 @@ public class TraversalTestConfiguration { RestTemplate restTemplate = null; if (env.acceptsProfiles(Profiles.of("one-way-ssl", "two-way-ssl"))) { - char[] trustStorePassword = - env.getProperty("server.ssl.trust-store-password").toCharArray(); - char[] keyStorePassword = - env.getProperty("server.ssl.key-store-password").toCharArray(); - - String keyStore = env.getProperty("server.ssl.key-store"); - String trustStore = env.getProperty("server.ssl.trust-store"); - SSLContextBuilder sslContextBuilder = SSLContextBuilder.create(); - - if (env.acceptsProfiles(Profiles.of("two-way-ssl"))) { - sslContextBuilder = sslContextBuilder - .loadKeyMaterial(loadPfx(keyStore, keyStorePassword), keyStorePassword); - } - - SSLContext sslContext = sslContextBuilder - .loadTrustMaterial(ResourceUtils.getFile(trustStore), trustStorePassword).build(); + SSLContext sslContext = SSLContextBuilder.create().build(); - HttpClient client = HttpClients.custom().setSSLContext(sslContext) - .setSSLHostnameVerifier((s, sslSession) -> true).build(); + HttpClient client = HttpClients.custom() + .setSSLContext(sslContext) + .setSSLHostnameVerifier((s, sslSession) -> true) + .build(); restTemplate = builder .requestFactory(() -> new HttpComponentsClientHttpRequestFactory(client)).build(); @@ -121,13 +107,4 @@ public class TraversalTestConfiguration { return restTemplate; } - - private KeyStore loadPfx(String file, char[] password) throws Exception { - KeyStore keyStore = KeyStore.getInstance("PKCS12"); - File key = ResourceUtils.getFile(file); - try (InputStream in = new FileInputStream(key)) { - keyStore.load(in, password); - } - return keyStore; - } } diff --git a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/KeycloakTestConfiguration.java b/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/KeycloakTestConfiguration.java deleted file mode 100644 index 0ff845a..0000000 --- a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/KeycloakTestConfiguration.java +++ /dev/null @@ -1,71 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.it.multitenancy; - -import com.github.dockerjava.api.model.ExposedPort; -import com.github.dockerjava.api.model.HostConfig; -import com.github.dockerjava.api.model.PortBinding; -import com.github.dockerjava.api.model.Ports; - -import dasniko.testcontainers.keycloak.KeycloakContainer; - -import org.keycloak.adapters.springboot.KeycloakSpringBootProperties; -import org.keycloak.admin.client.Keycloak; -import org.keycloak.admin.client.KeycloakBuilder; -import org.keycloak.representations.adapters.config.AdapterConfig; -import org.springframework.boot.test.context.TestConfiguration; -import org.springframework.context.annotation.Bean; - -@TestConfiguration -class KeycloakTestConfiguration { - - @Bean - public AdapterConfig adapterConfig() { - return new KeycloakSpringBootProperties(); - } - - @Bean - KeycloakContainer keycloakContainer(KeycloakTestProperties properties) { - KeycloakContainer keycloak = new KeycloakContainer("jboss/keycloak:12.0.4") - .withRealmImportFile(properties.realmJson).withCreateContainerCmdModifier( - cmd -> cmd.withHostConfig(new HostConfig().withPortBindings( - new PortBinding(Ports.Binding.bindPort(Integer.parseInt(properties.port)), - new ExposedPort(8080))))); - keycloak.start(); - return keycloak; - } - - @Bean - Keycloak keycloakAdminClient(KeycloakContainer keycloak, KeycloakTestProperties properties) { - return KeycloakBuilder.builder().serverUrl(keycloak.getAuthServerUrl()) - .realm(properties.realm).clientId(properties.adminCli) - .username(keycloak.getAdminUsername()).password(keycloak.getAdminPassword()).build(); - } - - @Bean - RoleHandler roleHandler(Keycloak adminClient, KeycloakTestProperties properties) { - return new RoleHandler(adminClient, properties); - } - - @Bean - KeycloakTestProperties properties() { - return new KeycloakTestProperties(); - } -} diff --git a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/KeycloakTestProperties.java b/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/KeycloakTestProperties.java deleted file mode 100644 index 72b6f6f..0000000 --- a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/KeycloakTestProperties.java +++ /dev/null @@ -1,44 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.it.multitenancy; - -import org.springframework.beans.factory.annotation.Value; - -class