From d199074861e6b53ed7a82df4ff797968a4226cc4 Mon Sep 17 00:00:00 2001 From: "Muthuramalingam, Brinda Santh(bs2796)" Date: Fri, 21 Sep 2018 04:15:10 +0000 Subject: Controller Blueprints Microservice Add basic authentication for Controllerblueprint MS. Change-Id: I145e26d6feba873e8d3ed82e4169cbaa425a277e Issue-ID: CCSDK-590 Signed-off-by: Muthuramalingam, Brinda Santh(bs2796) --- .../application/etc/logback.xml | 1 + .../opt/app/onap/config/application.properties | 4 ++ ms/controllerblueprints/application/pom.xml | 9 +++ .../ApplicationExceptionHandler.java | 14 +++++ .../filters/ApplicationLoggingFilter.java | 3 + .../ApplicationBasicAuthenticationEntryPoint.java | 43 +++++++++++++ .../ApplicationSecurityConfigurerAdapter.java | 72 ++++++++++++++++++++++ .../ControllerBluprintsApplicationTest.java | 30 ++------- .../controllerblueprints/VersionSplitTest.java | 15 ++++- .../src/test/resources/application.properties | 4 ++ 10 files changed, 170 insertions(+), 25 deletions(-) create mode 100644 ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java create mode 100644 ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java (limited to 'ms/controllerblueprints/application') diff --git a/ms/controllerblueprints/application/etc/logback.xml b/ms/controllerblueprints/application/etc/logback.xml index 0a75e60f5..6639705e2 100644 --- a/ms/controllerblueprints/application/etc/logback.xml +++ b/ms/controllerblueprints/application/etc/logback.xml @@ -33,6 +33,7 @@ + diff --git a/ms/controllerblueprints/application/opt/app/onap/config/application.properties b/ms/controllerblueprints/application/opt/app/onap/config/application.properties index d28148275..e4457d018 100644 --- a/ms/controllerblueprints/application/opt/app/onap/config/application.properties +++ b/ms/controllerblueprints/application/opt/app/onap/config/application.properties @@ -18,6 +18,10 @@ appName=ControllerBluePrints ms_name=org.onap.ccsdk.apps.controllerblueprints appVersion=1.0.0 +# Basic Authentication +basic-auth.user-name=ccsdkapps +basic-auth.hashed-pwd=$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y + #logging.pattern.console=%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(%5p) %clr($ threadId: {PID:- }){magenta} %clr(---){faint} %clr([ hostname: %X{hostname} serviceName: %X{serviceName} version: %X{version} transactionId: %X{transactionId} requestTimeStamp: %X{requestTimestamp} responseTimeStamp: %X{responseTimestamp} duration: %X{duration}]){yellow} %clr([%15.15t]){faint} %clr(%-40.40logger{39}){cyan} %clr(:){faint} %m%n%wex logging.level.org.springframework.web=INFO diff --git a/ms/controllerblueprints/application/pom.xml b/ms/controllerblueprints/application/pom.xml index 24f4debe0..9834924e0 100644 --- a/ms/controllerblueprints/application/pom.xml +++ b/ms/controllerblueprints/application/pom.xml @@ -53,6 +53,10 @@ org.onap.ccsdk.apps.controllerblueprints service + + org.springframework.boot + spring-boot-starter-security + org.springframework.boot spring-boot-starter-actuator @@ -67,6 +71,11 @@ spring-boot-starter-test test + + org.springframework.security + spring-security-test + test + org.jetbrains.kotlin kotlin-test diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java index 6e9dcd7f9..78706d570 100644 --- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/ApplicationExceptionHandler.java @@ -23,13 +23,19 @@ import org.onap.ccsdk.apps.controllerblueprints.service.common.ErrorMessage; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.http.converter.HttpMessageNotReadableException; +import org.springframework.security.authentication.BadCredentialsException; +import org.springframework.security.web.csrf.InvalidCsrfTokenException; import org.springframework.web.HttpRequestMethodNotSupportedException; import org.springframework.web.bind.MethodArgumentNotValidException; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; +import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.context.request.WebRequest; +import javax.naming.AuthenticationException; +import java.nio.file.AccessDeniedException; + @ControllerAdvice @RestController @SuppressWarnings("unused") @@ -43,6 +49,14 @@ public class ApplicationExceptionHandler { return new ResponseEntity<>(exceptionResponse, HttpStatus.INTERNAL_SERVER_ERROR); } + @ExceptionHandler({InvalidCsrfTokenException.class, AuthenticationException.class, BadCredentialsException.class, AccessDeniedException.class}) + @ResponseStatus(value = HttpStatus.UNAUTHORIZED) + public final ResponseEntity handleAuthenticationRequest(Exception ex, WebRequest request) { + log.error("Authentication Exception", ex); + ErrorMessage exceptionResponse = new ErrorMessage(ex.getMessage(), HttpStatus.UNAUTHORIZED.value(), ex.getLocalizedMessage()); + return new ResponseEntity<>(exceptionResponse, HttpStatus.UNAUTHORIZED); + } + @ExceptionHandler({HttpMessageNotReadableException.class, MethodArgumentNotValidException.class, HttpRequestMethodNotSupportedException.class}) public final ResponseEntity handleBadRequest(Exception ex, WebRequest request) { diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java index fbef55fb9..44761177b 100644 --- a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/filters/ApplicationLoggingFilter.java @@ -25,6 +25,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.slf4j.MDC; import org.springframework.beans.factory.annotation.Value; +import org.springframework.core.Ordered; +import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; import javax.servlet.*; @@ -40,6 +42,7 @@ import java.io.IOException; */ @Component @WebFilter(asyncSupported = true, urlPatterns = {"/*"}) +@Order(Ordered.HIGHEST_PRECEDENCE) @SuppressWarnings("unused") public class ApplicationLoggingFilter implements Filter { private static Logger log = LoggerFactory.getLogger(ApplicationLoggingFilter.class); diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java new file mode 100644 index 000000000..e3df3a621 --- /dev/null +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationBasicAuthenticationEntryPoint.java @@ -0,0 +1,43 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.apps.controllerblueprints.security; + +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint; +import org.springframework.stereotype.Component; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; + +@Component +public class ApplicationBasicAuthenticationEntryPoint extends BasicAuthenticationEntryPoint { + + @Override + public void commence(final HttpServletRequest request, final HttpServletResponse response, final AuthenticationException authException) + throws IOException { + response.addHeader("WWW-Authenticate", "Basic realm=\"" + getRealmName() + "\""); + response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + response.sendError(HttpServletResponse.SC_UNAUTHORIZED, "Unauthorized"); + } + + @Override + public void afterPropertiesSet() throws Exception { + setRealmName("CCSDK-APPS"); + super.afterPropertiesSet(); + } + +} \ No newline at end of file diff --git a/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java new file mode 100644 index 000000000..3a39d7821 --- /dev/null +++ b/ms/controllerblueprints/application/src/main/java/org/onap/ccsdk/apps/controllerblueprints/security/ApplicationSecurityConfigurerAdapter.java @@ -0,0 +1,72 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.ccsdk.apps.controllerblueprints.security; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; + +@SuppressWarnings("unused") +@Configuration +@EnableWebSecurity +public class ApplicationSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { + + @Value("${basic-auth.user-name}") + private String userName; + + @Value("${basic-auth.hashed-pwd}") + private String userHashedPassword; + + private static EELFLogger log = EELFManager.getInstance().getLogger(ApplicationSecurityConfigurerAdapter.class); + + @Autowired + private ApplicationBasicAuthenticationEntryPoint authenticationEntryPoint; + + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { + log.info("User Id {} and hashed pwd : {}", userName, userHashedPassword); + auth.inMemoryAuthentication() + .withUser(userName).password(userHashedPassword) + .authorities("ROLE_USER"); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests() + .antMatchers("/actuator/health").permitAll() + .antMatchers("/**").authenticated() + .and() + .httpBasic() + .authenticationEntryPoint(authenticationEntryPoint); + + http.csrf().disable(); + } + + @Bean + public PasswordEncoder passwordEncoder() { + return new BCryptPasswordEncoder(); + } +} \ No newline at end of file diff --git a/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/ControllerBluprintsApplicationTest.java b/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/ControllerBluprintsApplicationTest.java index 61b5c50ff..7a5f952d2 100644 --- a/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/ControllerBluprintsApplicationTest.java +++ b/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/ControllerBluprintsApplicationTest.java @@ -1,6 +1,6 @@ /* * Copyright © 2017-2018 AT&T Intellectual Property. - * Modifications Copyright © 2018 IBM. + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -16,8 +16,6 @@ package org.onap.ccsdk.apps.controllerblueprints; -import static org.assertj.core.api.Assertions.assertThat; - import org.junit.Assert; import org.junit.Before; import org.junit.Test; @@ -27,56 +25,40 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; import org.springframework.boot.test.web.client.TestRestTemplate; -import org.springframework.http.HttpEntity; -import org.springframework.http.HttpHeaders; -import org.springframework.http.HttpMethod; -import org.springframework.http.HttpStatus; -import org.springframework.http.MediaType; -import org.springframework.http.ResponseEntity; +import org.springframework.http.