summaryrefslogtreecommitdiffstats
path: root/sdnr/wt/oauth-provider
diff options
context:
space:
mode:
Diffstat (limited to 'sdnr/wt/oauth-provider')
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/pom.xml11
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java9
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java52
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java21
-rw-r--r--sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java6
5 files changed, 48 insertions, 51 deletions
diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/provider-jar/pom.xml
index b73602d36..41d5c96b7 100644
--- a/sdnr/wt/oauth-provider/provider-jar/pom.xml
+++ b/sdnr/wt/oauth-provider/provider-jar/pom.xml
@@ -64,17 +64,6 @@
<dependency>
<groupId>com.auth0</groupId>
<artifactId>java-jwt</artifactId>
- <version>3.11.0</version>
- <exclusions>
- <exclusion>
- <groupId>com.fasterxml.jackson.core</groupId>
- <artifactId>jackson-databind</artifactId>
- </exclusion>
- <exclusion>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- </exclusion>
- </exclusions>
</dependency>
<dependency>
<groupId>com.highstreet-technologies.aaa</groupId>
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
index a6dff6769..3ebc144d3 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
@@ -44,9 +44,9 @@ public class Config {
private static final String DEFAULT_TOKENSECRET = generateSecret();
private static final String DEFAULT_REDIRECTURI = "/odlux/index.html#/oauth?token=";
private static final String DEFAULT_SUPPORTODLUSERS = "true";
+ private static Random random;
private static Config _instance;
-
private List<OAuthProviderConfig> providers;
private String redirectUri;
private String supportOdlUsers;
@@ -166,8 +166,9 @@ public class Config {
public static String generateSecret(int targetStringLength) {
int leftLimit = 48; // numeral '0'
int rightLimit = 122; // letter 'z'
- Random random = new Random();
-
+ if(random==null) {
+ random = new Random();
+ }
String generatedString = random.ints(leftLimit, rightLimit + 1)
.filter(i -> (i <= 57 || i >= 65) && (i <= 90 || i >= 97)).limit(targetStringLength)
.collect(StringBuilder::new, StringBuilder::appendCodePoint, StringBuilder::append).toString();
@@ -197,7 +198,7 @@ public class Config {
String envvar = mkey.substring(2, mkey.length() - 1);
String env = System.getenv(envvar);
tmp = tmp.replace(mkey, env == null ? "" : env);
- if (env != null && env != "") {
+ if (env != null && env.isEmpty()) {
found = true;
}
} catch (SecurityException e) {
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
index 9a9f4fc04..85fe1ced2 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
@@ -75,10 +75,8 @@ public class AuthHttpServlet extends HttpServlet {
public static final String REDIRECTURI = BASEURI + "/redirect";
private static final String REDIRECTURI_FORMAT = REDIRECTURI + "/%s";
private static final String POLICIESURI = BASEURI + "/policies";
- //private static final String PROVIDERID_REGEX = "^\\" + BASEURI + "\\/providers\\/([^\\/]+)$";
private static final String REDIRECTID_REGEX = "^\\" + BASEURI + "\\/redirect\\/([^\\/]+)$";
private static final String LOGIN_REDIRECT_REGEX = "^\\" + LOGINURI + "\\/([^\\/]+)$";
- //private static final Pattern PROVIDERID_PATTERN = Pattern.compile(PROVIDERID_REGEX);
private static final Pattern REDIRECTID_PATTERN = Pattern.compile(REDIRECTID_REGEX);
private static final Pattern LOGIN_REDIRECT_PATTERN = Pattern.compile(LOGIN_REDIRECT_REGEX);
@@ -96,13 +94,12 @@ public class AuthHttpServlet extends HttpServlet {
private final ObjectMapper mapper;
/* state <=> AuthProviderService> */
private final Map<String, AuthService> providerStore;
- private Authenticator odlAuthenticator;
- private IdMService odlIdentityService;
private final TokenCreator tokenCreator;
private final Config config;
- private ShiroConfiguration shiroConfiguration;
- private DataBroker dataBroker;
- private MdSalAuthorizationStore mdsalAuthStore;
+ private static Authenticator odlAuthenticator;