KeycloakTestProperties { - - @Value("${test.keycloak.realm.json}") - public String realmJson; - - @Value("${keycloak.realm}") - public String realm; - - @Value("${keycloak.resource}") - public String clientId; - - @Value("${test.keycloak.client.secret}") - public String clientSecret; - - @Value("${test.keycloak.admin.cli}") - public String adminCli; - - @Value("${test.keycloak.auth-server-port}") - public String port; - -} diff --git a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/MultiTenancyIT.java b/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/MultiTenancyIT.java deleted file mode 100644 index 18e7a52..0000000 --- a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/MultiTenancyIT.java +++ /dev/null @@ -1,175 +0,0 @@ -/** - * ============LICENSE_START================================================== - * org.onap.aai - * =========================================================================== - * Copyright © 2017-2020 AT&T Intellectual Property. All rights reserved. - * =========================================================================== - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END==================================================== - */ -package org.onap.aai.it.multitenancy; - -import static org.junit.Assert.*; - -import com.jayway.jsonpath.JsonPath; - -import dasniko.testcontainers.keycloak.KeycloakContainer; - -import java.util.Collections; -import java.util.HashMap; -import java.util.List; -import java.util.Map; - -import org.apache.tinkerpop.gremlin.process.traversal.dsl.graph.GraphTraversalSource; -import org.janusgraph.core.JanusGraphTransaction; -import org.junit.Test; -import org.keycloak.admin.client.Keycloak; -import org.keycloak.admin.client.KeycloakBuilder; -import org.keycloak.representations.AccessTokenResponse; -import org.onap.aai.PayloadUtil; -import org.onap.aai.dbmap.AAIGraph; -import org.onap.aai.rest.AbstractSpringRestTest; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Import; -import org.springframework.http.*; -import org.springframework.test.context.TestPropertySource; - -@Import(KeycloakTestConfiguration.class) -@TestPropertySource(locations = "classpath:it/application-keycloak-test.properties") -public class MultiTenancyIT extends AbstractSpringRestTest { - - @Autowired - private KeycloakContainer keycloakContainer; - @Autowired - private RoleHandler roleHandler; - @Autowired - private KeycloakTestProperties properties; - - @Override - public void createTestGraph() { - JanusGraphTransaction transaction = AAIGraph.getInstance().getGraph().newTransaction(); - boolean success = true; - - try { - GraphTraversalSource g = transaction.traversal(); - - g.addV().property("aai-node-type", "pnf").property("pnf-name", "test-pnf-name-01") - .property("prov-status", "in_service").property("data-owner", "operator") - .property("in-maint", false).property("source-of-truth", "JUNIT") - .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-01").next(); - - g.addV().property("aai-node-type", "pnf").property("pnf-name", "test-pnf-name-02") - .property("prov-status", "in_service").property("in-maint", false) - .property("source-of-truth", "JUNIT") - .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-02").next(); - - g.addV().property("aai-node-type", "pnf").property("pnf-name", "test-pnf-name-03") - .property("prov-status", "in_service").property("data-owner", "selector") - .property("in-maint", false).property("source-of-truth", "JUNIT") - .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-03").next(); - - g.addV().property("aai-node-type", "pnf").property("pnf-name", "test-pnf-name-04") - .property("prov-status", "in_service").property("data-owner", "selector") - .property("in-maint", false).property("source-of-truth", "JUNIT") - .