diff options
Diffstat (limited to 'sdnr/wt/oauth-provider')
5 files changed, 48 insertions, 51 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/provider-jar/pom.xml index b73602d36..41d5c96b7 100644 --- a/sdnr/wt/oauth-provider/provider-jar/pom.xml +++ b/sdnr/wt/oauth-provider/provider-jar/pom.xml @@ -64,17 +64,6 @@ <dependency> <groupId>com.auth0</groupId> <artifactId>java-jwt</artifactId> - <version>3.11.0</version> - <exclusions> - <exclusion> - <groupId>com.fasterxml.jackson.core</groupId> - <artifactId>jackson-databind</artifactId> - </exclusion> - <exclusion> - <groupId>commons-codec</groupId> - <artifactId>commons-codec</artifactId> - </exclusion> - </exclusions> </dependency> <dependency> <groupId>com.highstreet-technologies.aaa</groupId> diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java index a6dff6769..3ebc144d3 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java @@ -44,9 +44,9 @@ public class Config { private static final String DEFAULT_TOKENSECRET = generateSecret(); private static final String DEFAULT_REDIRECTURI = "/odlux/index.html#/oauth?token="; private static final String DEFAULT_SUPPORTODLUSERS = "true"; + private static Random random; private static Config _instance; - private List<OAuthProviderConfig> providers; private String redirectUri; private String supportOdlUsers; @@ -166,8 +166,9 @@ public class Config { public static String generateSecret(int targetStringLength) { int leftLimit = 48; // numeral '0' int rightLimit = 122; // letter 'z' - Random random = new Random(); - + if(random==null) { + random = new Random(); + } String generatedString = random.ints(leftLimit, rightLimit + 1) .filter(i -> (i <= 57 || i >= 65) && (i <= 90 || i >= 97)).limit(targetStringLength) .collect(StringBuilder::new, StringBuilder::appendCodePoint, StringBuilder::append).toString(); @@ -197,7 +198,7 @@ public class Config { String envvar = mkey.substring(2, mkey.length() - 1); String env = System.getenv(envvar); tmp = tmp.replace(mkey, env == null ? "" : env); - if (env != null && env != "") { + if (env != null && env.isEmpty()) { found = true; } } catch (SecurityException e) { diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java index 9a9f4fc04..85fe1ced2 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java @@ -75,10 +75,8 @@ public class AuthHttpServlet extends HttpServlet { public static final String REDIRECTURI = BASEURI + "/redirect"; private static final String REDIRECTURI_FORMAT = REDIRECTURI + "/%s"; private static final String POLICIESURI = BASEURI + "/policies"; - //private static final String PROVIDERID_REGEX = "^\\" + BASEURI + "\\/providers\\/([^\\/]+)$"; private static final String REDIRECTID_REGEX = "^\\" + BASEURI + "\\/redirect\\/([^\\/]+)$"; private static final String LOGIN_REDIRECT_REGEX = "^\\" + LOGINURI + "\\/([^\\/]+)$"; - //private static final Pattern PROVIDERID_PATTERN = Pattern.compile(PROVIDERID_REGEX); private static final Pattern REDIRECTID_PATTERN = Pattern.compile(REDIRECTID_REGEX); private static final Pattern LOGIN_REDIRECT_PATTERN = Pattern.compile(LOGIN_REDIRECT_REGEX); @@ -96,13 +94,12 @@ public class AuthHttpServlet extends HttpServlet { private final ObjectMapper mapper; /* state <=> AuthProviderService> */ private final Map<String, AuthService> providerStore; - private Authenticator odlAuthenticator; - private IdMService odlIdentityService; private final TokenCreator tokenCreator; private final Config config; - private ShiroConfiguration shiroConfiguration; - private DataBroker dataBroker; - private MdSalAuthorizationStore mdsalAuthStore; + private static Authenticator odlAuthenticator; + private static IdMService odlIdentityService; + private static ShiroConfiguration shiroConfiguration; + private static MdSalAuthorizationStore mdsalAuthStore; public AuthHttpServlet() throws IOException { this.config = Config.getInstance(); @@ -116,21 +113,20 @@ public