From d199074861e6b53ed7a82df4ff797968a4226cc4 Mon Sep 17 00:00:00 2001 From: "Muthuramalingam, Brinda Santh(bs2796)" Date: Fri, 21 Sep 2018 04:15:10 +0000 Subject: Controller Blueprints Microservice Add basic authentication for Controllerblueprint MS. Change-Id: I145e26d6feba873e8d3ed82e4169cbaa425a277e Issue-ID: CCSDK-590 Signed-off-by: Muthuramalingam, Brinda Santh(bs2796) --- .../ApplicationExceptionHandler.java | 14 +++++ .../filters/ApplicationLoggingFilter.java | 3 + .../ApplicationBasicAuthenticationEntryPoint.java | 43 +++++++++++++ .../ApplicationSecurityConfigurerAdapter.java | 72 ++++++++++++++++++++++ 4 files changed, 132 insertions(+) create mode 100644 ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java create mode 100644 ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java (limited to 'ms/controllerblueprints/application/src/main') diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java index 6e9dcd7f9..78706d570 100644 --- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java @@ -23,13 +23,19 @@ import org.onap.ccsdk.apps.controllerblueprints.service.common.ErrorMessage; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.http.converter.HttpMessageNotReadableException; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.web.csrf.InvalidCsrfTokenException; import org.springframework.web.HttpRequestMethodNotSupportedException; import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.context.request.WebRequest; +import javax.naming.AuthenticationException; +import java.nio.file.AccessDeniedException; + @ControllerAdvice @RestController @SuppressWarnings("unused") @@ -43,6 +49,14 @@ public class ApplicationExceptionHandler { return new ResponseEntity<>(exceptionResponse, HttpStatus.INTERNAL_SERVER_ERROR); } + @ExceptionHandler({InvalidCsrfTokenException.class, AuthenticationException.class, BadCredentialsException.class, AccessDeniedException.class}) + @ResponseStatus(value = HttpStatus.UNAUTHORIZED) + public final ResponseEntity handleAuthenticationRequest(Exception ex, WebRequest request) { + log.error("Authentication Exception", ex); + ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), HttpStatus.UNAUTHORIZED.value(), ex.getLocalizedMessage()); + return new ResponseEntity<>(exceptionResponse, HttpStatus.UNAUTHORIZED); + } + @ExceptionHandler({HttpMessageNotReadableException.class, MethodArgumentNotValidException.class, HttpRequestMethodNotSupportedException.class}) public final ResponseEntity handleBadRequest(Exception ex, WebRequest request) { diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java index fbef55fb9..44761177b 100644 --- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java @@ -25,6 +25,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Value; +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import javax.servlet.*; @@ -40,6 +42,7 @@ import java.io.IOException; */ @Component @WebFilter(asyncSupported = true, urlPatterns = {"/*"}) +@Order(Ordered.HIGHEST_PRECEDENCE) @SuppressWarnings("unused") public class ApplicationLoggingFilter implements Filter { private static Logger log = LoggerFactory.getLogger(ApplicationLoggingFilter.class); diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java new file mode 100644 index 000000000..e3df3a621 --- /dev/null +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java @@ -0,0 +1,43 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.apps.controllerblueprints.security; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; +import org.springframework.stereotype.Component; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@Component +public class ApplicationBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint { + + @Override + public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) + throws IOException { + response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\""); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"); + } + + @Override + public void afterPropertiesSet() throws Exception { + setRealmName("CCSDK-APPS"); + super.afterPropertiesSet(); + } + +} \ No newline at end of file diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java new file mode 100644 index 000000000..3a39d7821 --- /dev/null +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java @@ -0,0 +1,72 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.apps.controllerblueprints.security; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +@SuppressWarnings("unused") +@Configuration +@EnableWebSecurity +public class ApplicationSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { + + @Value("${basic-auth.user-name}") + private String userName; + + @Value("${basic-auth.hashed-pwd}") + private String userHashedPassword; + + private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class); + + @Autowired + private ApplicationBasicAuthenticationEntryPoint authenticationEntryPoint; + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + log.info("User Id {} and hashed pwd : {}", userName, userHashedPassword); + auth.inMemoryAuthentication() + .withUser(userName).password(userHashedPassword) + .authorities("ROLE_USER"); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/actuator/health").permitAll() + .antMatchers("/**").authenticated() + .and() + .httpBasic() + .authenticationEntryPoint(authenticationEntryPoint); + + http.csrf().disable(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } +} \ No newline at end of file -- cgit 1.2.3-korg