diff options
| author |   xg353y <xg353y@intl.att.com> | 2018-07-23 16:02:28 +0200 |
|---|---|---|
| committer | xg353y <xg353y@intl.att.com> | 2018-07-26 16:06:10 +0200 |
| commit | 054f1d1e13b4a7f0dc3a84d4c282019a3c528043 (patch) | |
| tree | c20b0cb0915f678653288487c6ad8f4d5497144b /src/main/java | |
| parent | b0ff445fb7b53db882997ec0fd0e843b5c92a413 (diff) | |
Upgrade spring/camel versions
Upgrade the spring/camel dependency versions in order to solve the
security issue
Issue-ID: CLAMP-188
Change-Id: I80c28a4d9c142b89463ad3a6a00761e5495adda8
Signed-off-by: xg353y <xg353y@intl.att.com>
Diffstat (limited to 'src/main/java')
18 files changed, 486 insertions, 534 deletions
diff --git a/src/main/java/org/onap/clamp/clds/Application.java b/src/main/java/org/onap/clamp/clds/Application.java index 5975b9d4..fd5deb91 100644 --- a/src/main/java/org/onap/clamp/clds/Application.java +++ b/src/main/java/org/onap/clamp/clds/Application.java @@ -5,20 +5,20 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.clamp.clds; @@ -32,31 +32,32 @@ import org.onap.clamp.clds.model.properties.Holmes; import org.onap.clamp.clds.model.properties.ModelProperties; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.SpringApplication; -import org.springframework.boot.actuate.autoconfigure.ManagementWebSecurityAutoConfiguration; import org.springframework.boot.autoconfigure.EnableAutoConfiguration; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.data.jpa.JpaRepositoriesAutoConfiguration; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; import org.springframework.boot.autoconfigure.orm.jpa.HibernateJpaAutoConfiguration; -import org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration; +import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; +import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration; import org.springframework.boot.builder.SpringApplicationBuilder; -import org.springframework.boot.context.embedded.EmbeddedServletContainerFactory; -import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory; import org.springframework.boot.context.properties.EnableConfigurationProperties; +import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; import org.springframework.boot.web.servlet.ServletRegistrationBean; -import org.springframework.boot.web.support.SpringBootServletInitializer; +import org.springframework.boot.web.servlet.server.ServletWebServerFactory; +import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.scheduling.annotation.EnableAsync; import org.springframework.scheduling.annotation.EnableScheduling; + @SpringBootApplication @ComponentScan(basePackages = { - "org.onap.clamp.clds" + "org.onap.clamp.clds" }) @EnableAutoConfiguration(exclude = { - DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class, JpaRepositoriesAutoConfiguration.class, - SecurityAutoConfiguration.class, ManagementWebSecurityAutoConfiguration.class + DataSourceAutoConfiguration.class, HibernateJpaAutoConfiguration.class, JpaRepositoriesAutoConfiguration.class, + SecurityAutoConfiguration.class,UserDetailsServiceAutoConfiguration .class }) @EnableConfigurationProperties @EnableAsync @@ -96,25 +97,25 @@ public class Application extends SpringBootServletInitializer { /** * This method is used to declare the camel servlet. - * + * * @return A servlet bean */ @Bean public ServletRegistrationBean camelServletRegistrationBean() { - ServletRegistrationBean registration = new ServletRegistrationBean(new CamelHttpTransportServlet(), - "/restservices/clds/v2"); + ServletRegistrationBean registration = new ServletRegistrationBean(new ClampServlet(), + "/restservices/clds/v1/*"); registration.setName("CamelServlet"); return registration; } /** * This method is used by Spring to create the servlet container factory. - * + * * @return The TomcatEmbeddedServletContainerFactory just created */ @Bean - public EmbeddedServletContainerFactory getEmbeddedServletContainerFactory() { - TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory(); + public ServletWebServerFactory getEmbeddedServletContainerFactory() { + TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory(); if (!"none".equals(httpRedirectedPort) && !"none".equals(sslKeystoreFile)) { // Automatically redirect to HTTPS tomcat = new TomcatEmbeddedServletContainerFactoryRedirection(); @@ -129,7 +130,7 @@ public class Application extends