aboutsummaryrefslogtreecommitdiffstats
path: root/sdnr/wt/oauth-provider/provider-jar/src/main/java/org
diff options
context:
space:
mode:
authorRavi Pendurty <ravi.pendurty@highstreet-technologies.com>2021-08-03 15:13:28 +0530
committerKAPIL SINGAL <ks220y@att.com>2021-08-06 12:44:28 +0000
commitea50c8f5ac2e2cfa30512acd4ab1e72c2a36b278 (patch)
tree757a476b9f91449b708fa71ef15287bd2c21377b /sdnr/wt/oauth-provider/provider-jar/src/main/java/org
parent3ba5eb125ac8890968e4437b098e39195d699434 (diff)
Support for external identity providers
oauth-provider now supports keycloak and gitlab as identity providers Issue-ID: CCSDK-3411 Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com> Change-Id: I78d678136e26f402b25723f4e10d76b646d76589 Signed-off-by: Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
Diffstat (limited to 'sdnr/wt/oauth-provider/provider-jar/src/main/java/org')
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java15
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java78
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java26
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java2
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java10
5 files changed, 100 insertions, 31 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
index a71f4c7dc..a6dff6769 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
@@ -57,9 +57,8 @@ public class Config {
@Override
public String toString() {
- return "Config [providers=" + providers + ", redirectUri=" + redirectUri
- + ", supportOdlUsers=" + supportOdlUsers + ", tokenSecret=" + tokenSecret + ", tokenIssuer="
- + tokenIssuer + "]";
+ return "Config [providers=" + providers + ", redirectUri=" + redirectUri + ", supportOdlUsers="
+ + supportOdlUsers + ", tokenSecret=" + tokenSecret + ", tokenIssuer=" + tokenIssuer + "]";
}
@@ -130,6 +129,11 @@ public class Config {
if (isEnvExpression(supportOdlUsers)) {
this.supportOdlUsers = getProperty(supportOdlUsers, null);
}
+ if (this.providers != null && !this.providers.isEmpty()) {
+ for(OAuthProviderConfig cfg : this.providers) {
+ cfg.handleEnvironmentVars();
+ }
+ }
}
@JsonIgnore
@@ -154,9 +158,11 @@ public class Config {
static boolean isEnvExpression(String key) {
return key != null && key.contains(ENVVARIABLE);
}
+
public static String generateSecret() {
return generateSecret(30);
}
+
public static String generateSecret(int targetStringLength) {
int leftLimit = 48; // numeral '0'
int rightLimit = 122; // letter 'z'
@@ -234,8 +240,9 @@ public class Config {
public static Config getInstance() throws IOException {
return getInstance(DEFAULT_CONFIGFILENAME);
}
+
public static Config getInstance(String filename) throws IOException {
- if(_instance==null) {
+ if (_instance == null) {
_instance = load(filename);
}
return _instance;
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
index 3f1673c93..11e13e226 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
@@ -29,33 +29,40 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFact
public class OAuthProviderConfig {
private String url;
+ private String internalUrl;
private String clientId;
private String secret;
private String id;
private String title;
private String scope;
+ private String realmName;
+ private boolean trustAll;
private OAuthProvider type;
- private Map<String,String> roleMapping;
+ private Map<String, String> roleMapping;
public OAuthProvider getType() {
return type;
}
- public OAuthProviderConfig(String id, String url, String clientId, String secret, String scope,
- String title) {
+ public OAuthProviderConfig(String id, String url, String internalUrl, String clientId, String secret, String scope,
+ String title, String realmName, boolean trustAll) {
this.id = id;
this.url = url;
