From 25423c50e504676f15c7a57c03aad40bfc35c7e6 Mon Sep 17 00:00:00 2001 From: Michael Dürre Date: Wed, 20 Jul 2022 09:32:50 +0200 Subject: migrate sdnr features to sulfur MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix sdnr code for sulfur Issue-ID: CCSDK-3692 Signed-off-by: Michael Dürre Change-Id: I0a62ade424bb978222e7ce6450215fb327f957b7 Signed-off-by: Michael Dürre --- sdnr/wt/oauth-provider/pom.xml | 3 +- sdnr/wt/oauth-provider/provider-jar/pom.xml | 3 +- .../wt/oauthprovider/data/OAuthProviderConfig.java | 17 ++- .../data/OpenIdConfigResponseData.java | 54 +++++++ .../data/UnableToConfigureOAuthService.java | 12 ++ .../CustomizedMDSALDynamicAuthorizationFilter.java | 155 +++++++++++++++++++++ .../wt/oauthprovider/http/AuthHttpServlet.java | 11 +- .../wt/oauthprovider/providers/AuthService.java | 35 ++++- .../providers/GitlabProviderService.java | 3 +- .../providers/KeycloakProviderService.java | 3 +- .../providers/MdSalAuthorizationStore.java | 3 +- .../providers/NextcloudProviderService.java | 3 +- .../providers/OAuthProviderFactory.java | 3 +- .../oauthprovider/test/TestGitlabAuthService.java | 5 +- .../test/TestKeycloakAuthService.java | 5 +- sdnr/wt/oauth-provider/provider-osgi/pom.xml | 8 +- 16 files changed, 294 insertions(+), 29 deletions(-) create mode 100644 sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java create mode 100644 sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java create mode 100644 sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java (limited to 'sdnr/wt/oauth-provider') diff --git a/sdnr/wt/oauth-provider/pom.xml b/sdnr/wt/oauth-provider/pom.xml index faba3bee9..b6d86cdba 100755 --- a/sdnr/wt/oauth-provider/pom.xml +++ b/sdnr/wt/oauth-provider/pom.xml @@ -22,13 +22,14 @@ ~ ============LICENSE_END======================================================= ~ --> + 4.0.0 org.onap.ccsdk.parent odlparent-lite - 2.4.0 + 2.4.1-SNAPSHOT diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/provider-jar/pom.xml index 974e4330e..0657cb541 100644 --- a/sdnr/wt/oauth-provider/provider-jar/pom.xml +++ b/sdnr/wt/oauth-provider/provider-jar/pom.xml @@ -22,13 +22,14 @@ ~ ============LICENSE_END======================================================= ~ --> + 4.0.0 org.onap.ccsdk.parent binding-parent - 2.4.0 + 2.4.1-SNAPSHOT diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java index 11e13e226..4fb0d0069 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java @@ -36,6 +36,8 @@ public class OAuthProviderConfig { private String title; private String scope; private String realmName; + private String openIdConfigUrl; + private boolean trustAll; private OAuthProvider type; private Map roleMapping; @@ -45,7 +47,7 @@ public class OAuthProviderConfig { } public OAuthProviderConfig(String id, String url, String internalUrl, String clientId, String secret, String scope, - String title, String realmName, boolean trustAll) { + String title, String realmName, String openIdConfigUrl, boolean trustAll) { this.id = id; this.url = url; this.internalUrl = internalUrl; @@ -55,6 +57,7 @@ public class OAuthProviderConfig { this.title = title; this.realmName = realmName; this.trustAll = trustAll; + this.openIdConfigUrl = openIdConfigUrl; this.roleMapping = new HashMap<>(); } @@ -70,7 +73,7 @@ public class OAuthProviderConfig { } public OAuthProviderConfig() { - this(null, null, null, null, null, null, null, null, false); + this(null, null, null, null, null, null, null, null, null, false); } public void setUrl(String url) { @@ -153,6 +156,9 @@ public class OAuthProviderConfig { this.internalUrl = internalUrl; } + public void setOpenIdConfigUrl(String openIdConfigUrl){ this.openIdConfigUrl = openIdConfigUrl;} + + public String getOpenIdConfigUrl() { return this.openIdConfigUrl;} @JsonIgnore public void handleEnvironmentVars() { if (Config.isEnvExpression(this.id)) { @@ -179,6 +185,9 @@ public class OAuthProviderConfig { if (Config.isEnvExpression(this.realmName)) { this.realmName = Config.getProperty(this.realmName, null); } + if (Config.isEnvExpression(this.openIdConfigUrl)) { + this.openIdConfigUrl = Config.getProperty(this.openIdConfigUrl, null); + } } @JsonIgnore @@ -186,4 +195,8 @@ public class OAuthProviderConfig { return this.internalUrl != null && this.internalUrl.length() > 0 ? this.internalUrl : this.url; } + @JsonIgnore + public boolean hasToBeConfigured(){ + return this.openIdConfigUrl!