SpringBootServletInitializer { private Connector createRedirectConnector(int redirectSecuredPort) { if (redirectSecuredPort <= 0) { EELF_LOGGER.warn( - "HTTP port redirection to HTTPS is disabled because the HTTPS port is 0 (random port) or -1 (Connector disabled)"); + "HTTP port redirection to HTTPS is disabled because the HTTPS port is 0 (random port) or -1 (Connector disabled)"); return null; } Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol"); diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java new file mode 100644 index 00000000..2ef57803 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -0,0 +1,100 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.clds; + +import java.io.IOException; +import java.security.Principal; +import java.util.ArrayList; +import java.util.List; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.servlet.ServletException; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + +import org.apache.camel.component.servlet.CamelHttpTransportServlet; + +import org.springframework.context.ApplicationContext; +import org.springframework.security.authentication.AuthenticationManager; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.User; +import org.springframework.web.context.support.WebApplicationContextUtils; + +import org.onap.clamp.clds.config.ClampProperties; +import org.onap.clamp.clds.service.SecureServicePermission; +import org.onap.clamp.clds.util.ClampTimer; + + +public class ClampServlet extends CamelHttpTransportServlet { + + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampServlet.class); + public static final String PERM_INSTANCE = "clamp.config.security.permission.instance"; + public static final String PERM_CL= "clamp.config.security.permission.type.cl"; + public static final String PERM_TEMPLACE = "clamp.config.security.permission.type.template"; + + protected void doService(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + List<SecureServicePermission> permissionList = new ArrayList<>(); + + // Get Principal info and translate it into Spring Authentication + // If authenticataion is null: a) the authentication info was set manually in the previous thread + // b) handled by Spring automatically + // for the 2 cases above, no need for the translation, just skip the following step + if (null == authentication) { + logger.debug ("Populate Spring Authenticataion info manually."); + ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext()); + // Start a timer to clear the authentication after 5 mins, so that the authentication will be reinitialized with AAF DB + new ClampTimer(300); + String cldsPersmissionTypeCl = applicationContext.getEnvironment().getProperty(PERM_INSTANCE); + String cldsPermissionTypeTemplate = applicationContext.getEnvironment().getProperty(PERM_CL); + String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_TEMPLACE); + + // set the stragety to Mode_Global, so that all thread is able to see the authentication + SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL); + Principal p = request.getUserPrincipal(); + + permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read")); + permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update")); + permissionList.add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "read")); + permissionList.add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "update")); + + List<GrantedAuthority> grantedAuths = new ArrayList<>(); + for (SecureServicePermission perm:permissionList) { + String permString = perm.toString(); + if (request.isUserInRole(permString)) { + grantedAuths.add(new SimpleGrantedAuthority(permString)); + } + } + Authentication auth = new UsernamePasswordAuthenticationToken(new User(p.getName(), "", grantedAuths), "", grantedAuths); + SecurityContextHolder.getContext().setAuthentication(auth); + } + super.doService(request, response); + } +}
