summaryrefslogtreecommitdiffstats
path: root/ms/controllerblueprints/application
diff options
context:
space:
mode:
authorDan Timoney <dtimoney@att.com>2018-12-03 19:42:59 +0000
committerGerrit Code Review <gerrit@onap.org>2018-12-03 19:42:59 +0000
commit8bc8a2ed3d2ade7487d215f5bc11223fcfc3f7f9 (patch)
tree5915be7bc0730cccfc9f361e0fa7931d3f3658cb /ms/controllerblueprints/application
parentfa5535933ab1bffdaef076a883cfa833179975a4 (diff)
parentbd28818bdba4ede90fe80877bf6839004516000a (diff)
Merge "Enable Webflux Service."
Diffstat (limited to 'ms/controllerblueprints/application')
-rw-r--r--ms/controllerblueprints/application/etc/logback.xml2
-rw-r--r--ms/controllerblueprints/application/opt/app/onap/config/application-dev.properties2
-rw-r--r--ms/controllerblueprints/application/opt/app/onap/config/application.properties2
-rw-r--r--ms/controllerblueprints/application/pom.xml53
-rw-r--r--ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java74
-rw-r--r--ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/SwaggerConfig.java7
-rw-r--r--ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/WebConfig.java11
-rw-r--r--ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java91
-rw-r--r--ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/CorsFilter.java64
-rw-r--r--ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java43
-rw-r--r--ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java74
-rw-r--r--ms/controllerblueprints/application/src/test/resources/application.properties2
12 files changed, 152 insertions, 273 deletions
diff --git a/ms/controllerblueprints/application/etc/logback.xml b/ms/controllerblueprints/application/etc/logback.xml
index 6639705e..01ae4f6c 100644
--- a/ms/controllerblueprints/application/etc/logback.xml
+++ b/ms/controllerblueprints/application/etc/logback.xml
@@ -16,7 +16,7 @@
<configuration>
- <property name="localPattern" value="%d{HH:mm:ss.SSS} %-5level %logger{100} - %msg%n" />
+ <property name="localPattern" value="%d{HH:mm:ss.SSS} [%thread] %-5level %logger{100} - %msg%n" />
<property name="defaultPattern" value="%date{ISO8601,UTC}|%X{RequestID}|%X{ServiceInstanceId}|%thread|%X{VirtualServerName}|%X{ServiceName}|%X{InstanceUUID}|%.-5level|%X{AlertSeverity}|%X{ServerIPAddress}|%X{ServerFQDN}|%X{RemoteHost}|%X{ClassName}|%X{Timer}| %msg%n" />
diff --git a/ms/controllerblueprints/application/opt/app/onap/config/application-dev.properties b/ms/controllerblueprints/application/opt/app/onap/config/application-dev.properties
index e0920870..8741fab2 100644
--- a/ms/controllerblueprints/application/opt/app/onap/config/application-dev.properties
+++ b/ms/controllerblueprints/application/opt/app/onap/config/application-dev.properties
@@ -19,7 +19,7 @@ appVersion=1.0.0
# Basic Authentication
basic-auth.user-name=ccsdkapps
-basic-auth.hashed-pwd=$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y
+basic-auth.hashed-pwd={bcrypt}$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y
#logging.pattern.console=%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(%5p) %clr($ threadId: {PID:- }){magenta} %clr(---){faint} %clr([ hostname: %X{hostname} serviceName: %X{serviceName} version: %X{version} transactionId: %X{transactionId} requestTimeStamp: %X{requestTimestamp} responseTimeStamp: %X{responseTimestamp} duration: %X{duration}]){yellow} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n%wex
diff --git a/ms/controllerblueprints/application/opt/app/onap/config/application.properties b/ms/controllerblueprints/application/opt/app/onap/config/application.properties
index 0160ee5f..aae37011 100644
--- a/ms/controllerblueprints/application/opt/app/onap/config/application.properties
+++ b/ms/controllerblueprints/application/opt/app/onap/config/application.properties
@@ -20,7 +20,7 @@ appVersion=1.0.0
# Basic Authentication
basic-auth.user-name=ccsdkapps
-basic-auth.hashed-pwd=$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y
+basic-auth.hashed-pwd={bcrypt}$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y