+ this.internalUrl = internalUrl;
this.clientId = clientId;
this.secret = secret;
this.scope = scope;
this.title = title;
+ this.realmName = realmName;
+ this.trustAll = trustAll;
this.roleMapping = new HashMap<>();
}
@Override
public String toString() {
- return "OAuthProviderConfig [host=" + url + ", clientId=" + clientId + ", secret=" + secret + ", id=" + id
- + ", title=" + title + ", scope=" + scope + ", type=" + type + "]";
+ return "OAuthProviderConfig [url=" + url + ", clientId=" + clientId + ", secret=" + secret + ", id=" + id
+ + ", title=" + title + ", scope=" + scope + ", realmName=" + realmName + ", trustAll=" + trustAll
+ + ", type=" + type + ", roleMapping=" + roleMapping + "]";
}
public void setType(OAuthProvider type) {
@@ -63,7 +70,7 @@ public class OAuthProviderConfig {
}
public OAuthProviderConfig() {
- this(null, null, null, null, null, null);
+ this(null, null, null, null, null, null, null, null, false);
}
public void setUrl(String url) {
@@ -114,6 +121,22 @@ public class OAuthProviderConfig {
return this.scope;
}
+ public String getRealmName() {
+ return realmName;
+ }
+
+ public void setRealmName(String realmName) {
+ this.realmName = realmName;
+ }
+
+ public boolean trustAll() {
+ return trustAll;
+ }
+
+ public void setTrustAll(boolean trustAll) {
+ this.trustAll = trustAll;
+ }
+
public Map<String, String> getRoleMapping() {
return roleMapping;
}
@@ -122,26 +145,45 @@ public class OAuthProviderConfig {
this.roleMapping = roleMapping;
}
+ public String getInternalUrl() {
+ return internalUrl;
+ }
+
+ public void setInternalUrl(String internalUrl) {
+ this.internalUrl = internalUrl;
+ }
+
@JsonIgnore
public void handleEnvironmentVars() {
- if (Config.isEnvExpression(id)) {
- this.id = Config.getProperty(id, null);
+ if (Config.isEnvExpression(this.id)) {
+ this.id = Config.getProperty(this.id, null);
+ }
+ if (Config.isEnvExpression(this.url)) {
+ this.url = Config.getProperty(this.url, null);
}
- if (Config.isEnvExpression(url)) {
- this.url = Config.getProperty(url, null);
+ if (Config.isEnvExpression(this.internalUrl)) {
+ this.internalUrl = Config.getProperty(this.internalUrl, null);
}
- if (Config.isEnvExpression(clientId)) {
- this.clientId = Config.getProperty(clientId, null);
+ if (Config.isEnvExpression(this.clientId)) {
+ this.clientId = Config.getProperty(this.clientId, null);
}
- if (Config.isEnvExpression(secret)) {
- this.secret = Config.getProperty(secret, null);
+ if (Config.isEnvExpression(this.secret)) {
+ this.secret = Config.getProperty(this.secret, null);
}
- if (Config.isEnvExpression(scope)) {
- this.scope = Config.getProperty(scope, null);
+ if (Config.isEnvExpression(this.scope)) {
+ this.scope = Config.getProperty(this.scope, null);
}
- if (Config.isEnvExpression(title)) {
- this.title = Config.getProperty(title, null);
+ if (Config.isEnvExpression(this.title)) {
+ this.title = Config.getProperty(this.title, null);
}
+ if (Config.isEnvExpression(this.realmName)) {
+ this.realmName = Config.getProperty(this.realmName, null);
+ }
+ }
+
+ @JsonIgnore
+ public String getUrlOrInternal() {
+ return this.internalUrl != null && this.internalUrl.length() > 0 ? this.internalUrl : this.url;
}
}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
index cd4239081..9a9f4fc04 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
@@ -37,7 +37,11 @@ import javax.servlet.ServletOutputStream;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.shiro.SecurityUtils;
+import org.apache.shiro.ShiroException;
import org.apache.shiro.codec.Base64;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.subject.Subject;
import org.jolokia.osgi.security.Authenticator;
import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
@@ -66,7 +70,7 @@ public class AuthHttpServlet extends HttpServlet {