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/TomcatEmbeddedServletContainerFactoryRedirection.java b/src/main/java/org/onap/clamp/clds/TomcatEmbeddedServletContainerFactoryRedirection.java index 18a44af7..1d9150ee 100644 --- a/src/main/java/org/onap/clamp/clds/TomcatEmbeddedServletContainerFactoryRedirection.java +++ b/src/main/java/org/onap/clamp/clds/TomcatEmbeddedServletContainerFactoryRedirection.java @@ -5,20 +5,20 @@ * Copyright (C) 2017 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.clamp.clds; @@ -26,18 +26,18 @@ package org.onap.clamp.clds; import org.apache.catalina.Context; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; -import org.springframework.boot.context.embedded.tomcat.TomcatEmbeddedServletContainerFactory; +import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory; /** * This class is a factory that redirects by default all HTTP to HTTPS * connector. It is used by the Application.java class and defined in a Spring * Bean. - * + * * In order to do this, the method postProcessContext has been overridden to * provide another behavior. - * + * */ -public class TomcatEmbeddedServletContainerFactoryRedirection extends TomcatEmbeddedServletContainerFactory { +public class TomcatEmbeddedServletContainerFactoryRedirection extends TomcatServletWebServerFactory { /** * This method is there to force the automatic redirection of all calls done diff --git a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java b/src/main/java/org/onap/clamp/clds/config/CamelConfiguration.java index 56fbca8d..16cbd840 100644 --- a/src/main/java/org/onap/clamp/clds/service/JaxrsApplication.java +++ b/src/main/java/org/onap/clamp/clds/config/CamelConfiguration.java @@ -18,17 +18,23 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * */ - -package org.onap.clamp.clds.service; - -import javax.ws.rs.ApplicationPath; -import javax.ws.rs.core.Application; - +package org.onap.clamp.clds.config; +import org.apache.camel.builder.RouteBuilder; +import org.apache.camel.model.rest.RestBindingMode; +import org.onap.clamp.clds.model.CldsInfo; import org.springframework.stereotype.Component; + @Component -@ApplicationPath("/restservices/clds/v1") -public class JaxrsApplication extends Application { +public class CamelConfiguration extends RouteBuilder { + + @Override + public void configure() { + restConfiguration().component("servlet") + .bindingMode(RestBindingMode.json); -}
\ No newline at end of file + rest("/clds") + .get("/test").description("Find user by id").outType(CldsInfo.class).produces("application/json") + .to("bean:org.onap.clamp.clds.service.CldsService?method=getCldsInfo()") ; + } +} diff --git a/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java deleted file mode 100644 index a2b6c07d..00000000 --- a/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java +++ /dev/null @@ -1,75 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * ECOMP is a trademark and service mark of AT&T Intellectual Property. - */ - -package org.onap.clamp.clds.config; - -import java.security.Principal; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; - -/** - * Overwrite the key method isUserInRole and getUserPrincipal, to adapt to the Clamp default user verification - */ -public class ClampUserWrap extends HttpServletRequestWrapper { - - private String user; - private List<String> roles = null; - private HttpServletRequest realRequest; - - /** - * Standard Wrapper constructor for Delegate pattern - * @param request - */ - public ClampUserWrap(HttpServletRequest request, String userName, List<String> roles){ - super(request); - - this.user = userName; - this.roles = roles; - this.realRequest = request; - } - - @Override - public boolean isUserInRole(String role) { - if (roles == null) { - return this.realRequest.isUserInRole(role); - } - return roles.contains(role); - } - - @Override - public Principal getUserPrincipal() { - if (this.user == null) { - return realRequest.getUserPrincipal(); - } - - // make an anonymous implementation to just return our user - return new Principal() { - @Override - public String getName() { - return user; - } - }; - } -} diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java index e43aa114..a99dde20 100644 --- a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java @@ -18,45 +18,120 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * */ + package org.onap.clamp.clds.config; -import javax.servlet.Filter; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; -import org.onap.clamp.clds.filter.ClampDefaultUserFilter; -import org.springframework.boot.web.servlet.FilterRegistrationBean; -import org.springframework.context.annotation.Bean; +import java.io.IOException; + +import org.onap.clamp.clds.exception.CldsConfigException; +import org.onap.clamp.clds.exception.CldsUsersException; +import