Controller Blueprints Microservice

Add basic authentication for Controllerblueprint MS.

Change-Id: I145e26d6feba873e8d3ed82e4169cbaa425a277e
Issue-ID: CCSDK-590
Signed-off-by: Muthuramalingam, Brinda Santh(bs2796) <bs2796@att.com>

4 files changed, 132 insertions, 0 deletions

diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java
index 6e9dcd7f9..78706d570 100644
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java
@@ -23,13 +23,19 @@ import org.onap.ccsdk.apps.controllerblueprints.service.common.ErrorMessage;
 import org.springframework.http.HttpStatus;

 import org.springframework.http.ResponseEntity;

 import org.springframework.http.converter.HttpMessageNotReadableException;

+import org.springframework.security.authentication.BadCredentialsException;

+import org.springframework.security.web.csrf.InvalidCsrfTokenException;

 import org.springframework.web.HttpRequestMethodNotSupportedException;

 import org.springframework.web.bind.MethodArgumentNotValidException;

 import org.springframework.web.bind.annotation.ControllerAdvice;

 import org.springframework.web.bind.annotation.ExceptionHandler;

+import org.springframework.web.bind.annotation.ResponseStatus;

 import org.springframework.web.bind.annotation.RestController;

 import org.springframework.web.context.request.WebRequest;

 

+import javax.naming.AuthenticationException;

+import java.nio.file.AccessDeniedException;

+

 @ControllerAdvice

 @RestController

 @SuppressWarnings("unused")

@@ -43,6 +49,14 @@ public class ApplicationExceptionHandler {
         return new ResponseEntity<>(exceptionResponse, HttpStatus.INTERNAL_SERVER_ERROR);

     }

 

+    @ExceptionHandler({InvalidCsrfTokenException.class, AuthenticationException.class, BadCredentialsException.class, AccessDeniedException.class})

+    @ResponseStatus(value = HttpStatus.UNAUTHORIZED)

+    public final ResponseEntity<ErrorMessage> handleAuthenticationRequest(Exception ex, WebRequest request) {

+        log.error("Authentication Exception", ex);

+        ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), HttpStatus.UNAUTHORIZED.value(), ex.getLocalizedMessage());

+        return new ResponseEntity<>(exceptionResponse, HttpStatus.UNAUTHORIZED);

+    }

+

     @ExceptionHandler({HttpMessageNotReadableException.class, MethodArgumentNotValidException.class,

             HttpRequestMethodNotSupportedException.class})

     public final ResponseEntity<ErrorMessage> handleBadRequest(Exception ex, WebRequest request) {

diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java
index fbef55fb9..44761177b 100644
--- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java
@@ -25,6 +25,8 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import org.slf4j.MDC;

 import org.springframework.beans.factory.annotation.Value;

+import org.springframework.core.Ordered;

+import org.springframework.core.annotation.Order;

 import org.springframework.stereotype.Component;

 

 import javax.servlet.*;

@@ -40,6 +42,7 @@ import java.io.IOException;
  */

 @Component

 @WebFilter(asyncSupported = true, urlPatterns = {"/*"})

+@Order(Ordered.HIGHEST_PRECEDENCE)

 @SuppressWarnings("unused")

 public class ApplicationLoggingFilter implements Filter {

     private static Logger log = LoggerFactory.getLogger(ApplicationLoggingFilter.class);

diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java
new file mode 100644
index 000000000..e3df3a621
--- /dev/null
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java
@@ -0,0 +1,43 @@
+/*

+ *  Copyright © 2017-2018 AT&T Intellectual Property.

+ *

+ *  Licensed under the Apache License, Version 2.0 (the "License");

+ *  you may not use this file except in compliance with the License.

+ *  You may obtain a copy of the License at

+ *

+ *      http://www.apache.org/licenses/LICENSE-2.0

+ *

+ *  Unless required by applicable law or agreed to in writing, software

+ *  distributed under the License is distributed on an "AS IS" BASIS,

+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ *  See the License for the specific language governing permissions and

+ *  limitations under the License.

+ */

+

+package org.onap.ccsdk.apps.controllerblueprints.security;

+

+import org.springframework.security.core.AuthenticationException;

+import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;

+import org.springframework.stereotype.Component;

+import javax.servlet.http.HttpServletRequest;

+import javax.servlet.http.HttpServletResponse;

+import java.io.IOException;

+

+@Component

+public class ApplicationBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint {

+

+    @Override

+    public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException)

+            throws IOException {

+        response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\"");

+        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

+        response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized");

+    }

+

+    @Override

+    public void afterPropertiesSet() throws Exception {

+        setRealmName("CCSDK-APPS");

+        super.afterPropertiesSet();

+    }

+

+}
\ No newline at end of file
diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java
new file mode 100644
index 000000000..3a39d7821
--- /dev/null
+++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java
@@ -0,0 +1,72 @@
+/*

+ *  Copyright © 2017-2018 AT&T Intellectual Property.

+ *

+ *  Licensed under the Apache License, Version 2.0 (the "License");

+ *  you may not use this file except in compliance with the License.

+ *  You may obtain a copy of the License at

+ *

+ *      http://www.apache.org/licenses/LICENSE-2.0

+ *

+ *  Unless required by applicable law or agreed to in writing, software

+ *  distributed under the License is distributed on an "AS IS" BASIS,

+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ *  See the License for the specific language governing permissions and

+ *  limitations under the License.

+ */

+

+package org.onap.ccsdk.apps.controllerblueprints.security;

+

+import com.att.eelf.configuration.EELFLogger;

+import com.att.eelf.configuration.EELFManager;

+import org.springframework.beans.factory.annotation.Autowired;

+import org.springframework.beans.factory.annotation.Value;

+import org.springframework.context.annotation.Bean;

+import org.springframework.context.annotation.Configuration;

+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

+import org.springframework.security.config.annotation.web.builders.HttpSecurity;

+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

+import org.springframework.security.crypto.password.PasswordEncoder;

+

+@SuppressWarnings("unused")

+@Configuration

+@EnableWebSecurity

+public class ApplicationSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {

+

+    @Value("${basic-auth.user-name}")

+    private String userName;

+

+    @Value("${basic-auth.hashed-pwd}")

+    private String userHashedPassword;

+

+    private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class);

+

+    @Autowired

+    private ApplicationBasicAuthenticationEntryPoint authenticationEntryPoint;

+

+    @Autowired

+    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

+        log.info("User Id {} and hashed pwd : {}", userName, userHashedPassword);

+        auth.inMemoryAuthentication()

+                .withUser(userName).password(userHashedPassword)

+                .authorities("ROLE_USER");

+    }

+

+    @Override

+    protected void configure(HttpSecurity http) throws Exception {

+        http.authorizeRequests()

+                .antMatchers("/actuator/health").permitAll()

+                .antMatchers("/**").authenticated()

+                .and()

+                .httpBasic()

+                .authenticationEntryPoint(authenticationEntryPoint);

+

+        http.csrf().disable();

+    }

+

+    @Bean

+    public PasswordEncoder passwordEncoder() {

+        return new BCryptPasswordEncoder();

+    }

+}
\ No newline at end of file