From 4e5ef77b4dc14cb346d70d279edee3e641ae1b08 Mon Sep 17 00:00:00 2001 From: Fiete Ostkamp Date: Tue, 4 Feb 2025 08:09:34 +0100 Subject: Use 1.15.5 aai-common release Issue-ID: AAI-4119 Change-Id: Ib8234105000fbc36ff330b555defd62e93e375a7 Signed-off-by: Fiete Ostkamp --- .../interceptors/pre/OneWaySslAuthorization.java | 85 ----------------- .../org/onap/aai/service/AuthorizationService.java | 106 --------------------- .../java/org/onap/aai/web/JerseyConfiguration.java | 1 - pom.xml | 4 +- 4 files changed, 2 insertions(+), 194 deletions(-) delete mode 100644 aai-traversal/src/main/java/org/onap/aai/interceptors/pre/OneWaySslAuthorization.java delete mode 100644 aai-traversal/src/main/java/org/onap/aai/service/AuthorizationService.java diff --git a/aai-traversal/src/main/java/org/onap/aai/interceptors/pre/OneWaySslAuthorization.java b/aai-traversal/src/main/java/org/onap/aai/interceptors/pre/OneWaySslAuthorization.java deleted file mode 100644 index 4cd6548..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/interceptors/pre/OneWaySslAuthorization.java +++ /dev/null @@ -1,85 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.interceptors.pre; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import java.util.Optional; - -import javax.annotation.Priority; -import javax.ws.rs.container.ContainerRequestContext; -import javax.ws.rs.container.ContainerRequestFilter; -import javax.ws.rs.container.PreMatching; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; - -import org.onap.aai.TraversalProfiles; -import org.onap.aai.exceptions.AAIException; -import org.onap.aai.interceptors.AAIContainerFilter; -import org.onap.aai.logging.ErrorLogHelper; -import org.onap.aai.service.AuthorizationService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Profile; - -@Profile(TraversalProfiles.ONE_WAY_SSL) -@PreMatching -@Priority(AAIRequestFilterPriority.AUTHORIZATION) -public class OneWaySslAuthorization extends AAIContainerFilter implements ContainerRequestFilter { - - @Autowired - private AuthorizationService authorizationService; - - @Override - public void filter(ContainerRequestContext containerRequestContext) throws IOException { - - if (containerRequestContext.getUriInfo().getRequestUri().getPath() - .matches("^.*/util/echo$")) { - return; - } - - String basicAuth = containerRequestContext.getHeaderString("Authorization"); - List acceptHeaderValues = containerRequestContext.getAcceptableMediaTypes(); - - if (basicAuth == null || !basicAuth.startsWith("Basic ")) { - Optional responseOptional = errorResponse("AAI_3300", acceptHeaderValues); - containerRequestContext.abortWith(responseOptional.get()); - return; - } - - basicAuth = basicAuth.replaceAll("Basic ", ""); - - if (!authorizationService.checkIfUserAuthorized(basicAuth)) { - Optional responseOptional = errorResponse("AAI_3300", acceptHeaderValues); - containerRequestContext.abortWith(responseOptional.get()); - return; - } - - } - - private Optional errorResponse(String errorCode, List acceptHeaderValues) { - AAIException aaie = new AAIException(errorCode); - return Optional.of(Response.status(aaie.getErrorObject().getHTTPResponseCode()) - .entity( - ErrorLogHelper.getRESTAPIErrorResponse(acceptHeaderValues, aaie, new ArrayList<>())) - .build()); - - } -} diff --git a/aai-traversal/src/main/java/org/onap/aai/service/AuthorizationService.java b/aai-traversal/src/main/java/org/onap/aai/service/AuthorizationService.java deleted file mode 100644 index ac69e31..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/service/AuthorizationService.java +++ /dev/null @@ -1,106 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.service; - -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Path; -import java.util.Base64; -import java.util.HashMap; -import java.util.Map; -import java.util.stream.Stream; -import javax.annotation.PostConstruct; -import org.eclipse.jetty.util.security.Password; -import org.onap.aai.TraversalProfiles; -import org.onap.aai.util.AAIConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Service; - -@Service -@Profile(TraversalProfiles.ONE_WAY_SSL) -public class AuthorizationService { - - private static final Logger logger = LoggerFactory.getLogger(AuthorizationService.class); - - private final Map authorizedUsers = new HashMap<>(); - - private static final Base64.Encoder ENCODER = Base64.getEncoder(); - - @PostConstruct - public void init() { - - String basicAuthFile = getBasicAuthFilePath(); - - try (Stream stream = Files.lines(Path.of(basicAuthFile))) { - stream.filter(line -> !line.startsWith("#")).forEach(str -> { - byte[] bytes = null; - - String usernamePassword = null; - String accessType = null; - - String[] userAccessType = str.split(","); - - if (userAccessType.length != 2) { - throw new RuntimeException( - "Please check the realm.properties file as it is not conforming to the basic auth"); - } - - usernamePassword = userAccessType[0]; - accessType = userAccessType[1]; - - String[] usernamePasswordArray = usernamePassword.split(":"); - - if (usernamePasswordArray.length != 3) { - throw new RuntimeException( - "This username / pwd is not a valid entry in realm.properties"); - } - - String username = usernamePasswordArray[0]; - String password = null; - - if (str.contains("OBF:")) { - password = usernamePasswordArray[1] + ":" + usernamePasswordArray[2]; - password = Password.deobfuscate(password); - } - - bytes = - ENCODER.encode((username + ":" + password).getBytes(StandardCharsets.UTF_8)); - - authorizedUsers.put(new String(bytes), accessType); - - authorizedUsers.put(new String(ENCODER.encode(bytes)), accessType); - }); - } catch (IOException e) { - logger.error("IO Exception occurred during the reading of realm.properties", e); - } - } - - public boolean checkIfUserAuthorized(String authorization) { - return authorizedUsers.containsKey(authorization) - && "admin".equals(authorizedUsers.get(authorization)); - } - - public String getBasicAuthFilePath() { - return AAIConstants.AAI_HOME_ETC_AUTH + AAIConstants.AAI_FILESEP + "realm.properties"; - } -} diff --git a/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java b/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java index 4424a3c..959089b 100644 --- a/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java +++ b/aai-traversal/src/main/java/org/onap/aai/web/JerseyConfiguration.java @@ -68,7 +68,6 @@ public class JerseyConfiguration { org.onap.aai.interceptors.pre.RequestTransactionLogging.class, org.onap.aai.interceptors.pre.HeaderValidation.class, org.onap.aai.interceptors.pre.HttpHeaderInterceptor.class, - org.onap.aai.interceptors.pre.OneWaySslAuthorization.class, org.onap.aai.interceptors.pre.VersionLatestInterceptor.class, org.onap.aai.interceptors.pre.RetiredInterceptor.class, org.onap.aai.interceptors.pre.VersionInterceptor.class, diff --git a/pom.xml b/pom.xml index 762c174..5625f7f 100644 --- a/pom.xml +++ b/pom.xml @@ -26,7 +26,7 @@ org.onap.aai.aai-common aai-parent - 1.15.5-SNAPSHOT + 1.15.5 org.onap.aai.traversal traversal @@ -42,7 +42,7 @@ Nexus Proxy Properties and Snapshot Locations Ideally this can be overwritten at runtime per internal environment specific values at runtime --> - 1.15.5-SNAPSHOT + 1.15.5 https://nexus.onap.org /content/sites/site/org/onap/aai/traversal/${project.artifactId}/${project.version} /content/repositories/releases/ -- cgit 1.2.3-korg