org.onap.clamp.clds.service.CldsUser; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.crypto.password.PasswordEncoder; +/** + * This class is used to enable the HTTP authentication to login. It requires a + * specific JSON file containing the user definition + * (classpath:clds/clds-users.json). + */ @Configuration +@EnableWebSecurity @Profile("clamp-default-user") -public class DefaultUserConfiguration { +public class DefaultUserConfiguration extends WebSecurityConfigurerAdapter { + + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(DefaultUserConfiguration.class); + protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); + @Autowired + private ClampProperties refProp; + @Value("${clamp.config.security.permission.type.cl:permission-type-cl}") + private String cldsPersmissionTypeCl; + @Value("${CLDS_PERMISSION_INSTANCE:dev}") + private String cldsPermissionInstance; + @Value("${clamp.config.security.encoder:bcrypt}") + private String cldsEncoderMethod; + @Value("${clamp.config.security.encoder.bcrypt.strength:10}") + private Integer cldsBcryptEncoderStrength; + + /** + * This method configures on which URL the authorization will be enabled. + */ + @Override + protected void configure(HttpSecurity http) { + try { + http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**") + .authenticated().anyRequest().permitAll().and().logout().and().sessionManagement().maximumSessions(1) + .and().invalidSessionUrl("/designer/timeout.html"); + + } catch (Exception e) { + logger.error("Exception occurred during the setup of the Web users in memory", e); + throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e); + } + } /** - * Method to return clamp default user filter. - * - * @return Filter + * This method is called by the framework and is used to load all the users + * defined in cldsUsersFile variable (this file path can be configured in the + * application.properties). + * + * @param auth */ - @Bean(name = "defaultUserFilter") - public Filter defaultUserFilter() { - return new ClampDefaultUserFilter(); + @Autowired + public void configureGlobal(AuthenticationManagerBuilder auth) { + // configure algorithm used for password hashing + final PasswordEncoder passwordEncoder = getPasswordEncoder(); + + try { + CldsUser[] usersList = loadUsers(); + // no users defined + if (null == usersList) { + logger.warn("No users defined. Users should be defined under clds-users.json"); + return; + } + for (CldsUser user : usersList) { + auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword()) + .authorities(user.getPermissionsString()).and().passwordEncoder(passwordEncoder); + } + } catch (Exception e) { + logger.error("Exception occurred during the setup of the Web users in memory", e); + throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e); + } } /** - * Method to register defaultUserFilter. - * - * @return FilterRegistrationBean + * This method loads physically the JSON file and convert it to an Array of + * CldsUser. + * + * @return The array of CldsUser + * @throws IOException + * In case of the file is not found */ - @Bean - public FilterRegistrationBean defaultUserFilterRegistration() { - FilterRegistrationBean registration = new FilterRegistrationBean(); - registration.setFilter(defaultUserFilter()); - registration.addUrlPatterns("/restservices/*"); - registration.setName("defaultUserFilter"); - registration.setOrder(0); - return registration; + private CldsUser[] loadUsers() throws IOException { + logger.info("Load from clds-users.properties"); + return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers")); } + /** + * This methods returns the chosen encoder for password hashing. + */ + private PasswordEncoder getPasswordEncoder() { + if ("bcrypt".equals(cldsEncoderMethod)) { + return new BCryptPasswordEncoder(cldsBcryptEncoderStrength); + } else { + throw new CldsConfigException( + "Invalid clamp.config.security.encoder value. 