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-04").next(); - - g.addV().property("aai-node-type", "pnf").property("pnf-name", "test-pnf-name-05") - .property("prov-status", "in_service").property("data-owner", "selector") - .property("in-maint", false).property("source-of-truth", "JUNIT") - .property("aai-uri", "/network/pnfs/pnf/test-pnf-name-05").next(); - } catch (Exception ex) { - success = false; - } finally { - if (success) { - transaction.commit(); - } else { - transaction.rollback(); - fail("Unable to setup the graph"); - } - } - } - - @Test - public void testDslQueryWithDataOwner() throws Exception { - baseUrl = "http://localhost:" + randomPort; - String endpoint = baseUrl + "/aai/v29/dsl?format=console"; - List<Object> queryResults = null; - ResponseEntity responseEntity = null; - - Map<String, String> dslQueryMap = new HashMap<>(); - dslQueryMap.put("dsl-query", "pnf*('prov-status','in_service') "); - String payload = PayloadUtil.getTemplatePayload("dsl-query.json", dslQueryMap); - - // get pnf with ran (operator) - String username = "ran", password = "ran"; - headers = this.getHeaders(username, password); - httpEntity = new HttpEntity(payload, headers); - responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); - queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); - assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); - assertEquals(queryResults.size(), 2); - - // get pnf with bob (operator_readOnly) - username = "bob"; - password = "bob"; - headers = this.getHeaders(username, password); - httpEntity = new HttpEntity(payload, headers); - responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); - queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); - assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); - assertEquals(queryResults.size(), 2); - - // get pnf with ted (selector) - username = "ted"; - password = "ted"; - headers = this.getHeaders(username, password); - httpEntity = new HttpEntity(payload, headers); - responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); - queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); - assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); - assertEquals(queryResults.size(), 4); - - // add role to ted and try to get pnf again - roleHandler.addToUser(RoleHandler.OPERATOR, username); - headers = this.getHeaders(username, password); - httpEntity = new HttpEntity(payload, headers); - responseEntity = restTemplate.exchange(endpoint, HttpMethod.PUT, httpEntity, String.class); - queryResults = JsonPath.read(responseEntity.getBody().toString(), "$.results"); - assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); - assertEquals(queryResults.size(), 5); - } - - private HttpHeaders getHeaders(String username, String password) { - HttpHeaders headers = new HttpHeaders(); - - headers.setContentType(MediaType.APPLICATION_JSON); - headers.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON)); - headers.add("Real-Time", "true"); - headers.add("X-FromAppId", "JUNIT"); - headers.add("X-TransactionId", "JUNIT"); - headers.add("Authorization", "Bearer " + getStringToken(username, password)); - - return headers; - } - - private String getStringToken(String username, String password) { - Keycloak keycloakClient = KeycloakBuilder.builder() - .serverUrl(keycloakContainer.getAuthServerUrl()).realm(properties.realm) - .clientId(properties.clientId).clientSecret(properties.clientSecret).username(username) - .password(password).build(); - - AccessTokenResponse tokenResponse = keycloakClient.tokenManager().getAccessToken(); - assertNotNull(tokenResponse); - return tokenResponse.getToken(); - } -} diff --git a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/RoleHandler.java b/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/RoleHandler.java deleted file mode 100644 index cd4f1b5..0000000 --- a/aai-traversal/src/test/java/org/onap/aai/it/multitenancy/RoleHandler.java +++ /dev/null @@ -1,52 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.it.multitenancy; - -import java.util.Collections; - -import org.keycloak.admin.client.Keycloak; -import org.keycloak.admin.client.resource.RealmResource; - -class RoleHandler { - - /** - * Following roles should be the same as given roles in multi-tenancy-realm json file - */ - final static String OPERATOR = "operator"; - private final Keycloak adminClient; - private final KeycloakTestProperties properties; - - RoleHandler(Keycloak adminClient, KeycloakTestProperties properties) { - this.adminClient = adminClient; - this.properties = properties; - } - - void addToUser(String role, String username) { - RealmResource realm = adminClient.realm(properties.realm); - realm.users().get(username).roles().realmLevel() - .add(Collections.singletonList(realm.roles().get(role).toRepresentation())); - } - - void removeFromUser(String role, String username) { - RealmResource realm = adminClient.realm(properties.realm); - realm.users().get(username).roles().realmLevel() - .remove(Collections.singletonList(realm.roles().get(role).toRepresentation())); - } -} diff --git a/aai-traversal/src/test/java/org/onap/aai/rest/BadQueryFormatTest.java b/aai-traversal/src/test/java/org/onap/aai/rest/BadQueryFormatTest.java index 6580c74..2878945 100644 --- a/aai-traversal/src/test/java/org/onap/aai/rest/BadQueryFormatTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/rest/BadQueryFormatTest.java @@ -35,7 +35,6 @@ import org.onap.aai.HttpTestUtil; import org.onap.aai.PayloadUtil; import org.onap.aai.TraversalApp; import org.onap.aai.TraversalTestConfiguration; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.cassandra.CassandraAutoConfiguration; @@ -54,7 +53,6 @@ import org.springframework.web.client.RestTemplate; webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = TraversalApp.class) @TestPropertySource(locations = "classpath:application-test.properties") -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @EnableAutoConfiguration(exclude={CassandraDataAutoConfiguration.class, CassandraAutoConfiguration.class}) // there is no running cassandra instance for the test @Import(TraversalTestConfiguration.class) public class BadQueryFormatTest { diff --git a/aai-traversal/src/test/java/org/onap/aai/rest/ConfigurationTest.java b/aai-traversal/src/test/java/org/onap/aai/rest/ConfigurationTest.java index a892522..feeb874 100644 --- a/aai-traversal/src/test/java/org/onap/aai/rest/ConfigurationTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/rest/ConfigurationTest.java @@ -32,7 +32,6 @@ import org.junit.Test; import org.onap.aai.TraversalApp; import org.onap.aai.TraversalTestConfiguration; import org.onap.aai.config.SpringContextAware; -import org.onap.aai.restclient.PropertyPasswordConfiguration; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; @@ -46,15 +45,12 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.web.client.RestTemplate; -import io.prometheus.client.exporter.common.TextFormat; - /** * Test REST requests against configuration resource */ @AutoConfigureMetrics @TestPropertySource(locations = "classpath:application-test.properties") @ContextConfiguration( - initializers = PropertyPasswordConfiguration.class, classes = {SpringContextAware.class}) @Import(TraversalTestConfiguration.class) @SpringBootTest( diff --git a/aai-traversal/src/test/java/org/onap/aai/rest/GfpVserverDataStoredQueryTest.java b/aai-traversal/src/test/java/org/onap/aai/rest/GfpVserverDataStoredQueryTest.java index f43c91f..d539a77 100644 --- a/aai-traversal/src/test/java/org/onap/aai/rest/GfpVserverDataStoredQueryTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/rest/GfpVserverDataStoredQueryTest.java @@ -54,15 +54,16 @@ import org.mockito.Mockito; import org.onap.aai.AAISetup; import org.onap.aai.HttpTestUtil; import org.onap.aai.PayloadUtil; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.onap.aai.dbmap.AAIGraph; import org.onap.aai.setup.SchemaVersion; import org.onap.aai.transforms.XmlFormatTransformer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class GfpVserverDataStoredQueryTest extends AAISetup { private static final Logger logger = diff --git a/aai-traversal/src/test/java/org/onap/aai/rest/QueryConsumerTest.java b/aai-traversal/src/test/java/org/onap/aai/rest/QueryConsumerTest.java index e75019a..847753f 100644 --- a/aai-traversal/src/test/java/org/onap/aai/rest/QueryConsumerTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/rest/QueryConsumerTest.java @@ -43,7 +43,6 @@ import org.onap.aai.PayloadUtil; import org.onap.aai.TraversalApp; import org.onap.aai.TraversalTestConfiguration; import org.onap.aai.WebClientConfiguration; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.onap.aai.dbmap.AAIGraph; import org.onap.aai.exceptions.AAIException; import org.slf4j.Logger; @@ -56,7 +55,6 @@ import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.web.server.LocalServerPort; import org.springframework.context.annotation.Import; import org.springframework.http.