From 65279626aae2c414f023a85feb9e3fee41e7215c Mon Sep 17 00:00:00 2001 From: Brinda Santh Date: Fri, 6 Sep 2019 14:37:04 -0400 Subject: Refactor distribution module to application. Change-Id: If6451215e1d1c3b1b5963bbe5c6cda1532f01ac5 Issue-ID: CCSDK-1697 Signed-off-by: Brinda Santh --- .../cds/blueprintsprocessor/BlueprintGRPCServer.kt | 58 +++++++++++++++ .../cds/blueprintsprocessor/BlueprintHttpServer.kt | 33 ++++++++ .../BlueprintProcessorApplication.kt | 41 ++++++++++ .../ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt | 60 +++++++++++++++ .../ccsdk/cds/blueprintsprocessor/WebConfig.kt | 69 +++++++++++++++++ .../security/AuthenticationManager.kt | 37 +++++++++ .../security/BasicAuthServerInterceptor.kt | 87 ++++++++++++++++++++++ .../security/SecurityConfiguration.kt | 57 ++++++++++++++ .../security/SecurityContextRepository.kt | 71 ++++++++++++++++++ 9 files changed, 513 insertions(+) create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.kt create mode 100644 ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.kt (limited to 'ms/blueprintsprocessor/application/src/main/kotlin') diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.kt new file mode 100644 index 000000000..160a1b1b4 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintGRPCServer.kt @@ -0,0 +1,58 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import io.grpc.ServerBuilder +import org.onap.ccsdk.cds.blueprintsprocessor.designer.api.BluePrintManagementGRPCHandler +import org.onap.ccsdk.cds.blueprintsprocessor.security.BasicAuthServerInterceptor +import org.onap.ccsdk.cds.blueprintsprocessor.selfservice.api.BluePrintProcessingGRPCHandler +import org.onap.ccsdk.cds.controllerblueprints.core.logger +import org.springframework.beans.factory.annotation.Value +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty +import org.springframework.context.ApplicationListener +import org.springframework.context.event.ContextRefreshedEvent +import org.springframework.stereotype.Component + +@ConditionalOnProperty(name = ["blueprintsprocessor.grpcEnable"], havingValue = "true") +@Component +open class BlueprintGRPCServer(private val bluePrintProcessingGRPCHandler: BluePrintProcessingGRPCHandler, + private val bluePrintManagementGRPCHandler: BluePrintManagementGRPCHandler, + private val authInterceptor: BasicAuthServerInterceptor) + : ApplicationListener { + + private val log = logger(BlueprintGRPCServer::class) + + @Value("\${blueprintsprocessor.grpcPort}") + private val grpcPort: Int? = null + + override fun onApplicationEvent(event: ContextRefreshedEvent) { + try { + log.info("Starting Blueprint Processor GRPC Starting..") + val server = ServerBuilder + .forPort(grpcPort!!) + .intercept(authInterceptor) + .addService(bluePrintProcessingGRPCHandler) + .addService(bluePrintManagementGRPCHandler) + .build() + + server.start() + log.info("Blueprint Processor GRPC server started and ready to serve on port({})...", server.port) + } catch (e: Exception) { + log.error("*** Error ***", e) + } + } +} diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.kt new file mode 100644 index 000000000..4251fb5cb --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintHttpServer.kt @@ -0,0 +1,33 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import org.springframework.beans.factory.annotation.Value +import org.springframework.boot.web.embedded.netty.NettyReactiveWebServerFactory +import org.springframework.boot.web.server.WebServerFactoryCustomizer +import org.springframework.stereotype.Component + +@Component +open class BlueprintHttpServer : WebServerFactoryCustomizer { + + @Value("\${blueprintsprocessor.httpPort}") + private val httpPort: Int? = null + + override fun customize(serverFactory: NettyReactiveWebServerFactory) { + serverFactory.port = httpPort!! + } +} \ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.kt new file mode 100644 index 000000000..3709a9785 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/BlueprintProcessorApplication.kt @@ -0,0 +1,41 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import org.springframework.boot.SpringApplication +import org.springframework.boot.autoconfigure.EnableAutoConfiguration +import org.springframework.boot.autoconfigure.SpringBootApplication +import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration +import org.springframework.context.annotation.ComponentScan + +/** + * BlueprintProcessorApplication + * + * @author Brinda Santh + */ +@SpringBootApplication +@EnableAutoConfiguration(exclude = [DataSourceAutoConfiguration::class]) +@ComponentScan(basePackages = ["org.onap.ccsdk.cds.blueprintsprocessor", "org.onap.ccsdk.cds.controllerblueprints"]) +open class BlueprintProcessorApplication + +fun main(args: Array) { + // This is required for TemplateController.getStoredResult to accept a content-type value + // as a request parameter, e.g. &format=application%2Fxml is accepted + System.setProperty("org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH", "true") + + SpringApplication.run(BlueprintProcessorApplication::class.java, *args) +} diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt new file mode 100644 index 000000000..a8ee57d9d --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/SwaggerConfig.kt @@ -0,0 +1,60 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import io.swagger.annotations.Api +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import springfox.documentation.builders.PathSelectors +import springfox.documentation.builders.RequestHandlerSelectors +import springfox.documentation.service.ApiInfo +import springfox.documentation.service.Contact +import springfox.documentation.spi.DocumentationType +import springfox.documentation.spring.web.plugins.Docket + +/** + * SwaggerConfig + * + * @author Brinda Santh + */ +@Configuration +//@EnableSwagger2WebFlux +open class SwaggerConfig { + + @Bean + open fun api(): Docket { + return Docket(DocumentationType.SWAGGER_2) + .select() + .apis(RequestHandlerSelectors.withClassAnnotation(Api::class.java)) + .paths(PathSelectors.any()) + .build() + .apiInfo(apiInfo()) + } + + private fun apiInfo(): ApiInfo { + return ApiInfo( + "CDS Blueprints Processor APIs", + "Provide APIs to interact with CBA, their resolved resources and templates, and stored resource configurations.", + "0.7.0", + null, + Contact("CCSDK Team", "www.onap.org", "onap-discuss@lists.onap.org"), + "Apache 2.0", + "http://www.apache.org/licenses/LICENSE-2.0", + emptyList()) + } +} \ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt new file mode 100644 index 000000000..5b12d8df7 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/WebConfig.kt @@ -0,0 +1,69 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.cds.blueprintsprocessor + +import org.onap.ccsdk.cds.blueprintsprocessor.security.AuthenticationManager +import org.onap.ccsdk.cds.blueprintsprocessor.security.SecurityContextRepository +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.http.HttpMethod +import org.springframework.security.config.web.server.ServerHttpSecurity +import org.springframework.security.web.server.SecurityWebFilterChain +import org.springframework.web.reactive.config.CorsRegistry +import org.springframework.web.reactive.config.ResourceHandlerRegistry +import org.springframework.web.reactive.config.WebFluxConfigurer + +/** + * WebConfig + * + * @author Brinda Santh + */ +@Configuration +open class WebConfig(private val authenticationManager: AuthenticationManager, + private val securityContextRepository: SecurityContextRepository) : WebFluxConfigurer { + + override fun addResourceHandlers(registry: ResourceHandlerRegistry) { + + registry.addResourceHandler("/swagger-ui.html**") + .addResourceLocations("classpath:/META-INF/resources/") + + registry.addResourceHandler("/webjars/**") + .addResourceLocations("classpath:/META-INF/resources/webjars/") + } + + override fun addCorsMappings(corsRegistry: CorsRegistry) { + corsRegistry.addMapping("/**") + .allowedOrigins("*") + .allowedMethods("*") + .allowedHeaders("*") + .maxAge(3600) + } + + @Bean + open fun securityWebFilterChain(http: ServerHttpSecurity): SecurityWebFilterChain { + return http.csrf().disable() + .formLogin().disable() + .httpBasic().disable() + .authenticationManager(authenticationManager) + .securityContextRepository(securityContextRepository!!) + .authorizeExchange() + .pathMatchers(HttpMethod.OPTIONS).permitAll() + .anyExchange().authenticated() + .and().build() + } +} diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.kt new file mode 100644 index 000000000..933425bc3 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/AuthenticationManager.kt @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and +* limitations under the License. + */ +package org.onap.ccsdk.cds.blueprintsprocessor.security + +import org.springframework.context.annotation.Configuration +import org.springframework.security.authentication.AuthenticationProvider +import org.springframework.security.authentication.ReactiveAuthenticationManager +import org.springframework.security.core.Authentication +import org.springframework.security.core.AuthenticationException +import reactor.core.publisher.Mono + +@Configuration +open class AuthenticationManager(private val authenticationProvider: AuthenticationProvider) + : ReactiveAuthenticationManager { + + override fun authenticate(authentication: Authentication): Mono { + try { + return Mono.just(authenticationProvider.authenticate(authentication)) + } catch (e: AuthenticationException) { + return Mono.error(e) + } + + } +} \ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.kt new file mode 100644 index 000000000..f821462af --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/BasicAuthServerInterceptor.kt @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.onap.ccsdk.cds.blueprintsprocessor.security + +import io.grpc.* +import org.onap.ccsdk.cds.controllerblueprints.core.logger +import org.springframework.security.authentication.BadCredentialsException +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken +import org.springframework.security.core.AuthenticationException +import org.springframework.security.core.context.SecurityContextHolder +import org.springframework.stereotype.Component +import java.nio.charset.StandardCharsets +import java.util.