#logging.pattern.console=%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(%5p) %clr($ threadId: {PID:- }){magenta} %clr(---){faint} %clr([ hostname: %X{hostname} serviceName: %X{serviceName} version: %X{version} transactionId: %X{transactionId} requestTimeStamp: %X{requestTimestamp} responseTimeStamp: %X{responseTimestamp} duration: %X{duration}]){yellow} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n%wex
diff --git a/ms/controllerblueprints/application/pom.xml b/ms/controllerblueprints/application/pom.xml
index bf1c7525..bb0f7686 100644
--- a/ms/controllerblueprints/application/pom.xml
+++ b/ms/controllerblueprints/application/pom.xml
@@ -31,7 +31,7 @@
<artifactId>application</artifactId>
<name>Controller Blueprints Application</name>
<properties>
- <swagger.directory>${basedir}/src/main/resources/swagger-ui/dist</swagger.directory>
+ <swagger.directory>${basedir}/target/src/main/resources/swagger-ui</swagger.directory>
<java.version>1.8</java.version>
<name.space>org.onap.ccsdk.apps</name.space> <!-- <name.space>${namespace}</name.space> -->
<serviceArtifactName>controllerblueprints</serviceArtifactName>
@@ -205,9 +205,56 @@
<target>1.8</target>
</configuration>
</plugin>
+ <plugin>
+ <groupId>com.github.kongchen</groupId>
+ <artifactId>swagger-maven-plugin</artifactId>
+ <version>3.1.7</version>
+ <configuration>
+ <apiSources>
+ <apiSource>
+ <springmvc>true</springmvc>
+ <locations>org.onap.ccsdk.apps.controllerblueprints.service.rs
+ </locations>
+ <schemes>
+ <scheme>http</scheme>
+ <scheme>https</scheme>
+ </schemes>
+ <basePath>/api/v1</basePath>
+ <info>
+ <title>Controller Blueprints</title>
+ <version>${project.version}</version>
+ <description>
+ Controller blueprints API for VNF Self Service.
+ </description>
+ <termsOfService>
+ Terms of service
+ </termsOfService>
+ <contact>
+ <email>brindasanth@gmail.com</email>
+ <name>Brinda Santh</name>
+ <url>http://onap.com</url>
+ </contact>
+ <license>
+ <url>http://www.apache.org/licenses/LICENSE-2.0.html</url>
+ <name>Apache 2.0</name>
+ </license>
+ </info>
+ <swaggerDirectory>${swagger.directory}</swaggerDirectory>
+ </apiSource>
+ </apiSources>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>compile</phase>
+ <goals>
+ <goal>generate</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
</plugins>
</build>
-
-
+
+
</project>
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java
deleted file mode 100644
index 78706d57..00000000
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java
+++ /dev/null
@@ -1,74 +0,0 @@
-/*
- * Copyright © 2017-2018 AT&T Intellectual Property.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onap.ccsdk.apps.controllerblueprints;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import org.onap.ccsdk.apps.controllerblueprints.core.BluePrintException;
-import org.onap.ccsdk.apps.controllerblueprints.service.common.ErrorMessage;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
-import org.springframework.http.converter.HttpMessageNotReadableException;
-import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.web.csrf.InvalidCsrfTokenException;
-import org.springframework.web.HttpRequestMethodNotSupportedException;
-import org.springframework.web.bind.MethodArgumentNotValidException;
-import org.springframework.web.bind.annotation.ControllerAdvice;
-import org.springframework.web.bind.annotation.ExceptionHandler;
-import org.springframework.web.bind.annotation.ResponseStatus;
-import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.context.request.WebRequest;
-
-import javax.naming.AuthenticationException;
-import java.nio.file.AccessDeniedException;
-
-@ControllerAdvice
-@RestController
-@SuppressWarnings("unused")
-public class ApplicationExceptionHandler {
- private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationExceptionHandler.class);
-
- @ExceptionHandler(Exception.class)
- public final ResponseEntity<ErrorMessage> handleAllExceptions(Exception ex, WebRequest request) {
- log.error("Application Exception", ex);
- ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), HttpStatus.INTERNAL_SERVER_ERROR.value(), ex.getLocalizedMessage());
- return new ResponseEntity<>(exceptionResponse, HttpStatus.INTERNAL_SERVER_ERROR);
- }
-
- @ExceptionHandler({InvalidCsrfTokenException.class, AuthenticationException.class, BadCredentialsException.class, AccessDeniedException.class})