'bcrypt' is the only option at this time."); + } + } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java index 1c3ba1cf..ed3dcb46 100644 --- a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -22,26 +22,15 @@ */ package org.onap.clamp.clds.filter; -import javax.servlet.FilterConfig; - -import java.io.IOException; -import java.security.Principal; -import java.security.cert.X509Certificate; import java.util.Properties; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpSession; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.context.SecurityContextImpl; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.beans.factory.annotation.Value; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; import org.onap.aaf.cadi.filter.CadiFilter; import org.onap.clamp.clds.config.AAFConfiguration; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; public class ClampCadiFilter extends CadiFilter { private static final String CADI_TRUST_STORE = "cadi_truststore"; @@ -52,13 +41,13 @@ public class ClampCadiFilter extends CadiFilter { @Value("${server.ssl.key-store:none}") private String keyStore; - + @Value("${clamp.config.cadi.cadiKeystorePassword:none}") private String keyStorePass; @Value("${server.ssl.trust:none}") private String trustStore; - + @Value("${clamp.config.cadi.cadiTruststorePassword:none}") private String trustStorePass; @@ -67,7 +56,7 @@ public class ClampCadiFilter extends CadiFilter { @Autowired private AAFConfiguration aafConfiguration; - + @Override public void init(FilterConfig filterConfig) throws ServletException { Properties props = aafConfiguration.getProperties(); @@ -82,7 +71,7 @@ public class ClampCadiFilter extends CadiFilter { private String trimFileName (String fileName) { int index= fileName.indexOf("file:"); - if (index == -1) { + if (index == -1) { return fileName; } else { return fileName.substring(index+5); diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java deleted file mode 100644 index 539e3c6a..00000000 --- a/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java +++ /dev/null @@ -1,70 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * ECOMP is a trademark and service mark of AT&T Intellectual Property. - */ -package org.onap.clamp.clds.filter; - -import java.io.IOException; -import java.util.Arrays; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.beans.factory.annotation.Autowired; -import org.onap.clamp.clds.config.ClampProperties; -import org.onap.clamp.clds.config.ClampUserWrap; -import org.onap.clamp.clds.config.CldsUserJsonDecoder; -import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; - - -public class ClampDefaultUserFilter implements Filter { - private CldsUser defaultUser; - @Autowired - private ClampProperties refProp; - - // Load the default user - public void init(FilterConfig cfg) throws ServletException { - try { - CldsUser[] users = CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers")); - defaultUser = users[0]; - } catch (IOException e) { - // not able to load default user - throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e); - } - } - - // Call the ClampUserWrapper - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException { - HttpServletRequest hreq = (HttpServletRequest)req; - chain.doFilter(new ClampUserWrap(hreq, defaultUser.getUser(), Arrays.asList(defaultUser.getPermissionsString())), res); - } - - public void destroy() { - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsHealthcheckService.java b/src/main/java/org/onap/clamp/clds/service/CldsHealthcheckService.java index 18533ad5..a017d54b 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsHealthcheckService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsHealthcheckService.java @@ -5,61 +5,53 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== */ package org.onap.clamp.clds.service; -import java.util.Date; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; +import java.util.Date; import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.model.CldsHealthCheck; import org.onap.clamp.clds.util.LoggingUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Component; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - /** * Service to retrieve the Health Check of the clds application. - * + * */ @Component -@Path("/") public class CldsHealthcheckService { - - @Autowired - private CldsDao cldsDao; - - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsHealthcheckService.class); - - /** + + @Autowired + private CldsDao cldsDao; + + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsHealthcheckService.class); + + /** * REST service that retrieves clds healthcheck information. * * @return CldsHealthCheck class containing healthcheck info */ - @GET - @Path("/healthcheck") - @Produces(MediaType.APPLICATION_JSON) - public Response gethealthcheck() { + public ResponseEntity<CldsHealthCheck> gethealthcheck() { CldsHealthCheck