diff options
Diffstat (limited to 'ms/blueprintsprocessor/application/src')
22 files changed, 596 insertions, 480 deletions
diff --git a/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml b/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml new file mode 100755 index 000000000..407aa6b20 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/dc/docker-compose.yaml @@ -0,0 +1,46 @@ +version: '3.3' + +services: + db: + image: mariadb:latest + container_name: ccsdk-mariadb + ports: + - "3306:3306" + volumes: + - ~/vm_mysql:/var/lib/mysql + restart: always + environment: + MYSQL_ROOT_PASSWORD: sdnctl + MYSQL_DATABASE: sdnctl + MYSQL_USER: sdnctl + MYSQL_PASSWORD: sdnctl + blueprints-processor: + depends_on: + - db + image: onap/ccsdk-blueprintsprocessor:latest + container_name: bp-processor + ports: + - "8000:8080" + - "9111:9111" + restart: always + volumes: + - blueprints-deploy:/opt/app/onap/blueprints/deploy + environment: + APPLICATIONNAME: BlueprintsProcessor + BUNDLEVERSION: 1.0.0 + APP_CONFIG_HOME: /opt/app/onap/config + STICKYSELECTORKEY: + ENVCONTEXT: dev + command-executor: + depends_on: + - db + image: onap/ccsdk-commandexecutor:latest + container_name: bp-command-executor + ports: + - "50051:50051" + restart: always + volumes: + - blueprints-deploy:/opt/app/onap/blueprints/deploy + +volumes: + blueprints-deploy: diff --git a/ms/blueprintsprocessor/application/src/main/docker/Dockerfile b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile new file mode 100755 index 000000000..dab0a4c01 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/docker/Dockerfile @@ -0,0 +1,18 @@ +FROM omahoco1/alpine-java-python + +ENV HTTP_PROXY ${HTTP_PROXY} +ENV HTTPS_PROXY ${HTTPS_PROXY} + +# add entrypoint +COPY run.source /etc/run.source +COPY startService.sh /startService.sh +RUN chmod 777 /startService.sh && dos2unix /startService.sh + +# add application +COPY @project.build.finalName@-@assembly.id@.tar.gz /source.tar.gz +RUN tar -xzf /source.tar.gz -C /tmp \ + && cp -rf /tmp/@project.build.finalName@/opt / \ + && rm -rf /source.tar.gz \ + && rm -rf /tmp/@project.build.finalName@ + +ENTRYPOINT /startService.sh
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/docker/distribution.xml b/ms/blueprintsprocessor/application/src/main/docker/distribution.xml new file mode 100755 index 000000000..2ff3739df --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/docker/distribution.xml @@ -0,0 +1,62 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + ~ Copyright © 2018-2019 Bell Canada. + ~ Modifications Copyright © 2019 IBM. + ~ + ~ Licensed under the Apache License, Version 2.0 (the "License"); + ~ you may not use this file except in compliance with the License. + ~ You may obtain a copy of the License at + ~ + ~ http://www.apache.org/licenses/LICENSE-2.0 + ~ + ~ Unless required by applicable law or agreed to in writing, software + ~ distributed under the License is distributed on an "AS IS" BASIS, + ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ~ See the License for the specific language governing permissions and + ~ limitations under the License. + --> + +<assembly xmlns="http://maven.apache.org/ASSEMBLY/2.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="http://maven.apache.org/ASSEMBLY/2.0.0 http://maven.apache.org/xsd/assembly-2.0.0.xsd"> + <!-- create a tar.gz file containing the projects dependencies --> + <id>${assembly.id}</id> + <formats> + <format>tar.gz</format> + </formats> + <dependencySets> + <dependencySet> + <outputDirectory>/opt/app/onap/lib</outputDirectory> + <outputFileNameMapping>${artifact.groupId}-${artifact.artifactId}-${artifact.version}${dashClassifier?}.${artifact.extension}</outputFileNameMapping> + <excludes> + <exclude>org.slf4j:slf4j-simple</exclude> + <exclude>org.apache.karaf.*</exclude> + </excludes> + </dependencySet> + </dependencySets> + <fileSets> + <fileSet> + <directory>${project.basedir}/src/main/resources</directory> + <includes> + <include>application.properties</include> + <include>logback.xml</include> + </includes> + <outputDirectory>/opt/app/onap/config</outputDirectory> + <useDefaultExcludes>true</useDefaultExcludes> + </fileSet> + <fileSet> + <directory>${project.basedir}/../../../components/model-catalog</directory> + <outputDirectory>/opt/app/onap/model-catalog</outputDirectory> + <includes> + <include>blueprint-model/service-blueprint/**</include> + <include>definition-type/starter-type/**</include> + <include>resource-dictionary/starter-dictionary/**</include> + </includes> + </fileSet> + <fileSet> + <directory>${project.basedir}/../../../components/scripts/python</directory> + <outputDirectory>/opt/app/onap/scripts/jython</outputDirectory> + <useDefaultExcludes>true</useDefaultExcludes> + </fileSet> + </fileSets> +</assembly>