- @ResponseStatus(value = HttpStatus.UNAUTHORIZED)
- public final ResponseEntity<ErrorMessage> handleAuthenticationRequest(Exception ex, WebRequest request) {
- log.error("Authentication Exception", ex);
- ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), HttpStatus.UNAUTHORIZED.value(), ex.getLocalizedMessage());
- return new ResponseEntity<>(exceptionResponse, HttpStatus.UNAUTHORIZED);
- }
-
- @ExceptionHandler({HttpMessageNotReadableException.class, MethodArgumentNotValidException.class,
- HttpRequestMethodNotSupportedException.class})
- public final ResponseEntity<ErrorMessage> handleBadRequest(Exception ex, WebRequest request) {
- log.error("Bad Request Exception", ex);
- ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), HttpStatus.BAD_REQUEST.value(), ex.getLocalizedMessage());
- return new ResponseEntity<>(exceptionResponse, HttpStatus.BAD_REQUEST);
- }
-
- @ExceptionHandler(BluePrintException.class)
- public final ResponseEntity<ErrorMessage> handleBlueprintException(BluePrintException ex, WebRequest request) {
- log.error("Application Blueprint Exception", ex);
- ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), ex.getCode(), ex.getLocalizedMessage());
- return new ResponseEntity<>(exceptionResponse, HttpStatus.INTERNAL_SERVER_ERROR);
- }
-}
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/SwaggerConfig.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/SwaggerConfig.java
index 8b96f04a..b9c0bd19 100644
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/SwaggerConfig.java
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/SwaggerConfig.java
@@ -21,7 +21,6 @@ import org.jetbrains.annotations.NotNull;
import org.onap.ccsdk.apps.controllerblueprints.core.BluePrintConstants;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.RequestMethod;
import springfox.documentation.builders.PathSelectors;
@@ -34,7 +33,6 @@ import springfox.documentation.service.Header;
import springfox.documentation.service.ResponseMessage;
import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
-import springfox.documentation.swagger2.annotations.EnableSwagger2;
import java.util.Collections;
import java.util.HashMap;
@@ -46,8 +44,9 @@ import java.util.Map;
*
* @author Brinda Santh 8/13/2018
*/
-@Configuration
-@EnableSwagger2
+@Deprecated
+//@Configuration
+//@EnableSwagger2
@SuppressWarnings("unused")
public class SwaggerConfig {
@Value("${appVersion}")
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/WebConfig.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/WebConfig.java
index 83f5f19e..45faa1b5 100644
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/WebConfig.java
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/WebConfig.java
@@ -17,6 +17,7 @@
package org.onap.ccsdk.apps.controllerblueprints;
import org.springframework.context.annotation.Configuration;
+import org.springframework.web.reactive.config.CorsRegistry;
import org.springframework.web.reactive.config.ResourceHandlerRegistry;
import org.springframework.web.reactive.config.WebFluxConfigurationSupport;
@@ -35,5 +36,15 @@ public class WebConfig extends WebFluxConfigurationSupport {
registry.addResourceHandler("/webjars/**")
.addResourceLocations("classpath:/META-INF/resources/webjars/");
+
+ }
+
+ @Override
+ public void addCorsMappings(CorsRegistry corsRegistry) {
+ corsRegistry.addMapping("/**")
+ .allowedOrigins("*")
+ .allowedMethods("*")
+ .allowedHeaders("DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range")
+ .maxAge(3600);
}
}
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java
index 44761177..367ea7d9 100644
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java
@@ -20,66 +20,79 @@ package org.onap.ccsdk.apps.controllerblueprints.filters;
import com.google.common.base.Preconditions;
import org.apache.commons.lang3.StringUtils;
import org.onap.ccsdk.apps.controllerblueprints.core.BluePrintConstants;
-import org.onap.logging.ref.slf4j.ONAPLogAdapter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.slf4j.MDC;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.core.Ordered;
-import org.springframework.core.annotation.Order;