cldsHealthCheck = new CldsHealthCheck(); Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET healthcheck", "Clamp-Health-Check"); @@ -72,7 +64,7 @@ public class CldsHealthcheckService { cldsHealthCheck.setDescription("OK"); LoggingUtils.setResponseContext("0", "Get healthcheck success", this.getClass().getName()); } catch (Exception e) { - healthcheckFailed = true; + healthcheckFailed = true; logger.error("CLAMP application Heath check failed", e); LoggingUtils.setResponseContext("999", "Get healthcheck failed", this.getClass().getName()); cldsHealthCheck.setHealthCheckComponent("CLDS-APP"); @@ -82,9 +74,9 @@ public class CldsHealthcheckService { // audit log LoggingUtils.setTimeContext(startTime, new Date()); if(healthcheckFailed) { - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(cldsHealthCheck).build(); + return new ResponseEntity<>(cldsHealthCheck, HttpStatus.INTERNAL_SERVER_ERROR); } else { - return Response.status(Response.Status.OK).entity(cldsHealthCheck).build(); + return new ResponseEntity<>(cldsHealthCheck, HttpStatus.OK); } } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java index a63d0218..d6fbde35 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsService.java @@ -34,23 +34,12 @@ import java.io.IOException; import java.security.GeneralSecurityException; import java.util.Date; import java.util.List; +import java.util.Optional; import java.util.UUID; - import javax.ws.rs.BadRequestException; -import javax.ws.rs.Consumes; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.GET; -import javax.ws.rs.NotAuthorizedException; -import javax.ws.rs.POST; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.QueryParam; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Response; import javax.xml.transform.TransformerException; + import org.apache.camel.Produce; import org.apache.commons.codec.DecoderException; import org.apache.commons.lang3.StringUtils; @@ -61,12 +50,12 @@ import org.onap.clamp.clds.client.DcaeInventoryServices; import org.onap.clamp.clds.client.req.sdc.SdcCatalogServices; import org.onap.clamp.clds.config.ClampProperties; import org.onap.clamp.clds.dao.CldsDao; + import org.onap.clamp.clds.exception.CldsConfigException; import org.onap.clamp.clds.exception.policy.PolicyClientException; import org.onap.clamp.clds.exception.sdc.SdcCommunicationException; import org.onap.clamp.clds.model.CldsDbServiceCache; import org.onap.clamp.clds.model.CldsEvent; -import org.onap.clamp.clds.model.CldsHealthCheck; import org.onap.clamp.clds.model.CldsInfo; import org.onap.clamp.clds.model.CldsModel; import org.onap.clamp.clds.model.CldsModelProp; @@ -87,6 +76,7 @@ import org.onap.clamp.clds.util.LoggingUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Component; import org.springframework.web.client.HttpClientErrorException; @@ -94,7 +84,6 @@ import org.springframework.web.client.HttpClientErrorException; * Service to save and retrieve the CLDS model attributes. */ @Component -@Path("/clds") public class CldsService extends SecureServiceBase { @Produce(uri = "direct:processSubmit") @@ -160,9 +149,6 @@ public class CldsService extends SecureServiceBase { * used to generate the ClosedLoop model. ACTION_CD | Current state of the * ClosedLoop in CLDS application. */ - @GET - @Path("/cldsDetails") - @Produces(MediaType.APPLICATION_JSON) public List<CldsMonitoringDetails> getCLDSDetails() { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET model details", getPrincipalName()); @@ -178,9 +164,6 @@ public class CldsService extends SecureServiceBase { * CLDS IFO service will return 3 things 1. User Name 2. CLDS code version that * is currently installed from pom.xml file 3. User permissions */ - @GET - @Path("/cldsInfo") - @Produces(MediaType.APPLICATION_JSON) public CldsInfo getCldsInfo() { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET cldsInfo", getPrincipalName()); @@ -197,44 +180,6 @@ public class CldsService extends SecureServiceBase { } /** - * REST service that retrieves clds healthcheck information. - * - * @return CldsHealthCheck class containing healthcheck info - */ - @GET - @Path("/healthcheck") - @Produces(MediaType.APPLICATION_JSON) - public Response gethealthcheck() { - CldsHealthCheck cldsHealthCheck = new CldsHealthCheck(); - Date startTime = new Date(); - LoggingUtils.setRequestContext("CldsService: GET