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/docker/run.source b/ms/blueprintsprocessor/application/src/main/docker/run.source new file mode 100755 index 000000000..f3d8c7ca6 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/docker/run.source @@ -0,0 +1,12 @@ +java -classpath "/etc:${APP_HOME}/lib/*:/lib/*:/src:/schema:/generated-sources:${APP_CONFIG_HOME}:${APP_HOME}" \ +-DappName=${APPLICATIONNAME} -DappVersion=${BUNDLEVERSION} \ +-DrouteOffer=${ROUTEOFFER} \ +-DVERSION_ROUTEOFFER_ENVCONTEXT=${BUNDLEVERSION}/${STICKYSELECTORKEY}/${ENVCONTEXT} \ +-DSecurityFilePath=/etc \ +-DREST_NAME_NORMALIZER_PATTERN_FILE=/etc/PatternInputs.txt \ +-Dms_name=org.onap.ccsdk.cds.blueprintsprocessor \ +-Dlogging.config=${APP_CONFIG_HOME}/logback.xml \ +-Djava.security.egd=file:/dev/./urandom \ +-DAPPNAME=${APP_NAME} -DAPPENV=${APP_ENV} -DAPPVERSION=${APP_VERSION} -DNAMESPACE=${NAMESPACE} \ +-Dspring.config.location=${APP_CONFIG_HOME}/ \ +org.onap.ccsdk.cds.blueprintsprocessor.BlueprintProcessorApplicationKt diff --git a/ms/blueprintsprocessor/application/src/main/docker/startService.sh b/ms/blueprintsprocessor/application/src/main/docker/startService.sh new file mode 100644 index 000000000..14d772e41 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/docker/startService.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +nodeName=BlueprintsProcessor_1.0.0_$(cat /proc/self/cgroup | grep docker | sed s/\\//\\n/g | tail -1) + +echo "APP Config HOME : ${APP_CONFIG_HOME}" +export APP_HOME=/opt/app/onap + +keytool -import -noprompt -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts -storepass changeit -alias ONAP -import -file $APP_CONFIG_HOME/ONAP_RootCA.cer + +source /etc/run.source diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.java b/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.java deleted file mode 100644 index 9214121e4..000000000 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Copyright © 2017-2018 AT&T Intellectual Property. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.ccsdk.cds.blueprintsprocessor; - -import io.grpc.Server; -import io.grpc.ServerBuilder; -import org.onap.ccsdk.cds.blueprintsprocessor.designer.api.BluePrintManagementGRPCHandler; -import org.onap.ccsdk.cds.blueprintsprocessor.security.BasicAuthServerInterceptor; -import org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.BluePrintProcessingGRPCHandler; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.context.ApplicationListener; -import org.springframework.context.event.ContextRefreshedEvent; -import org.springframework.stereotype.Component; - -@ConditionalOnProperty(name = "blueprintsprocessor.grpcEnable", havingValue = "true") -@Component -public class BlueprintGRPCServer implements ApplicationListener<ContextRefreshedEvent> { - - private static Logger log = LoggerFactory.getLogger(BlueprintGRPCServer.class); - - @Autowired - private BluePrintProcessingGRPCHandler bluePrintProcessingGRPCHandler; - @Autowired - private BluePrintManagementGRPCHandler bluePrintManagementGRPCHandler; - @Autowired - private BasicAuthServerInterceptor authInterceptor; - - @Value("${blueprintsprocessor.grpcPort}") - private Integer grpcPort; - - @Override - public void onApplicationEvent(ContextRefreshedEvent event) { - try { - log.info("Starting Blueprint Processor GRPC Starting.."); - Server server = ServerBuilder - .forPort(grpcPort) - .intercept(authInterceptor) - .addService(bluePrintProcessingGRPCHandler) - .addService(bluePrintManagementGRPCHandler) - .build(); - - server.start(); - log.info("Blueprint Processor GRPC server started and ready to serve on port({})...", server.getPort()); - } catch (Exception e) { - log.error("*** Error ***", e); - } - } -} diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.java b/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.java deleted file mode 100644 index ce802b7b5..000000000 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.java +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright © 2017-2018 AT&T Intellectual Property. - * Modifications Copyright © 2018 IBM. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.ccsdk.cds.blueprintsprocessor; - -import io.swagger.annotations.Api; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import springfox.documentation.builders.PathSelectors; -import springfox.documentation.builders.RequestHandlerSelectors; -import springfox.documentation.service.ApiInfo; -import springfox.documentation.service.Contact; -import springfox.documentation.spi.DocumentationType; -import springfox.documentation.spring.web.plugins.Docket; - -import java.util.Collections; - -/** - * SwaggerConfig - * - * @author Brinda Santh 8/13/2018 - */ -@Configuration -//@EnableSwagger2WebFlux -public class SwaggerConfig { - - @Bean - public Docket api() { - return new Docket(DocumentationType.SWAGGER_2) - .select() - .apis(RequestHandlerSelectors.withClassAnnotation(Api.class)) - .paths(PathSelectors.any()) - .build() - .apiInfo(apiInfo()); - } - - private ApiInfo apiInfo() { - return new ApiInfo( - "CDS Blueprints Processor APIs", - "Provide APIs to interact with CBA, their resolved resources and templates, and stored resource configurations.", - "0.5.1", - null, - new Contact("CCSDK Team", "www.onap.org", "onap-discuss@lists.onap.org"), - "Apache 2.0", - "http://www.apache.org/licenses/LICENSE-2.0", - Collections.emptyList()); - } -}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.java b/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.java deleted file mode 100644 index 32abff011..000000000 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.java +++ /dev/null @@ -1,79 +0,0 @@ -/* - * Copyright © 2017-2018 AT&T Intellectual Property. - * Modifications Copyright © 2018 IBM. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.onap.ccsdk.cds.blueprintsprocessor; - -import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager; -import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpMethod; -import org.springframework.security.config.web.server.ServerHttpSecurity; -import org.springframework.security.web.server.SecurityWebFilterChain; -import org.springframework.web.reactive.config.CorsRegistry; -import org.springframework.web.reactive.config.ResourceHandlerRegistry; -import org.springframework.web.reactive.config.WebFluxConfigurer; - -/** - * WebConfig - * - * @author Brinda Santh 8/13/2018 - */ -@Configuration -public class WebConfig implements WebFluxConfigurer { - - @Autowired - private AuthenticationManager authenticationManager; - - @Autowired - private SecurityContextRepository securityContextRepository; - - @Override - public void addResourceHandlers(ResourceHandlerRegistry registry) { - - registry.addResourceHandler("/swagger-ui.html**") - .addResourceLocations("classpath:/META-INF/resources/"); - - registry.addResourceHandler("/webjars/**") - .addResourceLocations("classpath:/META-INF/resources/webjars/"); - } - - @Override - public void addCorsMappings(CorsRegistry corsRegistry) { - corsRegistry.addMapping("/**") - .allowedOrigins("*") - .allowedMethods("*") - .allowedHeaders("*") - .maxAge(3600); - } - - - @Bean - public SecurityWebFilterChain securitygWebFilterChain(ServerHttpSecurity http) { - return http.csrf().disable() - .formLogin().disable() - .httpBasic().disable() - .authenticationManager(authenticationManager) - .securityContextRepository(securityContextRepository) - .authorizeExchange() - .pathMatchers(HttpMethod.OPTIONS).permitAll() - .anyExchange().authenticated() - .and().build(); - - } -} diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.java b/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.java deleted file mode 100644 index d0bf9e87f..000000000 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.java +++ /dev/null @@ -1,94 +0,0 @@ -/* - * Copyright (C) 2019 Bell Canada. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onap.ccsdk.cds.blueprintsprocessor.security; - -import com.google.common.base.Strings; -import io.grpc.*; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; - -import java.nio.charset.StandardCharsets; -import java.util.Base64; - -@Component -public class BasicAuthServerInterceptor implements ServerInterceptor { - - private static Logger log = LoggerFactory.getLogger(BasicAuthServerInterceptor.class); - - @Autowired - private AuthenticationManager authenticationManager; - - - @Override - public <ReqT, RespT> ServerCall.Listener<ReqT> interceptCall( - ServerCall<ReqT, RespT> call, - Metadata headers, - ServerCallHandler<ReqT, RespT> next) { - String authHeader = headers.get(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)); - - if (Strings.isNullOrEmpty(authHeader)) { - throw Status.UNAUTHENTICATED.withDescription("Missing required authentication").asRuntimeException(); - - } - - try { - String[] tokens = decodeBasicAuth(authHeader); - String username = tokens[0]; - - log.info("Basic Authentication Authorization header found for user: {}", username); - - Authentication authRequest = new UsernamePasswordAuthenticationToken(username, tokens[1]); - Authentication authResult = authenticationManager.authenticate(authRequest).block(); - - log.info("Authentication success: {}", authResult); - - SecurityContextHolder.getContext().setAuthentication(authResult); - - } catch (AuthenticationException e) { - SecurityContextHolder.clearContext(); - - log.info("Authentication request failed: {}", e.getMessage()); - - throw Status.UNAUTHENTICATED.withDescription(e.getMessage()).withCause(e).asRuntimeException(); - } - - return next.startCall(call, headers); - } - - private String[] decodeBasicAuth(String authHeader) { - String basicAuth; - try { - basicAuth = new String(Base64.getDecoder().decode(authHeader.substring(6).getBytes(StandardCharsets.UTF_8)), - StandardCharsets.UTF_8); - } catch (IllegalArgumentException | IndexOutOfBoundsException e) { - throw new BadCredentialsException("Failed to decode basic authentication token"); - } - - int delim = basicAuth.indexOf(':'); - if (delim == -1) { - throw new BadCredentialsException("Failed to decode basic authentication token"); - } - - return new String[]{basicAuth.substring(0, delim), basicAuth.substring(delim + 1)}; - } -}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.java b/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.java deleted file mode 100644 index bd6469bba..000000000 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2019 Bell Canada. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onap.ccsdk.cds.blueprintsprocessor.security; - -import java.util.Collections; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.authentication.dao.DaoAuthenticationProvider; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; -import org.springframework.security.provisioning.InMemoryUserDetailsManager; - -@Configuration -public class SecurityConfiguration { - - @Value("${security.user.name}") - private String username; - - @Value("${security.user.password}") - private String password; - - @Bean - public UserDetailsService inMemoryUserService() { - UserDetails user = new User(username, password, - Collections.singletonList(new SimpleGrantedAuthority("USER"))); - return new InMemoryUserDetailsManager(user); - } - - @Bean - public PasswordEncoder passwordEncoder() { - return new BCryptPasswordEncoder(); - } - - @Bean - public AuthenticationProvider inMemoryAuthenticationProvider() { - DaoAuthenticationProvider provider = new DaoAuthenticationProvider(); - provider.setUserDetailsService(inMemoryUserService()); - return provider; - } -}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.java b/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.java deleted file mode 100644 index 75eebc5c3..000000000 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.java +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Copyright (C) 2019 Bell Canada. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.onap.ccsdk.cds.blueprintsprocessor.security; - -import java.nio.charset.StandardCharsets; -import java.util.Base64; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.http.HttpHeaders; -import org.springframework.http.server.reactive.ServerHttpRequest; -import org.springframework.security.authentication.BadCredentialsException; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextImpl; -import org.springframework.security.web.server.context.ServerSecurityContextRepository; -import org.springframework.stereotype.Component; -import org.springframework.web.server.ServerWebExchange; -import reactor.core.publisher.Mono; - -@Component -public class SecurityContextRepository implements ServerSecurityContextRepository { - - @Autowired - private AuthenticationManager authenticationManager; - - @Override - public Mono<Void> save(ServerWebExchange swe, SecurityContext sc) { - throw new UnsupportedOperationException("Not supported."); - } - - @Override - public Mono<SecurityContext> load(ServerWebExchange swe) { - ServerHttpRequest request = swe.getRequest(); - String authHeader = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION); - if (authHeader != null && authHeader.startsWith("Basic")) { - String[] tokens = decodeBasicAuth(authHeader); - String username = tokens[0]; - String password = tokens[1]; - Authentication auth = new UsernamePasswordAuthenticationToken(username, password); - return this.authenticationManager.authenticate(auth).map(SecurityContextImpl::new); - } else { - return Mono.empty(); - } - } - - private String[] decodeBasicAuth(String authHeader) { - String basicAuth; - try { - basicAuth = new String(Base64.getDecoder().decode(authHeader.substring(6).getBytes(StandardCharsets.UTF_8)), - StandardCharsets.UTF_8); - } catch (IllegalArgumentException | IndexOutOfBoundsException e) { - throw new BadCredentialsException("Failed to decode basic authentication token"); - } - - int delim = basicAuth.indexOf(':'); - if (delim == -1) { - throw new BadCredentialsException("Failed to decode