*; -import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringRunner; import org.springframework.test.web.reactive.server.WebTestClient; @@ -67,7 +65,6 @@ import org.springframework.web.client.RestTemplate; webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT, classes = TraversalApp.class) @TestPropertySource(locations = "classpath:application-test.properties") -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @EnableAutoConfiguration(exclude={CassandraDataAutoConfiguration.class, CassandraAutoConfiguration.class}) // there is no running cassandra instance for the test @Import({TraversalTestConfiguration.class, WebClientConfiguration.class}) public class QueryConsumerTest { diff --git a/aai-traversal/src/test/java/org/onap/aai/rest/history/AbstractSpringHistoryRestTest.java b/aai-traversal/src/test/java/org/onap/aai/rest/history/AbstractSpringHistoryRestTest.java index 9fdce03..6c48c25 100644 --- a/aai-traversal/src/test/java/org/onap/aai/rest/history/AbstractSpringHistoryRestTest.java +++ b/aai-traversal/src/test/java/org/onap/aai/rest/history/AbstractSpringHistoryRestTest.java @@ -30,7 +30,6 @@ import org.janusgraph.core.JanusGraphTransaction; import org.junit.*; import org.onap.aai.TraversalApp; import org.onap.aai.TraversalTestConfiguration; -import org.onap.aai.config.PropertyPasswordConfiguration; import org.onap.aai.dbmap.AAIGraph; import org.onap.aai.exceptions.AAIException; import org.onap.aai.nodes.NodeIngestor; @@ -57,7 +56,6 @@ import org.springframework.web.client.RestTemplate; @TestPropertySource( locations = "classpath:application-test.properties", properties = {"history.enabled=true", "history.truncate.window.days = " + Integer.MAX_VALUE}) -@ContextConfiguration(initializers = PropertyPasswordConfiguration.class) @EnableAutoConfiguration(exclude={CassandraDataAutoConfiguration.class, CassandraAutoConfiguration.class}) // there is no running cassandra instance for the test @Import(TraversalTestConfiguration.class) public abstract class AbstractSpringHistoryRestTest { diff --git a/aai-traversal/src/test/resources/application-onap-test.properties b/aai-traversal/src/test/resources/application-onap-test.properties index 9241af4..05be0c7 100644 --- a/aai-traversal/src/test/resources/application-onap-test.properties +++ b/aai-traversal/src/test/resources/application-onap-test.properties @@ -29,13 +29,6 @@ server.local.startpath=src/main/resources server.basic.auth.location=${server.local.startpath}/etc/auth/realm.properties server.port=8446 -server.ssl.enabled-protocols=TLSv1.1,TLSv1.2 -server.ssl.key-store=${server.local.startpath}/etc/auth/aai-client-cert.p12 -server.ssl.key-store-password=password(1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o) -server.ssl.trust-store=${server.local.startpath}/etc/auth/tomcat_keystore -server.ssl.trust-store-password=password(1i9a1u2a1unz1lr61wn51wn11lss1unz1u301i6o) -server.ssl.client-auth=want -server.ssl.key-store-type=JKS # Schema related attributes for the oxm and edges # Any additional schema related attributes should start with prefix schema diff --git a/aai-traversal/src/test/resources/application-test.properties b/aai-traversal/src/test/resources/application-test.properties index 3fc66a4..e65d708 100644 --- a/aai-traversal/src/test/resources/application-test.properties +++ b/aai-traversal/src/test/resources/application-test.properties @@ -11,7 +11,6 @@ server.servlet.context-path=${schema.uri.base.path} spring.autoconfigure.exclude=\ org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration,\ org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration,\ - org.keycloak.adapters.springboot.KeycloakAutoConfiguration,\ org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration,\ org.springframework.boot.actuate.autoconfigure.security.servlet.ManagementWebSecurityAutoConfiguration @@ -82,3 +81,7 @@ management.metrics.web.server.request.autotime.enabled=false scrape.uri.metrics=true aai.notifications.enabled=false + +aai.basic-auth.enabled=true +aai.basic-auth.users[0].username=AAI +aai.basic-auth.users[0].password=AAI diff --git a/aai-traversal/src/test/resources/it/application-keycloak-test.properties b/aai-traversal/src/test/resources/it/application-keycloak-test.properties deleted file mode 100644 index 632ec81..0000000 --- a/aai-traversal/src/test/resources/it/application-keycloak-test.properties +++ /dev/null @@ -1,16 +0,0 @@ -test.keycloak.realm.json=it/multi-tenancy-realm.json -test.keycloak.client.secret=secret -test.keycloak.admin.cli=admin-cli -test.keycloak.auth-server-port=58181 - -keycloak.auth-server-url=http://localhost:58181/auth -keycloak.realm=aai-resources -keycloak.resource=aai-resources-app -keycloak.public-client=true -keycloak.principal-attribute=preferred_username - -keycloak.ssl-required=external -keycloak.bearer-only=true - -multi.tenancy.enabled=true -spring.profiles.active=production,keycloak diff --git a/aai-traversal/src/test/resources/it/multi-tenancy-realm.json b/aai-traversal/src/test/resources/it/multi-tenancy-realm.json deleted file mode 100644 index 401187b..0000000 --- a/aai-traversal/src/test/resources/it/multi-tenancy-realm.json +++ /dev/null @@ -1,173 +0,0 @@ -{ - "id": "aai-resources", - "realm": "aai-resources", - "notBefore": 0, - "revokeRefreshToken": false, - "refreshTokenMaxReuse": 0, - "accessTokenLifespan": 300, - "accessTokenLifespanForImplicitFlow": 900, - "ssoSessionIdleTimeout": 1800, - "ssoSessionMaxLifespan": 36000, - "ssoSessionIdleTimeoutRememberMe": 0, - "ssoSessionMaxLifespanRememberMe": 0, - "offlineSessionIdleTimeout": 2592000, - "offlineSessionMaxLifespanEnabled": false, - "offlineSessionMaxLifespan": 5184000, - "clientSessionIdleTimeout": 0, - "clientSessionMaxLifespan": 0, - "clientOfflineSessionIdleTimeout": 0, - "clientOfflineSessionMaxLifespan": 0, - "accessCodeLifespan": 60, - "accessCodeLifespanUserAction": 300, - "accessCodeLifespanLogin": 1800, - "actionTokenGeneratedByAdminLifespan": 43200, - "actionTokenGeneratedByUserLifespan": 300, - "enabled": true, - "sslRequired": "external", - "registrationAllowed": false, - "registrationEmailAsUsername": false, - "rememberMe": false, - "verifyEmail": false, - "loginWithEmailAllowed": true, - "duplicateEmailsAllowed": false, - "resetPasswordAllowed": false, - "editUsernameAllowed": false, - "bruteForceProtected": false, - "permanentLockout": false, - "maxFailureWaitSeconds": 900, - "minimumQuickLoginWaitSeconds": 60, - "waitIncrementSeconds": 60, - "quickLoginCheckMilliSeconds": 1000, - "maxDeltaTimeSeconds": 43200, - "failureFactor": 30, - "users": [ - { - "username": "admin", - "enabled": true, - "credentials": [ - { - "type": "password", - "value": "admin" - } - ], - "clientRoles": { - "realm-management": ["manage-users", "view-clients", "view-realm", "view-users"] - } - }, - { - "id": "ran", - "username": "ran", - "enabled": true, - "credentials": [ - { - "type": "password", - "value": "ran" - } - ], - "realmRoles": [ - "operator" - ] - }, - { - "id": "bob", - "username": "bob", - "enabled": true, - "credentials": [ - { - "type": "password", - "value": "bob" - } - ], - "realmRoles": [ - "operator_readOnly" - ] - }, - { - "id": "ted", - "username": "ted", - "enabled": true, - "credentials": [ - { - "type": "password", - "value": "ted" - } - ], - "realmRoles": [ - "selector" - ] - } - ], - "roles": { - "realm": [ - { - "name": "operator", - "description": "Operator privileges" - }, - { - "name": "operator_readOnly", - "description": "Operator's read only privileges" - }, - { - "name": "selector", - "description": "Selector privileges" - }, - { - "name": "selector_readOnly", - "description": "Selector's read only privileges" - }, - { - "name": "admin", - "description": "Administrator privileges" - } - ] - }, - "clients": [ - { - "clientId": "aai-resources-app", - "enabled": true, - "secret": "secret", - "directAccessGrantsEnabled": true, - "authorizationServicesEnabled": true, - "authorizationSettings": { - "allowRemoteResourceManagement": true, - "policyEnforcementMode": "ENFORCING" - } - } - ], - "defaultDefaultClientScopes": [ - "roles", - "email", - "web-origins", - "profile", - "role_list" - ], - "clientScopes": [ - { - "id": "0f7dfd8b-c230-4664-8d77-da85bcc4fe2a", - "name": "roles", - "description": "OpenID Connect scope for add user roles to the access token", - "protocol": "openid-connect", - "attributes": { - "include.in.token.scope": "true", - "display.on.consent.screen": "true", - "consent.screen.text": "${rolesScopeConsentText}" - }, - "protocolMappers": [ - { - "id": "4b9f8798-8990-4c0d-87d3-034e72655e3b", - "name": "realm roles", - "protocol": "openid-connect", - "protocolMapper": "oidc-usermodel-realm-role-mapper", - "consentRequired": false, - "config": { - "multivalued": "true", - "user.attribute": "foo", - "access.token.claim": "true", - "claim.name": "realm_access.roles", - "jsonType.label": "String" - } - } - ] - } - ] -}
\ No newline at end of file |