-import org.springframework.stereotype.Component;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.server.reactive.ServerHttpRequest;
+import org.springframework.http.server.reactive.ServerHttpResponse;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
-import javax.servlet.*;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
+import java.time.ZoneOffset;
+import java.time.ZonedDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.UUID;
/**
* ApplicationLoggingFilter
*
* @author Brinda Santh 8/14/2018
*/
-@Component
-@WebFilter(asyncSupported = true, urlPatterns = {"/*"})
-@Order(Ordered.HIGHEST_PRECEDENCE)
+@Configuration
@SuppressWarnings("unused")
-public class ApplicationLoggingFilter implements Filter {
+public class ApplicationLoggingFilter implements WebFilter {
private static Logger log = LoggerFactory.getLogger(ApplicationLoggingFilter.class);
@SuppressWarnings("unused")
@Value("${appVersion}")
private String appVersion;
- public void doFilter(ServletRequest request,
- ServletResponse response,
- FilterChain chain) throws IOException, ServletException {
-
- HttpServletRequest req = (HttpServletRequest) request;
- HttpServletResponse res = (HttpServletResponse) response;
-
- ONAPLogAdapter onapLogAdapter = new ONAPLogAdapter(log);
- onapLogAdapter.entering(req);
-
- String[] tokens = StringUtils.split(appVersion, '.');
- Preconditions.checkNotNull(tokens, "failed to split application versions");
- Preconditions.checkArgument(tokens.length == 3, "failed to tokenize application versions");
- res.addHeader(BluePrintConstants.RESPONSE_HEADER_TRANSACTION_ID, MDC.get("RequestID"));
- res.addHeader(BluePrintConstants.RESPONSE_HEADER_MINOR_VERSION, tokens[1]);
- res.addHeader(BluePrintConstants.RESPONSE_HEADER_PATCH_VERSION, tokens[2]);
- res.addHeader(BluePrintConstants.RESPONSE_HEADER_LATEST_VERSION, appVersion);
- chain.doFilter(request, response);
- // Clean the MDC info
- onapLogAdapter.exiting();
+ @Override
+ public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
+ try {
+
+ ServerHttpRequest request = serverWebExchange.getRequest();
+ ServerHttpResponse response = serverWebExchange.getResponse();
+
+ String[] tokens = StringUtils.split(appVersion, '.');
+ Preconditions.checkNotNull(tokens, "failed to split application versions");
+ Preconditions.checkArgument(tokens.length == 3, "failed to tokenize application versions");
+ HttpHeaders header = response.getHeaders();
+
+ String requestID = defaultToUUID(request.getHeaders().getFirst("X-ONAP-RequestID"));
+ String invocationID = defaultToUUID(request.getHeaders().getFirst("X-ONAP-InvocationID"));
+ String partnerName = defaultToEmpty(request.getHeaders().getFirst("X-ONAP-PartnerName"));
+ MDC.put("InvokeTimestamp", ZonedDateTime.now(ZoneOffset.UTC).format(DateTimeFormatter.ISO_INSTANT));
+ MDC.put("RequestID", requestID);
+ MDC.put("InvocationID", invocationID);
+ MDC.put("PartnerName", partnerName);
+ MDC.put("ClientIPAddress", defaultToEmpty(request.getRemoteAddress().getAddress()));
+ MDC.put("ServerFQDN", defaultToEmpty(request.getRemoteAddress().getHostString()));
+
+ header.add(BluePrintConstants.RESPONSE_HEADER_TRANSACTION_ID, requestID);
+ header.add(BluePrintConstants.RESPONSE_HEADER_MINOR_VERSION, tokens[1]);
+ header.add(BluePrintConstants.RESPONSE_HEADER_PATCH_VERSION, tokens[2]);
+ header.add(BluePrintConstants.RESPONSE_HEADER_LATEST_VERSION, appVersion);
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ return webFilterChain.filter(serverWebExchange);
+
}
- @Override
- public void init(FilterConfig filterConfig) {
- //method does nothing
+ private static String defaultToUUID(String in) {
+ return in == null ? UUID.randomUUID().toString() : in;
}
- @Override
- public void destroy() {
- //method does nothing
+ private static String defaultToEmpty(Object in) {
+ return in == null ? "" : in.toString();
}
+
+
} \ No newline at end of file
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/CorsFilter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/CorsFilter.java
deleted file mode 100644
index b97fa178..00000000
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/CorsFilter.java
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Copyright © 2017-2018 AT&T Intellectual Property.