=null && this.openIdConfigUrl.length()>0; + } } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java new file mode 100644 index 000000000..2af46b6b4 --- /dev/null +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java @@ -0,0 +1,54 @@ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data; + +public class OpenIdConfigResponseData { + + private String issuer; + private String authorization_endpoint; + private String token_endpoint; + private String userinfo_endpoint; + private String jwks_uri; + + public OpenIdConfigResponseData(){ + + } + + public String getIssuer() { + return issuer; + } + + public void setIssuer(String issuer) { + this.issuer = issuer; + } + + public String getAuthorization_endpoint() { + return authorization_endpoint; + } + + public void setAuthorization_endpoint(String authorization_endpoint) { + this.authorization_endpoint = authorization_endpoint; + } + + public String getToken_endpoint() { + return token_endpoint; + } + + public void setToken_endpoint(String token_endpoint) { + this.token_endpoint = token_endpoint; + } + + public String getUserinfo_endpoint() { + return userinfo_endpoint; + } + + public void setUserinfo_endpoint(String userinfo_endpoint) { + this.userinfo_endpoint = userinfo_endpoint; + } + + public String getJwks_uri() { + return jwks_uri; + } + + public void setJwks_uri(String jwks_uri) { + this.jwks_uri = jwks_uri; + } +} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java new file mode 100644 index 000000000..b791a4040 --- /dev/null +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java @@ -0,0 +1,12 @@ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data; + +public class UnableToConfigureOAuthService extends Exception { + + public UnableToConfigureOAuthService(String configUrl){ + super(String.format("Unable to configure OAuth service from url %s", configUrl)); + } + public UnableToConfigureOAuthService(String configUrl, int responseCode){ + super(String.format("Unable to configure OAuth service from url %s. bad response with code %d", configUrl, responseCode)); + } + +} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java new file mode 100644 index 000000000..80d9d1bb6 --- /dev/null +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java @@ -0,0 +1,155 @@ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters; + +import static com.google.common.base.Preconditions.checkArgument; +import static java.util.Objects.requireNonNull; + +import com.google.common.collect.Iterables; +import com.google.common.util.concurrent.Futures; +import com.google.common.util.concurrent.ListenableFuture; + +import java.util.*; +import java.util.concurrent.ExecutionException; +import javax.servlet.Filter; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import org.apache.shiro.subject.Subject; +import org.apache.shiro.web.filter.authz.AuthorizationFilter; +import org.opendaylight.aaa.shiro.web.env.ThreadLocals; +import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener; +import org.opendaylight.mdsal.binding.api.DataBroker; +import org.opendaylight.mdsal.binding.api.DataTreeIdentifier; +import org.opendaylight.mdsal.binding.api.DataTreeModification; +import org.opendaylight.mdsal.binding.api.ReadTransaction; +import org.opendaylight.mdsal.common.api.LogicalDatastoreType; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies; +import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission.Permissions; +import org.opendaylight.yangtools.concepts.ListenerRegistration; +import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +@SuppressWarnings("checkstyle:AbbreviationAsWordInName") +public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilter + implements ClusteredDataTreeChangeListener { + + private static final Logger LOG = LoggerFactory.getLogger(CustomizedMDSALDynamicAuthorizationFilter.class); + + private static final DataTreeIdentifier AUTHZ_CONTAINER = DataTreeIdentifier.create( + LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(HttpAuthorization.class)); + + private final DataBroker dataBroker; + + private ListenerRegistration reg; + private volatile ListenableFuture> authContainer; + + public CustomizedMDSALDynamicAuthorizationFilter() { + dataBroker = requireNonNull(ThreadLocals.DATABROKER_TL.get()); + } + + @Override + public Filter processPathConfig(final String path, final String config) { + try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) { + authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier()); + } + this.reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this); + return super.processPathConfig(path, config); + } + + @Override + public void destroy() { + if (reg != null) { + reg.close(); + reg = null; + } + super.destroy(); + } + + @Override + public void onDataTreeChanged(final Collection> changes) { + final HttpAuthorization newVal = Iterables.getLast(changes).getRootNode().getDataAfter(); + LOG.debug("Updating authorization information to {}", newVal); + authContainer = Futures.immediateFuture(Optional.ofNullable(newVal)); + } + + @Override + public boolean isAccessAllowed(final ServletRequest