diff options
8 files changed, 130 insertions, 35 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/provider-jar/pom.xml index 24489d4a1..6c8f72e42 100644 --- a/sdnr/wt/oauth-provider/provider-jar/pom.xml +++ b/sdnr/wt/oauth-provider/provider-jar/pom.xml @@ -22,6 +22,7 @@ ~ ============LICENSE_END======================================================= ~ --> + <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> @@ -133,8 +134,8 @@ <scope>provided</scope> </dependency> <dependency> - <groupId>javax.servlet</groupId> - <artifactId>javax.servlet-api</artifactId> + <groupId>jakarta.servlet</groupId> + <artifactId>jakarta.servlet-api</artifactId> <scope>provided</scope> </dependency> <dependency> @@ -178,5 +179,11 @@ <artifactId>org.osgi.core</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.osgi</groupId> + <artifactId>osgi.cmpn</artifactId> + <version>7.0.0</version> + <scope>compile</scope> + </dependency> </dependencies> </project> diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java new file mode 100644 index 000000000..38947a124 --- /dev/null +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java @@ -0,0 +1,66 @@ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider; + +import org.jolokia.osgi.security.Authenticator; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet; +import org.opendaylight.aaa.api.IdMService; +import org.opendaylight.mdsal.binding.api.DataBroker; +import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration; +import org.osgi.service.http.HttpService; +import org.osgi.service.http.NamespaceException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import javax.servlet.ServletException; +import java.io.IOException; + +public class Helper { + + private static final Logger LOG = LoggerFactory.getLogger(Helper.class); + private AuthHttpServlet authServlet; + + public Helper() throws UnableToConfigureOAuthService, IOException, InvalidConfigurationException { + this.authServlet = new AuthHttpServlet(); + + } + + public void onUnbindService(HttpService httpService) { + httpService.unregister(AuthHttpServlet.BASEURI); + this.authServlet = null; + } + + public void onBindService(HttpService httpService) + throws ServletException, NamespaceException { + if (httpService == null) { + LOG.warn("Unable to inject HttpService into loader."); + } else { + httpService.registerServlet(AuthHttpServlet.BASEURI, authServlet, null, null); + LOG.info("auth servlet registered."); + } + } + + public void setOdlAuthenticator(Authenticator odlAuthenticator) { + authServlet.setOdlAuthenticator(odlAuthenticator); + } + + public void setOdlIdentityService(IdMService odlIdentityService) { + this.authServlet.setOdlIdentityService(odlIdentityService); + } + + public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) { + this.authServlet.setShiroConfiguration(shiroConfiguration); + } + + public void setDataBroker(DataBroker dataBroker) { + this.authServlet.setDataBroker(dataBroker); + } + + public void init() { + + } + + public void close() { + + } +} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java index 6798026f3..1caec63e0 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java @@ -242,14 +242,14 @@ public class Config { boolean found = false; if (isEnvExpression(key)) { - LOG.info("try to find env var(s) for {}", key); + LOG.debug("try to find env var(s) for {}", key); final Matcher matcher = pattern.matcher(key); String tmp = new String(key); while (matcher.find() && matcher.groupCount() > 0) { final String mkey = matcher.group(1); if (mkey != null) { try { - LOG.info("match found for v={} and env key={}", key, mkey); + LOG.debug("match found for v={} and env key={}", key, mkey); String envvar = mkey.substring(2, mkey.length() - 1); String env = System.getenv(envvar); tmp = tmp.replace(mkey, env == null ? "" : env); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java index 7953f31e6..b84543ac0 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java @@ -39,19 +39,26 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.shiro.SecurityUtils; import org.apache.shiro.ShiroException; +import org.apache.shiro.authc.BearerToken; import org.apache.shiro.codec.Base64; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.jolokia.osgi.security.Authenticator; import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFactory; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; import org.opendaylight.aaa.api.IdMService; -import org.apache.shiro.authc.BearerToken; import org.opendaylight.mdsal.binding.api.DataBroker; import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration; import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main; @@ -63,7 +70,7 @@ public class AuthHttpServlet extends HttpServlet { private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName()); private static final long serialVersionUID = 1L; - private static final String BASEURI = "/oauth"; + public static final String BASEURI = "/oauth"; private static final String LOGINURI = BASEURI + "/login"; private static final String LOGOUTURI = BASEURI + "/logout"; private static final String PROVIDERSURI = BASEURI + "/providers"; @@ -107,7 +114,6 @@ public class AuthHttpServlet extends HttpServlet { this.providerStore.put(pc.getId(), OAuthProviderFactory.create(pc.getType(), pc, this.config.getRedirectUri(), TokenCreator.getInstance(this.config))); } - } public void setOdlAuthenticator(Authenticator odlAuthenticator2) { @@ -148,20 +154,27 @@ public class AuthHttpServlet extends HttpServlet { private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException { final String bearerToken = this.tokenCreator.getBearerToken(req, true); + String redirectUrl = req.getParameter(LOGOUT_REDIRECT_URL_PARAMETER); + if (redirectUrl == null) { + redirectUrl = this.config.getPublicUrl(); + } + // if nothing configured and nothing from request + if(redirectUrl == null || redirectUrl.isBlank()){ + redirectUrl="/"; + } UserTokenPayload userInfo = this.tokenCreator.decode(bearerToken); - if (bearerToken != null && userInfo!