basic authentication token"); - } - - return new String[]{basicAuth.substring(0, delim), basicAuth.substring(delim + 1)}; - } -}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.kt new file mode 100644 index 000000000..160a1b1b4 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.kt @@ -0,0 +1,58 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import io.grpc.ServerBuilder +import org.onap.ccsdk.cds.blueprintsprocessor.designer.api.BluePrintManagementGRPCHandler +import org.onap.ccsdk.cds.blueprintsprocessor.security.BasicAuthServerInterceptor +import org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.BluePrintProcessingGRPCHandler +import org.onap.ccsdk.cds.controllerblueprints.core.logger +import org.springframework.beans.factory.annotation.Value +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty +import org.springframework.context.ApplicationListener +import org.springframework.context.event.ContextRefreshedEvent +import org.springframework.stereotype.Component + +@ConditionalOnProperty(name = ["blueprintsprocessor.grpcEnable"], havingValue = "true") +@Component +open class BlueprintGRPCServer(private val bluePrintProcessingGRPCHandler: BluePrintProcessingGRPCHandler, + private val bluePrintManagementGRPCHandler: BluePrintManagementGRPCHandler, + private val authInterceptor: BasicAuthServerInterceptor) + : ApplicationListener<ContextRefreshedEvent> { + + private val log = logger(BlueprintGRPCServer::class) + + @Value("\${blueprintsprocessor.grpcPort}") + private val grpcPort: Int? = null + + override fun onApplicationEvent(event: ContextRefreshedEvent) { + try { + log.info("Starting Blueprint Processor GRPC Starting..") + val server = ServerBuilder + .forPort(grpcPort!!) + .intercept(authInterceptor) + .addService(bluePrintProcessingGRPCHandler) + .addService(bluePrintManagementGRPCHandler) + .build() + + server.start() + log.info("Blueprint Processor GRPC server started and ready to serve on port({})...", server.port) + } catch (e: Exception) { + log.error("*** Error ***", e) + } + } +} diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.java b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.kt index 85ccd1f43..4251fb5cb 100644 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.java +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.kt @@ -14,21 +14,20 @@ * limitations under the License. */ -package org.onap.ccsdk.cds.blueprintsprocessor; +package org.onap.ccsdk.cds.blueprintsprocessor -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory; -import org.springframework.boot.web.server.WebServerFactoryCustomizer; -import org.springframework.stereotype.Component; +import org.springframework.beans.factory.annotation.Value +import org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory +import org.springframework.boot.web.server.WebServerFactoryCustomizer +import org.springframework.stereotype.Component @Component -public class BlueprintHttpServer implements WebServerFactoryCustomizer<NettyReactiveWebServerFactory> { +open class BlueprintHttpServer : WebServerFactoryCustomizer<NettyReactiveWebServerFactory> { - @Value("${blueprintsprocessor.httpPort}") - private Integer httpPort; + @Value("\${blueprintsprocessor.httpPort}") + private val httpPort: Int? = null - @Override - public void customize(NettyReactiveWebServerFactory serverFactory) { - serverFactory.setPort(httpPort); + override fun customize(serverFactory: NettyReactiveWebServerFactory) { + serverFactory.port = httpPort!! } }
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.java b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.kt index 3d5145a22..3709a9785 100644 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.java +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.kt @@ -14,30 +14,28 @@ * limitations under the License. */ -package org.onap.ccsdk.cds.blueprintsprocessor; +package org.onap.ccsdk.cds.blueprintsprocessor -import org.springframework.boot.SpringApplication; -import org.springframework.boot.autoconfigure.EnableAutoConfiguration; -import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; -import org.springframework.context.annotation.ComponentScan; +import org.springframework.boot.SpringApplication +import org.springframework.boot.autoconfigure.EnableAutoConfiguration +import org.springframework.boot.autoconfigure.SpringBootApplication +import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration +import org.springframework.context.annotation.ComponentScan /** * BlueprintProcessorApplication * - * @author Brinda Santh 8/14/2018 + * @author Brinda Santh */ @SpringBootApplication -@EnableAutoConfiguration(exclude = {DataSourceAutoConfiguration.class}) -@ComponentScan(basePackages = {"org.onap.ccsdk.cds.blueprintsprocessor", "org.onap.ccsdk.cds.controllerblueprints"}) -public class BlueprintProcessorApplication { +@EnableAutoConfiguration(exclude = [DataSourceAutoConfiguration::class]) +@ComponentScan(basePackages = ["org.onap.ccsdk.cds.blueprintsprocessor", "org.onap.ccsdk.cds.controllerblueprints"]) +open class BlueprintProcessorApplication - public static void main(String[] args) { +fun main(args: Array<String>) { + // This is required for TemplateController.getStoredResult to accept a content-type value + // as a request parameter, e.g. &format=application%2Fxml is accepted + System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true") - // This is required for TemplateController.getStoredResult to accept a content-type value - // as a request parameter, e.g. &format=application%2Fxml is accepted - System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true"); - - SpringApplication.run(BlueprintProcessorApplication.class, args); - } + SpringApplication.run(BlueprintProcessorApplication::class.java, *args) } diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt new file mode 100644 index 000000000..a8ee57d9d --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt @@ -0,0 +1,60 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import io.swagger.annotations.Api +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import springfox.documentation.builders.PathSelectors +import springfox.documentation.builders.RequestHandlerSelectors +import springfox.documentation.service.ApiInfo +import springfox.documentation.service.Contact +import springfox.documentation.spi.DocumentationType +import springfox.documentation.spring.web.plugins.Docket + +/** + * SwaggerConfig + * + * @author Brinda Santh + */ +@Configuration +//@EnableSwagger2WebFlux +open class SwaggerConfig { + + @Bean + open fun api(): Docket { + return Docket(DocumentationType.SWAGGER_2) + .select() + .apis(RequestHandlerSelectors.withClassAnnotation(Api::class.java)) + .paths(PathSelectors.any()) + .build() + .apiInfo(apiInfo()) + } + + private fun apiInfo(): ApiInfo { + return ApiInfo( + "CDS Blueprints Processor APIs", + "Provide APIs to interact with CBA, their resolved resources and templates, and stored resource configurations.", + "0.7.0", + null, + Contact("CCSDK Team", "www.onap.org", "onap-discuss@lists.onap.org"), + "Apache 2.0", + "http://www.apache.org/licenses/LICENSE-2.0", + emptyList()) + } +}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt new file mode 100644 index 000000000..5b12d8df7 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt @@ -0,0 +1,69 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager +import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.http.HttpMethod +import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.web.server.SecurityWebFilterChain +import org.springframework.web.reactive.config.CorsRegistry +import org.springframework.web.reactive.config.ResourceHandlerRegistry +import org.springframework.web.reactive.config.WebFluxConfigurer + +/** + * WebConfig + * + * @author Brinda Santh + */ +@Configuration +open class WebConfig(private val authenticationManager: AuthenticationManager, + private val securityContextRepository: SecurityContextRepository) : WebFluxConfigurer { + + override fun addResourceHandlers(registry: ResourceHandlerRegistry) { + + registry.addResourceHandler("/swagger-ui.html**") + .addResourceLocations("classpath:/META-INF/resources/") + + registry.addResourceHandler("/webjars/**") + .addResourceLocations("classpath:/META-INF/resources/webjars/") + } + + override fun addCorsMappings(corsRegistry: CorsRegistry) { + corsRegistry.addMapping("/**") + .allowedOrigins("*") + .allowedMethods("*") + .allowedHeaders("*") + .maxAge(3600) + } + + @Bean + open fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { + return http.csrf().disable() + .formLogin().disable() + .httpBasic().disable() + .authenticationManager(authenticationManager) + .securityContextRepository(securityContextRepository!!) + .authorizeExchange() + .pathMatchers(HttpMethod.OPTIONS).permitAll() + .anyExchange().authenticated() + .and().build() + } +} diff --git a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.java b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.kt index 1eb0de498..933425bc3 100644 --- a/ms/blueprintsprocessor/application/src/main/java/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.java +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.kt @@ -13,28 +13,25 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package org.onap.ccsdk.cds.blueprintsprocessor.security; +package org.onap.ccsdk.cds.blueprintsprocessor.security -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.security.authentication.AuthenticationProvider; -import org.springframework.security.authentication.ReactiveAuthenticationManager; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.AuthenticationException; -import reactor.core.publisher.Mono; +import org.springframework.context.annotation.Configuration +import org.springframework.security.authentication.AuthenticationProvider +import org.springframework.security.authentication.ReactiveAuthenticationManager +import org.springframework.security.core.Authentication +import org.springframework.security.core.AuthenticationException +import reactor.core.publisher.Mono @Configuration -public class AuthenticationManager implements ReactiveAuthenticationManager { +open class AuthenticationManager(private val authenticationProvider: AuthenticationProvider) + : ReactiveAuthenticationManager { - @Autowired - private AuthenticationProvider authenticationProvider; - - @Override - public Mono<Authentication> authenticate(Authentication authentication) { + override fun authenticate(authentication: Authentication): Mono<Authentication> { try { - return Mono.just(authenticationProvider.authenticate(authentication)); - } catch (AuthenticationException e) { - return Mono.error(e); + return Mono.just(authenticationProvider.authenticate(authentication)) + } catch (e: AuthenticationException) { + return Mono.error(e) } + } }
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.kt new file mode 100644 index 000000000..f821462af --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.kt @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.onap.ccsdk.cds.blueprintsprocessor.security + +import io.grpc.* +import org.onap.ccsdk.cds.controllerblueprints.core.logger +import org.springframework.security.authentication.BadCredentialsException +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken +import org.springframework.security.core.AuthenticationException +import org.springframework.security.core.context.SecurityContextHolder +import org.springframework.stereotype.Component +import java.nio.charset.StandardCharsets +import java.util.* + +@Component +class BasicAuthServerInterceptor(private val authenticationManager: AuthenticationManager) + : ServerInterceptor { + + private val log = logger(BasicAuthServerInterceptor::class) + + override fun <ReqT, RespT> interceptCall( + call: ServerCall<ReqT, RespT>, + headers: Metadata, + next: ServerCallHandler<ReqT, RespT>): ServerCall.Listener<ReqT> { + val authHeader = headers.get(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)) + + if (authHeader.isNullOrEmpty()) { + throw Status.UNAUTHENTICATED.withDescription("Missing required authentication") + .asRuntimeException() + } + + try { + val tokens = decodeBasicAuth(authHeader) + val username = tokens[0] + + log.info("Basic Authentication Authorization header found for user: {}", username) + + val authRequest = UsernamePasswordAuthenticationToken(username, tokens[1]) + val authResult = authenticationManager!!.authenticate(authRequest).block() + + log.info("Authentication success: {}", authResult) + + SecurityContextHolder.getContext().authentication = authResult + + } catch (e: AuthenticationException) { + SecurityContextHolder.clearContext() + + log.info("Authentication request failed: {}", e.message) + + throw Status.UNAUTHENTICATED.withDescription(e.message).withCause(e).asRuntimeException() + } + + return next.startCall(call, headers) + } + + private fun decodeBasicAuth(authHeader: String): Array<String> { + val basicAuth: String + try { + basicAuth = String(Base64.getDecoder().decode(authHeader.substring(6).toByteArray(StandardCharsets.UTF_8)), + StandardCharsets.UTF_8) + } catch (e: IllegalArgumentException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } catch (e: IndexOutOfBoundsException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + val delim = basicAuth.indexOf(':') + if (delim == -1) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + return arrayOf(basicAuth.substring(0, delim), basicAuth.substring(delim + 1)) + } +}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.kt new file mode 100644 index 000000000..70b0df2d1 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.kt @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.onap.ccsdk.cds.blueprintsprocessor.security + +import org.springframework.beans.factory.annotation.Value +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.security.authentication.AuthenticationProvider +import org.springframework.security.authentication.dao.DaoAuthenticationProvider +import org.springframework.security.core.authority.SimpleGrantedAuthority +import org.springframework.security.core.userdetails.User +import org.springframework.security.core.userdetails.UserDetailsService +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder +import org.springframework.security.crypto.password.PasswordEncoder +import org.springframework.security.provisioning.InMemoryUserDetailsManager + +@Configuration +open class SecurityConfiguration { + + @Value("\${security.user.name}") + lateinit var username: String + + @Value("\${security.user.password}") + lateinit var password: String + + @Bean + open fun inMemoryUserService(): UserDetailsService { + val user = User(username, password, + listOf(SimpleGrantedAuthority("USER"))) + return InMemoryUserDetailsManager(user) + } + + @Bean + open fun passwordEncoder(): PasswordEncoder { + return BCryptPasswordEncoder() + } + + @Bean + open fun inMemoryAuthenticationProvider(): AuthenticationProvider { + val provider = DaoAuthenticationProvider() + provider.setUserDetailsService(inMemoryUserService()) + return provider + } +}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.kt new file mode 100644 index 000000000..f1c362f57 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.kt @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.onap.ccsdk.cds.blueprintsprocessor.security + +import org.springframework.http.HttpHeaders +import org.springframework.security.authentication.BadCredentialsException +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken +import org.springframework.security.core.context.SecurityContext +import org.springframework.security.core.context.SecurityContextImpl +import org.springframework.security.web.server.context.ServerSecurityContextRepository +import org.springframework.stereotype.Component +import org.springframework.web.server.ServerWebExchange +import reactor.core.publisher.Mono +import java.nio.charset.StandardCharsets +import java.util.* + +@Component +class SecurityContextRepository(private val authenticationManager: AuthenticationManager) + : ServerSecurityContextRepository { + + override fun save(swe: ServerWebExchange, sc: SecurityContext): Mono<Void> { + throw UnsupportedOperationException("Not supported.") + } + + override fun load(swe: ServerWebExchange): Mono<SecurityContext> { + val request = swe.request + val authHeader = request.headers.getFirst(HttpHeaders.AUTHORIZATION) + if (authHeader != null && authHeader.startsWith("Basic")) { + val tokens = decodeBasicAuth(authHeader) + val username = tokens[0] + val password = tokens[1] + val auth = UsernamePasswordAuthenticationToken(username, password) + return this.authenticationManager!!.authenticate(auth) + .map { SecurityContextImpl(it) } + } else { + return Mono.empty() + } + } + + private fun decodeBasicAuth(authHeader: String): Array<String> { + val basicAuth: String + try { + basicAuth = String(Base64.getDecoder().decode(authHeader.substring(6).toByteArray(StandardCharsets.UTF_8)), + StandardCharsets.UTF_8) + } catch (e: IllegalArgumentException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } catch (e: IndexOutOfBoundsException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + val delim = basicAuth.indexOf(':') + if (delim == -1) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + return arrayOf(basicAuth.substring(0, delim), basicAuth.substring(delim + 1)) + } +}
\ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties b/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties index 3ae9414a9..3b1a18953 100755 --- a/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties +++ b/ms/blueprintsprocessor/application/src/main/resources/application-dev.properties @@ -23,6 +23,9 @@ # Web server config server.port=8081 +# Used in Health Check +endpoints.user.name=ccsdkapps +endpoints.user.password=ccsdkapps ### START -Controller Blueprints Properties # Load Resource Source Mappings diff --git a/ms/blueprintsprocessor/application/src/main/resources/application.properties b/ms/blueprintsprocessor/application/src/main/resources/application.properties index 8fe00e709..37e39655a 100755 --- a/ms/blueprintsprocessor/application/src/main/resources/application.properties +++ b/ms/blueprintsprocessor/application/src/main/resources/application.properties @@ -59,6 +59,10 @@ blueprints.processor.functions.python.executor.modulePaths=/opt/app/onap/scripts security.user.password: {bcrypt}$2a$10$duaUzVUVW0YPQCSIbGEkQOXwafZGwQ/b32/Ys4R1iwSSawFgz7QNu security.user.name: ccsdkapps +# Used in Health Check +endpoints.user.name=ccsdkapps +endpoints.user.password=ccsdkapps + # SDN-C's ODL Restconf Connection Details blueprintsprocessor.restconfEnabled=true blueprintsprocessor.restclient.sdncodl.type=basic-auth |