request, final ServletResponse response, + final Object mappedValue) { + checkArgument(request instanceof HttpServletRequest, "Expected HttpServletRequest, received {}", request); + + final Subject subject = getSubject(request, response); + final HttpServletRequest httpServletRequest = (HttpServletRequest)request; + final String requestURI = httpServletRequest.getRequestURI(); + LOG.debug("isAccessAllowed for user={} to requestURI={}", subject, requestURI); + + final Optional authorizationOptional; + try { + authorizationOptional = authContainer.get(); + } catch (ExecutionException | InterruptedException e) { + // Something went completely wrong trying to read the authz container. Deny access. + LOG.warn("MDSAL attempt to read Http Authz Container failed, disallowing access", e); + return false; + } + + if (!authorizationOptional.isPresent()) { + // The authorization container does not exist-- hence no authz rules are present + // Allow access. + LOG.debug("Authorization Container does not exist"); + return true; + } + + final HttpAuthorization httpAuthorization = authorizationOptional.get(); + final var policies = httpAuthorization.getPolicies(); + List policiesList = policies != null ? policies.getPolicies() : null; + if (policiesList == null || policiesList.isEmpty()) { + // The authorization container exists, but no rules are present. Allow access. + LOG.debug("Exiting successfully early since no authorization rules exist"); + return true; + } + + // Sort the Policies list based on index + policiesList = new ArrayList<>(policiesList); + policiesList.sort(Comparator.comparing(Policies::getIndex)); + + for (Policies policy : policiesList) { + final String resource = policy.getResource(); + final boolean pathsMatch = pathsMatch(resource, requestURI); + if (pathsMatch) { + LOG.debug("paths match for pattern={} and requestURI={}", resource, requestURI); + final String method = httpServletRequest.getMethod(); + LOG.trace("method={}", method); + List permissions = policy.getPermissions(); + if(permissions !=null) { + for (Permissions permission : permissions) { + final String role = permission.getRole(); + LOG.trace("role={}", role); + Set actions = permission.getActions(); + if (actions != null) { + for (Permissions.Actions action : actions) { + LOG.trace("action={}", action.getName()); + if (action.getName().equalsIgnoreCase(method)) { + final boolean hasRole = subject.hasRole(role); + LOG.trace("hasRole({})={}", role, hasRole); + if (hasRole) { + return true; + } + } + } + } + else{ + LOG.trace("no actions found"); + } + } + } + else { + LOG.trace("no permissions found"); + } + LOG.debug("couldn't authorize the user for access"); + return false; + } + } + LOG.debug("successfully authorized the user for access"); + return true; + } +} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java index 15ff9c480..7c88e50b0 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java @@ -44,13 +44,7 @@ import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; import org.jolokia.osgi.security.Authenticator; import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore; @@ -102,7 +96,8 @@ public class AuthHttpServlet extends HttpServlet { private static ShiroConfiguration shiroConfiguration; private static MdSalAuthorizationStore mdsalAuthStore; - public AuthHttpServlet() throws IllegalArgumentException, IOException, InvalidConfigurationException { + public AuthHttpServlet() throws IllegalArgumentException, IOException, InvalidConfigurationException, + UnableToConfigureOAuthService { this.config = Config.getInstance(); this.tokenCreator = TokenCreator.getInstance(this.config); this.mapper = new ObjectMapper(); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java index 835ea8c09..192da6371 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java @@ -41,9 +41,8 @@ import java.util.stream.Collectors; import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthResponseData; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; + +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client.MappedBaseHttpResponse; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client.MappingBaseHttpClient; @@ -60,6 +59,8 @@ public abstract class AuthService { protected final OAuthProviderConfig config; protected final TokenCreator tokenCreator; private final String redirectUri; + private final String tokenEndpoint; + private final String authEndpoint; protected abstract String getTokenVerifierUri(); @@ -78,13 +79,30 @@ public abstract class AuthService { protected abstract boolean verifyState(String state); - public AuthService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) { + public AuthService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) throws UnableToConfigureOAuthService { this.config = config; this.tokenCreator = tokenCreator; this.redirectUri = redirectUri; this.mapper = new ObjectMapper(); this.mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); this.httpClient = new MappingBaseHttpClient(this.config.getUrlOrInternal(), this.config.trustAll()); + if (this.config.hasToBeConfigured()){ + Optional> oresponse = this.httpClient.sendMappedRequest( + this.config.getOpenIdConfigUrl(), "GET", null, null, OpenIdConfigResponseData.class); + if(oresponse.isEmpty()){ + throw new UnableToConfigureOAuthService(this.config.getOpenIdConfigUrl()); + } + MappedBaseHttpResponse response = oresponse.get(); + if(!response.isSuccess()){ + throw new UnableToConfigureOAuthService(this.config.getOpenIdConfigUrl(), response.code); + } + this.tokenEndpoint = response.body.getToken_endpoint(); + this.authEndpoint = response.body.getAuthorization_endpoint(); + } + else{ + this.tokenEndpoint = null; + this.authEndpoint = null; + } } public PublicOAuthProviderConfig getConfig() { @@ -110,7 +128,11 @@ public abstract class AuthService { public void sendLoginRedirectResponse(HttpServletResponse resp, String callbackUrl) { resp.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); - resp.setHeader("Location", this.getLoginUrl(callbackUrl)); + String url = this.authEndpoint!=null?String.format( + "%s?client_id=%s&response_type=code&scope=%s&redirect_uri=%s", + this.authEndpoint, urlEncode(this.config.getClientId()), this.config.getScope(), + urlEncode(callbackUrl)):this.getLoginUrl(callbackUrl); + resp.setHeader("Location", url); } private static void sendErrorResponse(HttpServletResponse resp, String message) throws IOException { @@ -204,8 +226,9 @@ public abstract class AuthService { body.append(String.format("%s=%s&", p.getKey(), urlEncode(p.getValue()))); } + String url = this.tokenEndpoint!=null?this.tokenEndpoint:this.getTokenVerifierUri(); Optional> response = - this.httpClient.sendMappedRequest(this.getTokenVerifierUri(), "POST", + this.httpClient.sendMappedRequest(url, "POST", body.substring(0, body.length() - 1), headers, OAuthResponseData.class); if (response.isPresent() && response.get().isSuccess()) { return response.get().body; diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java index 1111603c9..10f701ec2 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java @@ -30,6 +30,7 @@ import java.util.Map; import java.util.Optional; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client.MappedBaseHttpResponse; import org.slf4j.Logger; @@ -43,7 +44,7 @@ public class GitlabProviderService extends AuthService { private static final String API_USER_URI = "/api/v4/user"; private static final String API_GROUP_URI = "/api/v4/groups?min_access_level=10"; - public GitlabProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) { + public GitlabProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) throws UnableToConfigureOAuthService { super(config, redirectUri, tokenCreator); this.additionalTokenVerifierParams = new HashMap<>(); this.additionalTokenVerifierParams.put("grant_type", "authorization_code"); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java index dbc577664..05000199e 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java @@ -29,6 +29,7 @@ import java.util.Map; import java.util.stream.Collectors; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.KeycloakUserTokenPayload; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; public class KeycloakProviderService extends AuthService { @@ -36,7 +37,7 @@ public class KeycloakProviderService extends AuthService { public static final String ID = "keycloak"; private Map additionalTokenVerifierParams; - public KeycloakProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) { + public KeycloakProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) throws UnableToConfigureOAuthService { super(config, redirectUri, tokenCreator); this.additionalTokenVerifierParams = new HashMap<>(); this.additionalTokenVerifierParams.put("grant_type", "authorization_code"); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java index ca7f47138..4bf35e72d 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java @@ -23,6 +23,7 @@ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers; import java.util.List; import java.util.Optional; +import java.util.Set; import java.util.concurrent.ExecutionException; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy.PolicyMethods; @@ -85,7 +86,7 @@ public class MdSalAuthorizationStore { return Optional.of(mapPolicy(path, rolePm.get().getActions())); } - private OdlPolicy mapPolicy(String path, List actions) { + private OdlPolicy mapPolicy(String path, Set actions) { PolicyMethods methods = new PolicyMethods(); String action; for (Actions a : actions) { diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java index b6f045cdd..336de5600 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java @@ -25,11 +25,12 @@ import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonMappingException; import java.util.Map; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; public class NextcloudProviderService extends AuthService { - public NextcloudProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) { + public NextcloudProviderService(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) throws UnableToConfigureOAuthService { super(config, redirectUri, tokenCreator); // TODO Auto-generated constructor stub } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java index 193e7a7f7..152569930 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java @@ -22,12 +22,13 @@ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; public class OAuthProviderFactory { public static AuthService create(OAuthProvider key, OAuthProviderConfig config, String redirectUri, - TokenCreator tokenCreator) { + TokenCreator tokenCreator) throws UnableToConfigureOAuthService { switch (key) { case KEYCLOAK: return new KeycloakProviderService(config, redirectUri, tokenCreator); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java index dda3ba1e0..6c2390ea0 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java @@ -43,6 +43,7 @@ import org.junit.BeforeClass; import org.junit.Test; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.GitlabProviderService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; @@ -62,7 +63,7 @@ public class TestGitlabAuthService { TokenCreator tokenCreator = TokenCreator.getInstance(Config.TOKENALG_HS256, TOKENCREATOR_SECRET, "issuer", 30*60); OAuthProviderConfig config = new OAuthProviderConfig("git", GITURL, null, "odlux.app", OAUTH_SECRET, "openid", - "gitlab test", "", false); + "gitlab test", "", null, false); oauthService = new GitlabProviderServiceToTest(config, REDIRECT_URI, tokenCreator); try { initGitlabTestWebserver(PORT, "/"); @@ -102,7 +103,7 @@ public class TestGitlabAuthService { public static class GitlabProviderServiceToTest extends GitlabProviderService { - public GitlabProviderServiceToTest(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) { + public GitlabProviderServiceToTest(OAuthProviderConfig config, String redirectUri, TokenCreator tokenCreator) throws UnableToConfigureOAuthService { super(config, redirectUri, tokenCreator); } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java index e4c5e4d82..e5ec2fb32 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java +++ b/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java @@ -43,6 +43,7 @@ import org.junit.BeforeClass; import org.junit.Test; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.KeycloakProviderService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; @@ -62,7 +63,7 @@ public class TestKeycloakAuthService { TokenCreator tokenCreator = TokenCreator.getInstance(Config.TOKENALG_HS256, TOKENCREATOR_SECRET, "issuer", 30*60); OAuthProviderConfig config = new OAuthProviderConfig("kc", KEYCLOAKURL, null, "odlux.app", OAUTH_SECRET, - "openid", "keycloak test", "onap", false); + "openid", "keycloak test", "onap",null, false); oauthService = new KeycloakProviderServiceToTest(config, REDIRECT_URI, tokenCreator); try { initKeycloakTestWebserver(PORT, "/"); @@ -102,7 +103,7 @@ public class TestKeycloakAuthService { public static class KeycloakProviderServiceToTest extends KeycloakProviderService { public KeycloakProviderServiceToTest(OAuthProviderConfig config, String redirectUri, - TokenCreator tokenCreator) { + TokenCreator tokenCreator) throws UnableToConfigureOAuthService { super(config, redirectUri, tokenCreator); } } diff --git a/sdnr/wt/oauth-provider/provider-osgi/pom.xml b/sdnr/wt/oauth-provider/provider-osgi/pom.xml index 87805b0a1..2db8e6ec7 100644 --- a/sdnr/wt/oauth-provider/provider-osgi/pom.xml +++ b/sdnr/wt/oauth-provider/provider-osgi/pom.xml @@ -22,13 +22,14 @@ ~ ============LICENSE_END======================================================= ~ --> + 4.0.0 org.onap.ccsdk.parent binding-parent - 2.4.0 + 2.4.1-SNAPSHOT @@ -112,6 +113,7 @@ org.apache.shiro.authz, org.apache.shiro.realm, org.apache.shiro.subject, + org.apache.shiro.web.filter.authz, org.jolokia.osgi.security, org.onap.ccsdk.features.sdnr.wt.common.http, org.opendaylight.aaa.api, @@ -132,7 +134,9 @@ com.fasterxml.jackson.annotation, com.fasterxml.jackson.core.type, com.fasterxml.jackson.core, - org.apache.commons.codec.binary + org.apache.commons.codec.binary, + com.google.common.collect, + com.google.common.util.concurrent *;scope=compile|runtime;inline=false *;scope=compile|runtime;artifactId=!shiro-core;inline=false -- cgit 1.2.3-korg