private static final long serialVersionUID = 1L;
private static final String BASEURI = "/oauth";
private static final String LOGINURI = BASEURI + "/login";
- //private static final String LOGOUTURI = BASEURI + "/logout";
+ private static final String LOGOUTURI = BASEURI + "/logout";
private static final String PROVIDERSURI = BASEURI + "/providers";
public static final String REDIRECTURI = BASEURI + "/redirect";
private static final String REDIRECTURI_FORMAT = REDIRECTURI + "/%s";
@@ -137,6 +141,8 @@ public class AuthHttpServlet extends HttpServlet {
this.sendResponse(resp, HttpServletResponse.SC_OK, getConfigs(this.providerStore.values()));
} else if (req.getRequestURI().startsWith(LOGINURI)) {
this.handleLoginRedirect(req, resp);
+ } else if (req.getRequestURI().equals(LOGOUTURI)) {
+ this.handleLogout(req, resp);
} else if (POLICIESURI.equals(req.getRequestURI())) {
this.sendResponse(resp, HttpServletResponse.SC_OK, this.getPoliciesForUser(req));
} else if (req.getRequestURI().startsWith(REDIRECTURI)) {
@@ -146,7 +152,10 @@ public class AuthHttpServlet extends HttpServlet {
}
}
-
+ private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+ this.logout();
+ this.sendResponse(resp, HttpServletResponse.SC_OK,"");
+ }
private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException {
final String uri = req.getRequestURI();
final Matcher matcher = LOGIN_REDIRECT_PATTERN.matcher(uri);
@@ -458,5 +467,16 @@ public class AuthHttpServlet extends HttpServlet {
os.write(output);
}
-
+ private void logout() {
+ final Subject subject = SecurityUtils.getSubject();
+ try {
+ subject.logout();
+ Session session = subject.getSession(false);
+ if (session != null) {
+ session.stop();
+ }
+ } catch (ShiroException e) {
+ LOG.debug("Couldn't log out {}", subject, e);
+ }
+ }
}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
index 3cb79757c..56a62f5c1 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
@@ -84,7 +84,7 @@ public abstract class AuthService {
this.redirectUri = redirectUri;
this.mapper = new ObjectMapper();
this.mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
- this.httpClient = new MappingBaseHttpClient(this.config.getUrl());
+ this.httpClient = new MappingBaseHttpClient(this.config.getUrlOrInternal(), this.config.trustAll());
}
public PublicOAuthProviderConfig getConfig() {
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
index 86383c983..c226a14dc 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
@@ -44,20 +44,20 @@ public class KeycloakProviderService extends AuthService {
@Override
protected String getTokenVerifierUri() {
- return "/auth/realms/onap/protocol/openid-connect/token";
+ return String.format("/auth/realms/%s/protocol/openid-connect/token", urlEncode(this.config.getRealmName()));
}
@Override
protected String getLoginUrl(String callbackUrl) {
return String.format(
- "%s/auth/realms/onap/protocol/openid-connect/auth?client_id=%s&response_type=code&scope=%s&redirect_uri=%s",
- this.config.getUrl(), urlEncode(this.config.getClientId()), this.config.getScope(),
- urlEncode(callbackUrl));
+ "%s/auth/realms/%s/protocol/openid-connect/auth?client_id=%s&response_type=code&scope=%s&redirect_uri=%s",
+ this.config.getUrl(), urlEncode(this.config.getRealmName()), urlEncode(this.config.getClientId()),
+ this.config.getScope(), urlEncode(callbackUrl));
}
@Override
protected List<String> mapRoles(List<String> data) {
- final Map<String,String> map = this.config.getRoleMapping();
+ final Map<String, String> map = this.config.getRoleMapping();
List<String> filteredRoles =
data.stream().filter(role -> !role.equals("uma_authorization") && !role.equals("offline_access"))
.map(r -> map.getOrDefault(r, r)).collect(Collectors.toList());