*; +import org.springframework.http.client.support.BasicAuthorizationInterceptor; import org.springframework.test.context.junit4.SpringRunner; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; +import static org.assertj.core.api.Assertions.assertThat; @RunWith(SpringRunner.class) @SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) public class ControllerBluprintsApplicationTest { - private static EELFLogger log = EELFManager.getInstance().getLogger(ControllerBluprintsApplicationTest.class); - @Autowired private TestRestTemplate restTemplate; - private HttpHeaders headers; - private ResponseEntity entity; @Before public void setUp(){ - headers = new HttpHeaders(); - headers.set("Accept", MediaType.APPLICATION_JSON_VALUE); - entity = this.restTemplate - .exchange("/api/v1/config-model/1", HttpMethod.GET, new HttpEntity<>(headers),ConfigModel.class); - + BasicAuthorizationInterceptor bai = new BasicAuthorizationInterceptor("ccsdkapps", "ccsdkapps"); + this.restTemplate.getRestTemplate().getInterceptors().add(bai); } @Test public void testConfigModel() { - HttpHeaders headers = new HttpHeaders(); headers.set("Accept", MediaType.APPLICATION_JSON_VALUE); ResponseEntity entity = this.restTemplate .exchange("/api/v1/config-model/1", HttpMethod.GET, new HttpEntity<>(headers),ConfigModel.class); - assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.OK); Assert.assertNotNull("failed to get response Config model",entity.getBody()); } @Test public void testConfigModelFailure() { - HttpHeaders headers = new HttpHeaders(); headers.set("Accept", MediaType.APPLICATION_JSON_VALUE); ResponseEntity entity = this.restTemplate .exchange("/api/v1/config-model-not-found/1", HttpMethod.GET, new HttpEntity<>(headers),ConfigModel.class); - assertThat(entity.getStatusCode()).isEqualTo(HttpStatus.NOT_FOUND); Assert.assertNotNull("failed to get response Config model",entity.getBody()); } diff --git a/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/VersionSplitTest.java b/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/VersionSplitTest.java index 9445e1d36..995644fd0 100644 --- a/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/VersionSplitTest.java +++ b/ms/controllerblueprints/application/src/test/java/org/onap/ccsdk/apps/controllerblueprints/VersionSplitTest.java @@ -16,21 +16,34 @@ package org.onap.ccsdk.apps.controllerblueprints; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; import org.apache.commons.lang3.StringUtils; import org.junit.Assert; import org.junit.Test; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; + /** * VersionSplitTest * * @author Brinda Santh */ public class VersionSplitTest { + private static EELFLogger log = EELFManager.getInstance().getLogger(VersionSplitTest.class); @Test public void testVersionSplit() { String version = "1.03.04"; String[] tokens = StringUtils.split(version, '.'); Assert.assertNotNull("failed to tokenize", tokens); - Assert.assertEquals("failed to three token ", 3, tokens.length ); + Assert.assertEquals("failed to three token ", 3, tokens.length); + } + + @Test + public void encodeTest() { + String name = "ccsdkapps"; + BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); + String encodedValue = bCryptPasswordEncoder.encode(name); + Assert.assertTrue("Failed to match", bCryptPasswordEncoder.matches(name, encodedValue)); } } \ No newline at end of file diff --git a/ms/controllerblueprints/application/src/test/resources/application.properties b/ms/controllerblueprints/application/src/test/resources/application.properties index 5c6acf93d..e812da5c9 100644 --- a/ms/controllerblueprints/application/src/test/resources/application.properties +++ b/ms/controllerblueprints/application/src/test/resources/application.properties @@ -20,6 +20,10 @@ appName=ControllerBluePrints ms_name=org.onap.ccsdk.apps.controllerblueprints appVersion=1.0.0 +# Basic Authentication +basic-auth.user-name=ccsdkapps +basic-auth.hashed-pwd=$2a$10$MJxhNiOAffxbyrV9.rrOUewP9Q/ASg5Nit2cmP.yBaXGsVXo8BW3y + #To Remove Null in JSON API Response spring.jackson.default-property-inclusion=non_null -- cgit 1.2.3-korg