diff options
author | Muthuramalingam, Brinda Santh(bs2796) <bs2796@att.com> | 2018-09-21 04:15:10 +0000 |
---|---|---|
committer | Muthuramalingam, Brinda Santh(bs2796) <bs2796@att.com> | 2018-09-21 04:15:10 +0000 |
commit | c5fd649dc92ead7a0de25a668beb0d5d10337381 (patch) | |
tree | bb783913df34966eb658f04da2e36051d1aff46a /ms/controllerblueprints/application/src/main | |
parent | 15ac6196f60ba08a7567139ab43c5c60aa2d1a1f (diff) |
Controller Blueprints Microservice
Add basic authentication for Controllerblueprint MS.
Change-Id: I145e26d6feba873e8d3ed82e4169cbaa425a277e
Issue-ID: CCSDK-590
Signed-off-by: Muthuramalingam, Brinda Santh(bs2796) <bs2796@att.com>
Diffstat (limited to 'ms/controllerblueprints/application/src/main')
4 files changed, 132 insertions, 0 deletions
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java index 6e9dcd7f..78706d57 100644 --- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java @@ -23,13 +23,19 @@ import org.onap.ccsdk.apps.controllerblueprints.service.common.ErrorMessage; import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.http.converter.HttpMessageNotReadableException;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.web.csrf.InvalidCsrfTokenException;
import org.springframework.web.HttpRequestMethodNotSupportedException;
import org.springframework.web.bind.MethodArgumentNotValidException;
import org.springframework.web.bind.annotation.ControllerAdvice;
import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.ResponseStatus;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.context.request.WebRequest;
+import javax.naming.AuthenticationException;
+import java.nio.file.AccessDeniedException;
+
@ControllerAdvice
@RestController
@SuppressWarnings("unused")
@@ -43,6 +49,14 @@ public class ApplicationExceptionHandler { return new ResponseEntity<>(exceptionResponse, HttpStatus.INTERNAL_SERVER_ERROR);
}
+ @ExceptionHandler({InvalidCsrfTokenException.class, AuthenticationException.class, BadCredentialsException.class, AccessDeniedException.class})
+ @ResponseStatus(value = HttpStatus.UNAUTHORIZED)
+ public final ResponseEntity<ErrorMessage> handleAuthenticationRequest(Exception ex, WebRequest request) {
+ log.error("Authentication Exception", ex);
+ ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), HttpStatus.UNAUTHORIZED.value(), ex.getLocalizedMessage());
+ return new ResponseEntity<>(exceptionResponse, HttpStatus.UNAUTHORIZED);
+ }
+
@ExceptionHandler({HttpMessageNotReadableException.class, MethodArgumentNotValidException.class,
HttpRequestMethodNotSupportedException.class})
public final ResponseEntity<ErrorMessage> handleBadRequest(Exception ex, WebRequest request) {
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java index fbef55fb..44761177 100644 --- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java @@ -25,6 +25,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
@@ -40,6 +42,7 @@ import java.io.IOException; */
@Component
@WebFilter(asyncSupported = true, urlPatterns = {"/*"})
+@Order(Ordered.HIGHEST_PRECEDENCE)
@SuppressWarnings("unused")
public class ApplicationLoggingFilter implements Filter {
private static Logger log = LoggerFactory.getLogger(ApplicationLoggingFilter.class);
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java new file mode 100644 index 00000000..e3df3a62 --- /dev/null +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java @@ -0,0 +1,43 @@ +/*
+ * Copyright © 2017-2018 AT&T Intellectual Property.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.ccsdk.apps.controllerblueprints.security;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class ApplicationBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
+
+ @Override
+ public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException)
+ throws IOException {
+ response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
+ }
+
+ @Override
+ public void afterPropertiesSet() throws Exception {
+ setRealmName("CCSDK-APPS");
+ super.afterPropertiesSet();
+ }
+
+}
\ No newline at end of file diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java new file mode 100644 index 00000000..3a39d782 --- /dev/null +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java @@ -0,0 +1,72 @@ +/*
+ * Copyright © 2017-2018 AT&T Intellectual Property.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.onap.ccsdk.apps.controllerblueprints.security;
+
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+@SuppressWarnings("unused")
+@Configuration
+@EnableWebSecurity
+public class ApplicationSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
+ @Value("${basic-auth.user-name}")
+ private String userName;
+
+ @Value("${basic-auth.hashed-pwd}")
+ private String userHashedPassword;
+
+ private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class);
+
+ @Autowired
+ private ApplicationBasicAuthenticationEntryPoint authenticationEntryPoint;
+
+ @Autowired
+ public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
+ log.info("User Id {} and hashed pwd : {}", userName, userHashedPassword);
+ auth.inMemoryAuthentication()
+ .withUser(userName).password(userHashedPassword)
+ .authorities("ROLE_USER");
+ }
+
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests()
+ .antMatchers("/actuator/health").permitAll()
+ .antMatchers("/**").authenticated()
+ .and()
+ .httpBasic()
+ .authenticationEntryPoint(authenticationEntryPoint);
+
+ http.csrf().disable();
+ }
+
+ @Bean
+ public PasswordEncoder passwordEncoder() {
+ return new BCryptPasswordEncoder();
+ }
+}
\ No newline at end of file |