class AuthHttpServlet extends HttpServlet { } - public void setOdlAuthenticator(Authenticator odlAuthenticator) { - this.odlAuthenticator = odlAuthenticator; + public void setOdlAuthenticator(Authenticator odlAuthenticator2) { + odlAuthenticator = odlAuthenticator2; } - public void setOdlIdentityService(IdMService odlIdentityService) { - this.odlIdentityService = odlIdentityService; + public void setOdlIdentityService(IdMService odlIdentityService2) { + odlIdentityService = odlIdentityService2; } - public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) { - this.shiroConfiguration = shiroConfiguration; + public void setShiroConfiguration(ShiroConfiguration shiroConfiguration2) { + shiroConfiguration = shiroConfiguration2; } public void setDataBroker(DataBroker dataBroker) { - this.dataBroker = dataBroker; - this.mdsalAuthStore = new MdSalAuthorizationStore(this.dataBroker); + mdsalAuthStore = new MdSalAuthorizationStore(dataBroker); } @Override @@ -152,10 +148,12 @@ public class AuthHttpServlet extends HttpServlet { } } + private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException { this.logout(); - this.sendResponse(resp, HttpServletResponse.SC_OK,""); + this.sendResponse(resp, HttpServletResponse.SC_OK, ""); } + private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException { final String uri = req.getRequestURI(); final Matcher matcher = LOGIN_REDIRECT_PATTERN.matcher(uri); @@ -163,7 +161,6 @@ public class AuthHttpServlet extends HttpServlet { final String id = matcher.group(1); AuthService provider = this.providerStore.getOrDefault(id, null); if (provider != null) { - //provider.setLocalHostUrl(getHost(req)); String redirectUrl = getHost(req) + String.format(REDIRECTURI_FORMAT, id); provider.sendLoginRedirectResponse(resp, redirectUrl); return; @@ -185,7 +182,7 @@ public class AuthHttpServlet extends HttpServlet { * @return */ private List<OdlPolicy> getPoliciesForUser(HttpServletRequest req) { - List<Urls> urlRules = this.shiroConfiguration.getUrls(); + List<Urls> urlRules = shiroConfiguration.getUrls(); UserTokenPayload data = this.getUserInfo(req); List<OdlPolicy> policies = new ArrayList<>(); if (urlRules != null) { @@ -209,7 +206,7 @@ public class AuthHttpServlet extends HttpServlet { } else if (authClass.equals(CLASSNAME_ODLBEARERANDBASICAUTH)) { policy = this.getTokenBasedPolicy(urlRule, matcher, data); } else if (authClass.equals(CLASSNAME_ODLMDSALAUTH)) { - policy = this.getMdSalBasedPolicy(urlRule, matcher, data); + policy = this.getMdSalBasedPolicy(urlRule, data); } if (policy.isPresent()) { policies.add(policy.get()); @@ -236,13 +233,12 @@ public class AuthHttpServlet extends HttpServlet { * extract policy rule for user from MD-SAL not yet supported * * @param urlRule - * @param matcher * @param data * @return */ - private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, Matcher matcher, UserTokenPayload data) { - if (this.mdsalAuthStore != null) { - return data != null ? this.mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles()) + private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, UserTokenPayload data) { + if (mdsalAuthStore != null) { + return data != null ? mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles()) : Optional.of(OdlPolicy.denyAll(urlRule.getPairKey())); } return Optional.empty(); @@ -293,8 +289,9 @@ public class AuthHttpServlet extends HttpServlet { if ("anon".equals(key)) { return null; } + List<Main> list = shiroConfiguration.getMain(); Optional<Main> main = - this.shiroConfiguration.getMain().stream().filter((e) -> e.getPairKey().equals(key)).findFirst(); + list == null ? Optional.empty() : list.stream().filter(e -> e.getPairKey().equals(key)).findFirst(); if (main.isPresent()) { return main.get().getPairValue(); } @@ -314,7 +311,7 @@ public class AuthHttpServlet extends HttpServlet { if (!username.contains("@")) { username = String.format("%s@%s", username, domain); } - List<String> roles = this.odlIdentityService.listRoles(username, domain); + List<String> roles = odlIdentityService.listRoles(username, domain); return UserTokenPayload.create(username, roles); } } @@ -440,8 +437,8 @@ public class AuthHttpServlet extends HttpServlet { } HttpServletRequest req = new HeadersOnlyHttpServletRequest( Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue(username, password))); - if (this.odlAuthenticator.authenticate(req)) { - List<String> roles = this.odlIdentityService.listRoles(username, domain); + if (odlAuthenticator.authenticate(req)) { + List<String> roles = odlIdentityService.listRoles(username, domain); UserTokenPayload data = new UserTokenPayload(); data.setPreferredUsername(username); data.setFamilyName(""); @@ -467,6 +464,7 @@ public class AuthHttpServlet extends HttpServlet { os.write(output); } + private void logout() { final Subject subject = SecurityUtils.getSubject(); try { diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java index b181af040..293fe33f9 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java @@ -27,6 +27,7 @@ import java.util.concurrent.ExecutionException; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy.PolicyMethods; import org.opendaylight.mdsal.binding.api.DataBroker; +import org.opendaylight.mdsal.binding.api.ReadTransaction; import org.opendaylight.mdsal.common.api.LogicalDatastoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.Policies; @@ -49,17 +50,25 @@ public class MdSalAuthorizationStore { public Optional<OdlPolicy> getPolicy(String path, List<String> userRoles) { InstanceIdentifier<Policies> iif = InstanceIdentifier.create(HttpAuthorization.class).child(Policies.class); Optional<Policies> odata = Optional.empty(); - try { - odata = this.dataBroker.newReadOnlyTransaction().read(LogicalDatastoreType.CONFIGURATION, iif).get(); - } catch (InterruptedException | ExecutionException e) { + try (ReadTransaction transaction = this.dataBroker.newReadOnlyTransaction()) { + odata = transaction.read(LogicalDatastoreType.CONFIGURATION, iif).get(); + } catch (ExecutionException e) { LOG.warn("unable to read policies from mdsal: ", e); + } catch (InterruptedException e) { + LOG.warn("Interrupted!", e); + // Restore interrupted state... + Thread.currentThread().interrupt(); } if (odata.isEmpty()) { return Optional.empty(); } - + List<org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies> data = + odata.get().getPolicies(); + if (data == null) { + return Optional.empty(); + } Optional<org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies> entry = - odata.get().getPolicies().stream().filter((e) -> path.equals(e.getResource())).findFirst(); + data.stream().filter(e -> path.equals(e.getResource())).findFirst(); if (entry.isEmpty()) { return Optional.empty(); } @@ -96,7 +105,7 @@ public class MdSalAuthorizationStore { methods.setPatch(true); break; default: - LOG.warn("unknown http method {}",action); + LOG.warn("unknown http method {}", action); break; } } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java index e7e9b72f9..cf8109ef0 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java @@ -40,7 +40,7 @@ import org.slf4j.LoggerFactory; public class TokenCreator { private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName()); - private static final long DEFAULT_TOKEN_LIFETIME_MS = 30 * 60 * 1000; + private static final long DEFAULT_TOKEN_LIFETIME_MS = 30 * 60 * 1000L; private final String issuer; private static TokenCreator _instance; private final String secret; @@ -98,8 +98,8 @@ public class TokenCreator { return new Date().getTime() + DEFAULT_TOKEN_LIFETIME_MS; } - public long getDefaultExp(long exp_in) { - return new Date().getTime() + exp_in; + public long getDefaultExp(long expIn) { + return new Date().getTime() + expIn; } public UserTokenPayload decode(HttpServletRequest req) throws JWTDecodeException { |