=null && !userInfo.isInternal()) { + if (bearerToken != null && userInfo != null && !userInfo.isInternal()) { AuthService provider = this.providerStore.getOrDefault(userInfo.getProviderId(), null); + if (provider != null) { - String redirectUrl = req.getParameter(LOGOUT_REDIRECT_URL_PARAMETER); - if (redirectUrl == null) { - redirectUrl = this.config.getPublicUrl(); - } provider.sendLogoutRedirectResponse(bearerToken, resp, redirectUrl); + this.logout(); return; } } this.logout(); - this.sendResponse(resp, HttpServletResponse.SC_OK); + resp.sendRedirect(redirectUrl); + } private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException { @@ -386,7 +399,7 @@ public class AuthHttpServlet extends HttpServlet { hostUrl = matcher.group(1); } } - LOG.info("host={}", hostUrl); + LOG.debug("host={}", hostUrl); return hostUrl; } @@ -424,7 +437,7 @@ public class AuthHttpServlet extends HttpServlet { protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { LOG.debug("POST request for {}", req.getRequestURI()); - if (this.config.loginActive() && this.config.doSupportOdlUsers() && LOGINURI.equals(req.getRequestURI())) { + if (this.config.loginActive() && this.config.doSupportOdlUsers() && LOGINURI.equals(req.getRequestURI())) { final String username = req.getParameter("username"); final String domain = req.getParameter("domain"); BearerToken token = @@ -466,6 +479,7 @@ public class AuthHttpServlet extends HttpServlet { private void sendResponse(HttpServletResponse resp, int code) throws IOException { this.sendResponse(resp, code, null); } + private void sendResponse(HttpServletResponse resp, int code, Object data) throws IOException { byte[] output = data != null ? mapper.writeValueAsString(data).getBytes() : new byte[0]; // output diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java index d271948c2..fc6869751 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java @@ -102,7 +102,7 @@ public class GitlabProviderService extends AuthService { @Override protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) { - LOG.info("reqesting user roles with token={}", access_token); + LOG.debug("reqesting user roles with token={}", access_token); Map<String, String> authHeaders = new HashMap<>(); authHeaders.put("Authorization", String.format("Bearer %s", access_token)); Optional<MappedBaseHttpResponse<GitlabUserInfo>> userInfo = diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java index d8720e823..436d47827 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java @@ -157,16 +157,18 @@ public class TokenCreator { public String getBearerToken(HttpServletRequest req, boolean checkCookie) { final String authHeader = req.getHeader("Authorization"); if ((authHeader == null || !authHeader.startsWith("Bearer")) && checkCookie) { - Cookie[] cookies = req.getCookies(); - Optional<Cookie> ocookie = Optional.empty(); - if (cookies != null) { - ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName())) - .findFirst(); + if(req!=null) { + Cookie[] cookies = req.getCookies(); + Optional<Cookie> ocookie = Optional.empty(); + if (cookies != null) { + ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName())) + .findFirst(); + } + if (ocookie.isEmpty()) { + return null; + } + return ocookie.get().getValue(); } - if (ocookie.isEmpty()) { - return null; - } - return ocookie.get().getValue(); } return authHeader.substring(7); } diff --git a/sdnr/wt/oauth-provider/provider-osgi/pom.xml b/sdnr/wt/oauth-provider/provider-osgi/pom.xml index 98bc2acab..8768e9206 100644 --- a/sdnr/wt/oauth-provider/provider-osgi/pom.xml +++ b/sdnr/wt/oauth-provider/provider-osgi/pom.xml @@ -22,6 +22,7 @@ ~ ============LICENSE_END======================================================= ~ --> + <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> @@ -131,6 +132,7 @@ org.opendaylight.yangtools.concepts, org.opendaylight.yangtools.yang.binding, org.opendaylight.yangtools.yang.common, + org.osgi.service.http, com.fasterxml.jackson.databind, com.fasterxml.jackson.databind.deser.std, com.fasterxml.jackson.databind.ser.std, diff --git a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml b/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml index ae11de631..a8258dc8b 100644 --- a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml +++ b/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml @@ -31,23 +31,27 @@ <reference id="odlIdentityService" interface="org.opendaylight.aaa.api.IdMService" /> <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker" /> - + + <bean id="provider" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.Helper" init-method="init" destroy-method="close"> + <property ref="odlAuthenticator" name="odlAuthenticator" /> + <property ref="odlIdentityService" name="odlIdentityService" /> + <property ref="shiroConfiguration" name="shiroConfiguration" /> + <property ref="dataBroker" name="dataBroker" /> + </bean> + + <reference id="onBindService" availability="mandatory" activation="eager" interface="org.osgi.service.http.HttpService"> + <reference-listener ref="provider" bind-method="onBindService" unbind-method="onUnbindService"/> + </reference> + <odl:clustered-app-config binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration" id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" /> - <bean id="authServlet" - class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet"> + <bean id="authServlet" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet"> <property ref="odlAuthenticator" name="odlAuthenticator" /> <property ref="odlIdentityService" name="odlIdentityService" /> <property ref="shiroConfiguration" name="shiroConfiguration" /> <property ref="dataBroker" name="dataBroker" /> </bean> - <service interface="javax.servlet.http.HttpServlet" ref="authServlet"> - <service-properties> - <entry key="alias" value="/oauth"/> - </service-properties> - </service> - </blueprint> |