* + +@Component +class BasicAuthServerInterceptor(private val authenticationManager: AuthenticationManager) + : ServerInterceptor { + + private val log = logger(BasicAuthServerInterceptor::class) + + override fun interceptCall( + call: ServerCall, + headers: Metadata, + next: ServerCallHandler): ServerCall.Listener { + val authHeader = headers.get(Metadata.Key.of("Authorization", Metadata.ASCII_STRING_MARSHALLER)) + + if (authHeader.isNullOrEmpty()) { + throw Status.UNAUTHENTICATED.withDescription("Missing required authentication") + .asRuntimeException() + } + + try { + val tokens = decodeBasicAuth(authHeader) + val username = tokens[0] + + log.info("Basic Authentication Authorization header found for user: {}", username) + + val authRequest = UsernamePasswordAuthenticationToken(username, tokens[1]) + val authResult = authenticationManager!!.authenticate(authRequest).block() + + log.info("Authentication success: {}", authResult) + + SecurityContextHolder.getContext().authentication = authResult + + } catch (e: AuthenticationException) { + SecurityContextHolder.clearContext() + + log.info("Authentication request failed: {}", e.message) + + throw Status.UNAUTHENTICATED.withDescription(e.message).withCause(e).asRuntimeException() + } + + return next.startCall(call, headers) + } + + private fun decodeBasicAuth(authHeader: String): Array { + val basicAuth: String + try { + basicAuth = String(Base64.getDecoder().decode(authHeader.substring(6).toByteArray(StandardCharsets.UTF_8)), + StandardCharsets.UTF_8) + } catch (e: IllegalArgumentException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } catch (e: IndexOutOfBoundsException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + val delim = basicAuth.indexOf(':') + if (delim == -1) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + return arrayOf(basicAuth.substring(0, delim), basicAuth.substring(delim + 1)) + } +} \ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.kt new file mode 100644 index 000000000..70b0df2d1 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityConfiguration.kt @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.onap.ccsdk.cds.blueprintsprocessor.security + +import org.springframework.beans.factory.annotation.Value +import org.springframework.context.annotation.Bean +import org.springframework.context.annotation.Configuration +import org.springframework.security.authentication.AuthenticationProvider +import org.springframework.security.authentication.dao.DaoAuthenticationProvider +import org.springframework.security.core.authority.SimpleGrantedAuthority +import org.springframework.security.core.userdetails.User +import org.springframework.security.core.userdetails.UserDetailsService +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder +import org.springframework.security.crypto.password.PasswordEncoder +import org.springframework.security.provisioning.InMemoryUserDetailsManager + +@Configuration +open class SecurityConfiguration { + + @Value("\${security.user.name}") + lateinit var username: String + + @Value("\${security.user.password}") + lateinit var password: String + + @Bean + open fun inMemoryUserService(): UserDetailsService { + val user = User(username, password, + listOf(SimpleGrantedAuthority("USER"))) + return InMemoryUserDetailsManager(user) + } + + @Bean + open fun passwordEncoder(): PasswordEncoder { + return BCryptPasswordEncoder() + } + + @Bean + open fun inMemoryAuthenticationProvider(): AuthenticationProvider { + val provider = DaoAuthenticationProvider() + provider.setUserDetailsService(inMemoryUserService()) + return provider + } +} \ No newline at end of file diff --git a/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.kt b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.kt new file mode 100644 index 000000000..f1c362f57 --- /dev/null +++ b/ms/blueprintsprocessor/application/src/main/kotlin/org/onap/ccsdk/cds/blueprintsprocessor/security/SecurityContextRepository.kt @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2019 Bell Canada. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.onap.ccsdk.cds.blueprintsprocessor.security + +import org.springframework.http.HttpHeaders +import org.springframework.security.authentication.BadCredentialsException +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken +import org.springframework.security.core.context.SecurityContext +import org.springframework.security.core.context.SecurityContextImpl +import org.springframework.security.web.server.context.ServerSecurityContextRepository +import org.springframework.stereotype.Component +import org.springframework.web.server.ServerWebExchange +import reactor.core.publisher.Mono +import java.nio.charset.StandardCharsets +import java.util.* + +@Component +class SecurityContextRepository(private val authenticationManager: AuthenticationManager) + : ServerSecurityContextRepository { + + override fun save(swe: ServerWebExchange, sc: SecurityContext): Mono { + throw UnsupportedOperationException("Not supported.") + } + + override fun load(swe: ServerWebExchange): Mono { + val request = swe.request + val authHeader = request.headers.getFirst(HttpHeaders.AUTHORIZATION) + if (authHeader != null && authHeader.startsWith("Basic")) { + val tokens = decodeBasicAuth(authHeader) + val username = tokens[0] + val password = tokens[1] + val auth = UsernamePasswordAuthenticationToken(username, password) + return this.authenticationManager!!.authenticate(auth) + .map { SecurityContextImpl(it) } + } else { + return Mono.empty() + } + } + + private fun decodeBasicAuth(authHeader: String): Array { + val basicAuth: String + try { + basicAuth = String(Base64.getDecoder().decode(authHeader.substring(6).toByteArray(StandardCharsets.UTF_8)), + StandardCharsets.UTF_8) + } catch (e: IllegalArgumentException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } catch (e: IndexOutOfBoundsException) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + val delim = basicAuth.indexOf(':') + if (delim == -1) { + throw BadCredentialsException("Failed to decode basic authentication token") + } + + return arrayOf(basicAuth.substring(0, delim), basicAuth.substring(delim + 1)) + } +} \ No newline at end of file -- cgit 1.2.3-korg