+ private static IdMService odlIdentityService;
+ private static ShiroConfiguration shiroConfiguration;
+ private static MdSalAuthorizationStore mdsalAuthStore;
public AuthHttpServlet() throws IOException {
this.config = Config.getInstance();
@@ -116,21 +113,20 @@ public class AuthHttpServlet extends HttpServlet {
}
- public void setOdlAuthenticator(Authenticator odlAuthenticator) {
- this.odlAuthenticator = odlAuthenticator;
+ public void setOdlAuthenticator(Authenticator odlAuthenticator2) {
+ odlAuthenticator = odlAuthenticator2;
}
- public void setOdlIdentityService(IdMService odlIdentityService) {
- this.odlIdentityService = odlIdentityService;
+ public void setOdlIdentityService(IdMService odlIdentityService2) {
+ odlIdentityService = odlIdentityService2;
}
- public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) {
- this.shiroConfiguration = shiroConfiguration;
+ public void setShiroConfiguration(ShiroConfiguration shiroConfiguration2) {
+ shiroConfiguration = shiroConfiguration2;
}
public void setDataBroker(DataBroker dataBroker) {
- this.dataBroker = dataBroker;
- this.mdsalAuthStore = new MdSalAuthorizationStore(this.dataBroker);
+ mdsalAuthStore = new MdSalAuthorizationStore(dataBroker);
}
@Override
@@ -152,10 +148,12 @@ public class AuthHttpServlet extends HttpServlet {
}
}
+
private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
this.logout();
- this.sendResponse(resp, HttpServletResponse.SC_OK,"");
+ this.sendResponse(resp, HttpServletResponse.SC_OK, "");
}
+
private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException {
final String uri = req.getRequestURI();
final Matcher matcher = LOGIN_REDIRECT_PATTERN.matcher(uri);
@@ -163,7 +161,6 @@ public class AuthHttpServlet extends HttpServlet {
final String id = matcher.group(1);
AuthService provider = this.providerStore.getOrDefault(id, null);
if (provider != null) {
- //provider.setLocalHostUrl(getHost(req));
String redirectUrl = getHost(req) + String.format(REDIRECTURI_FORMAT, id);
provider.sendLoginRedirectResponse(resp, redirectUrl);
return;
@@ -185,7 +182,7 @@ public class AuthHttpServlet extends HttpServlet {
* @return
*/
private List<OdlPolicy> getPoliciesForUser(HttpServletRequest req) {
- List<Urls> urlRules = this.shiroConfiguration.getUrls();
+ List<Urls> urlRules = shiroConfiguration.getUrls();
UserTokenPayload data = this.getUserInfo(req);
List<OdlPolicy> policies = new ArrayList<>();
if (urlRules != null) {
@@ -209,7 +206,7 @@ public class AuthHttpServlet extends HttpServlet {
} else if (authClass.equals(CLASSNAME_ODLBEARERANDBASICAUTH)) {
policy = this.getTokenBasedPolicy(urlRule, matcher, data);
} else if (authClass.equals(CLASSNAME_ODLMDSALAUTH)) {
- policy = this.getMdSalBasedPolicy(urlRule, matcher, data);
+ policy = this.getMdSalBasedPolicy(urlRule, data);
}
if (policy.isPresent()) {
policies.add(policy.get());
@@ -236,13 +233,12 @@ public class AuthHttpServlet extends HttpServlet {
* extract policy rule for user from MD-SAL not yet supported
*
* @param urlRule
- * @param matcher
* @param data
* @return
*/
- private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, Matcher matcher, UserTokenPayload data) {
- if (this.mdsalAuthStore != null) {
- return data != null ? this.mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles())
+ private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, UserTokenPayload data) {
+ if (mdsalAuthStore != null) {
+ return data != null ? mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles())
: Optional.of(OdlPolicy.denyAll(urlRule.getPairKey()));
}
return Optional.empty();
@@ -293,8 +289,9 @@ public class AuthHttpServlet extends HttpServlet {
if ("anon".equals(key)) {
return null;
}
+ List<Main> list = shiroConfiguration.getMain();
Optional<Main> main =
- this.shiroConfiguration.getMain().stream().filter((e) -> e.getPairKey().equals(key)).findFirst();
+ list == null ? Optional.empty() : list.stream().filter(e -> e.getPairKey().equals(key)).findFirst();
if (main.isPresent()) {
return main.get().getPairValue();