- * Modifications Copyright © 2018 IBM.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onap.ccsdk.apps.controllerblueprints.filters;
-
-import org.springframework.http.HttpMethod;
-import org.springframework.stereotype.Component;
-import javax.servlet.*;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-/**
- * CorsFilter.java Purpose: Provide Configuration Generator CorsFilter Information
- *
- * @author Brinda Santh
- */
-@Component
-@WebFilter(asyncSupported = true, urlPatterns = {"/*"})
-@SuppressWarnings("unused")
-public class CorsFilter implements Filter {
-
- public void destroy() {
- //method does nothing
- }
-
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain chain)
- throws IOException, ServletException {
-
- HttpServletRequest request = (HttpServletRequest) servletRequest;
- HttpServletResponse response = (HttpServletResponse) servletResponse;
-
- response.addHeader("Access-Control-Allow-Origin", "*");
- response.addHeader("Access-Control-Allow-Methods", "*");
- response.addHeader("Access-Control-Allow-Headers",
- "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range");
-
- if (request.getMethod().equals(HttpMethod.OPTIONS.toString())) {
- response.addHeader("Access-Control-Max-Age", "1728000");
- response.setStatus(HttpServletResponse.SC_ACCEPTED);
- return;
- }
- chain.doFilter(request, servletResponse);
- }
-
- public void init(FilterConfig fConfig) throws ServletException {
- //method does nothing
- }
-
-} \ No newline at end of file
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java
deleted file mode 100644
index e3df3a62..00000000
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java
+++ /dev/null
@@ -1,43 +0,0 @@
-/*
- * Copyright © 2017-2018 AT&T Intellectual Property.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package org.onap.ccsdk.apps.controllerblueprints.security;
-
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
-import org.springframework.stereotype.Component;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-@Component
-public class ApplicationBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {
-
- @Override
- public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException)
- throws IOException {
- response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");
- response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");
- }
-
- @Override
- public void afterPropertiesSet() throws Exception {
- setRealmName("CCSDK-APPS");
- super.afterPropertiesSet();
- }
-
-} \ No newline at end of file
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java
index 3a39d782..334574f7 100644
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java
@@ -1,38 +1,35 @@
/*
- * Copyright © 2017-2018 AT&T Intellectual Property.
+ * Copyright © 2017-2018 AT&T Intellectual Property.
*
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
package org.onap.ccsdk.apps.controllerblueprints.security;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.core.userdetails.MapReactiveUserDetailsService;
+import org.springframework.security.core.userdetails.User;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.web.server.SecurityWebFilterChain;
@SuppressWarnings("unused")
-@Configuration
-@EnableWebSecurity
-public class ApplicationSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+@EnableWebFluxSecurity
+public class ApplicationSecurityConfigurerAdapter {
@Value("${basic-auth.user-name}")
private String userName;
@@ -42,31 +39,24 @@ public class ApplicationSecurityConfigurerAdapter extends WebSecurityConfigurerA
private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class);
- @Autowired
- private ApplicationBasicAuthenticationEntryPoint authenticationEntryPoint;
-
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
- log.info("User Id {} and hashed pwd : {}", userName, userHashedPassword);
- auth.inMemoryAuthentication()
- .withUser(userName).password(userHashedPassword)
- .authorities("ROLE_USER");
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests()
- .antMatchers("/actuator/health").permitAll()
- .antMatchers("/**").authenticated()
- .and()
- .httpBasic()
- .authenticationEntryPoint(authenticationEntryPoint);
+ @Bean
+ public SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
http.csrf().disable();
+ http.authorizeExchange()
+ .pathMatchers("/webjars/**", "/actuator/**").permitAll()
+ .anyExchange().authenticated()
+ .and().httpBasic();
+
+ return http.build();
}
@Bean
- public PasswordEncoder passwordEncoder() {
- return new BCryptPasswordEncoder();
+ public MapReactiveUserDetailsService userDetailsService() {
+ User.UserBuilder userBuilder = User.builder();
+ UserDetails defaultUser = userBuilder
+ .username(userName)
+ .password(userHashedPassword).roles("USER").build();
+ return new MapReactiveUserDetailsService(defaultUser);
}
} \ No newline at end of file
diff --git a/ms/controllerblueprints/application/src/test/resources/application.properties b/ms/controllerblueprints/application/src/test/resources/application.properties
index 62ef2a74..0e878976 100644
--- a/ms/controllerblueprints/application/src/test/resources/application.properties
+++ b/ms/controllerblueprints/application/src/test/resources/application.properties
@@ -22,7 +22,7 @@ appVersion=1.0.0
# Basic Authentication
basic-auth.user-name=ccsdkapps
-basic-auth.hashed-pwd=$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y
+basic-auth.hashed-pwd={bcrypt}$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y
#To Remove Null in JSON API Response
spring.jackson.default-property-inclusion=non_null