}
@@ -314,7 +311,7 @@ public class AuthHttpServlet extends HttpServlet {
if (!username.contains("@")) {
username = String.format("%s@%s", username, domain);
}
- List<String> roles = this.odlIdentityService.listRoles(username, domain);
+ List<String> roles = odlIdentityService.listRoles(username, domain);
return UserTokenPayload.create(username, roles);
}
}
@@ -440,8 +437,8 @@ public class AuthHttpServlet extends HttpServlet {
}
HttpServletRequest req = new HeadersOnlyHttpServletRequest(
Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue(username, password)));
- if (this.odlAuthenticator.authenticate(req)) {
- List<String> roles = this.odlIdentityService.listRoles(username, domain);
+ if (odlAuthenticator.authenticate(req)) {
+ List<String> roles = odlIdentityService.listRoles(username, domain);
UserTokenPayload data = new UserTokenPayload();
data.setPreferredUsername(username);
data.setFamilyName("");
@@ -467,6 +464,7 @@ public class AuthHttpServlet extends HttpServlet {
os.write(output);
}
+
private void logout() {
final Subject subject = SecurityUtils.getSubject();
try {
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
index b181af040..293fe33f9 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
@@ -27,6 +27,7 @@ import java.util.concurrent.ExecutionException;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy.PolicyMethods;
import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.ReadTransaction;
import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization;
import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.Policies;
@@ -49,17 +50,25 @@ public class MdSalAuthorizationStore {
public Optional<OdlPolicy> getPolicy(String path, List<String> userRoles) {
InstanceIdentifier<Policies> iif = InstanceIdentifier.create(HttpAuthorization.class).child(Policies.class);
Optional<Policies> odata = Optional.empty();
- try {
- odata = this.dataBroker.newReadOnlyTransaction().read(LogicalDatastoreType.CONFIGURATION, iif).get();
- } catch (InterruptedException | ExecutionException e) {
+ try (ReadTransaction transaction = this.dataBroker.newReadOnlyTransaction()) {
+ odata = transaction.read(LogicalDatastoreType.CONFIGURATION, iif).get();
+ } catch (ExecutionException e) {
LOG.warn("unable to read policies from mdsal: ", e);
+ } catch (InterruptedException e) {
+ LOG.warn("Interrupted!", e);
+ // Restore interrupted state...
+ Thread.currentThread().interrupt();
}
if (odata.isEmpty()) {
return Optional.empty();
}
-
+ List<org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies> data =
+ odata.get().getPolicies();
+ if (data == null) {
+ return Optional.empty();
+ }
Optional<org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies> entry =
- odata.get().getPolicies().stream().filter((e) -> path.equals(e.getResource())).findFirst();
+ data.stream().filter(e -> path.equals(e.getResource())).findFirst();
if (entry.isEmpty()) {
return Optional.empty();
}
@@ -96,7 +105,7 @@ public class MdSalAuthorizationStore {
methods.setPatch(true);
break;
default:
- LOG.warn("unknown http method {}",action);
+ LOG.warn("unknown http method {}", action);
break;
}
}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
index e7e9b72f9..cf8109ef0 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
@@ -40,7 +40,7 @@ import org.slf4j.LoggerFactory;
public class TokenCreator {
private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName());
- private static final long DEFAULT_TOKEN_LIFETIME_MS = 30 * 60 * 1000;
+ private static final long DEFAULT_TOKEN_LIFETIME_MS = 30 * 60 * 1000L;
private final String issuer;
private static TokenCreator _instance;
private final String secret;
@@ -98,8 +98,8 @@ public class TokenCreator {
return new Date().getTime() + DEFAULT_TOKEN_LIFETIME_MS;
}
- public long getDefaultExp(long exp_in) {
- return new Date().getTime() + exp_in;
+ public long getDefaultExp(long expIn) {
+ return new Date().getTime() + expIn;
}
public UserTokenPayload decode(HttpServletRequest req) throws JWTDecodeException {