healthcheck", "Clamp-Health-Check"); - LoggingUtils.setTimeContext(startTime, new Date()); - boolean healthcheckFailed = false; - try { - cldsDao.doHealthCheck(); - cldsHealthCheck.setHealthCheckComponent("CLDS-APP"); - cldsHealthCheck.setHealthCheckStatus("UP"); - cldsHealthCheck.setDescription("OK"); - LoggingUtils.setResponseContext("0", "Get healthcheck success", this.getClass().getName()); - } catch (Exception e) { - healthcheckFailed = true; - logger.error("CLAMP application DB Error", e); - LoggingUtils.setResponseContext("999", "Get healthcheck failed", this.getClass().getName()); - cldsHealthCheck.setHealthCheckComponent("CLDS-APP"); - cldsHealthCheck.setHealthCheckStatus("DOWN"); - cldsHealthCheck.setDescription("NOT-OK"); - } - // audit log - LoggingUtils.setTimeContext(startTime, new Date()); - logger.info("GET healthcheck completed"); - if (healthcheckFailed) { - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(cldsHealthCheck).build(); - } else { - return Response.status(Response.Status.OK).entity(cldsHealthCheck).build(); - } - } - - /** * REST service that retrieves BPMN for a CLDS model name from the database. * This is subset of the json getModel. This is only expected to be used for * testing purposes, not by the UI. @@ -242,10 +187,7 @@ public class CldsService extends SecureServiceBase { * @param modelName * @return bpmn xml text - content of bpmn given name */ - @GET - @Path("/model/bpmn/{modelName}") - @Produces(MediaType.TEXT_XML) - public String getBpmnXml(@PathParam("modelName") String modelName) { + public String getBpmnXml(String modelName) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET model bpmn", getPrincipalName()); isAuthorized(permissionReadCl); @@ -266,10 +208,7 @@ public class CldsService extends SecureServiceBase { * @param modelName * @return image xml text - content of image given name */ - @GET - @Path("/model/image/{modelName}") - @Produces(MediaType.TEXT_XML) - public String getImageXml(@PathParam("modelName") String modelName) { + public String getImageXml(String modelName) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET model image", getPrincipalName()); isAuthorized(permissionReadCl); @@ -288,10 +227,7 @@ public class CldsService extends SecureServiceBase { * @param modelName * @return clds model - clds model for the given model name */ - @GET - @Path("/model/{modelName}") - @Produces(MediaType.APPLICATION_JSON) - public CldsModel getModel(@PathParam("modelName") String modelName) { + public CldsModel getModel(String modelName) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET model", getPrincipalName()); isAuthorized(permissionReadCl); @@ -320,11 +256,7 @@ public class CldsService extends SecureServiceBase { * * @param modelName */ - @PUT - @Path("/model/{modelName}") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public CldsModel putModel(@PathParam("modelName") String modelName, CldsModel cldsModel) { + public CldsModel putModel(String modelName, CldsModel cldsModel) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: PUT model", getPrincipalName()); isAuthorized(permissionUpdateCl); @@ -350,9 +282,6 @@ public class CldsService extends SecureServiceBase { * * @return model names in JSON */ - @GET - @Path("/model-names") - @Produces(MediaType.APPLICATION_JSON) public List<ValueItem> getModelNames() { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET model names", getPrincipalName()); @@ -397,12 +326,8 @@ public class CldsService extends SecureServiceBase { * @throws DecoderException * In case of issues with the Hex String decoding */ - @PUT - @Path("/action/{action}/{modelName}") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public Response putModelAndProcessAction(@PathParam("action") String action, - @PathParam("modelName") String modelName, @QueryParam("test") String validateFlag, CldsModel model) + public ResponseEntity<?> putModelAndProcessAction(String action, + String modelName,String test, CldsModel model) throws TransformerException, ParseException { Date startTime = new Date(); CldsModel retrievedModel = null; @@ -417,7 +342,7 @@ public class CldsService extends SecureServiceBase { String userId = getUserId(); logger.info("PUT actionCd={}", actionCd); logger.info("PUT modelName={}", modelName); - logger.info("PUT test={}", validateFlag); + logger.info("PUT test={}", test); logger.info("PUT bpmnText={}", model.getBpmnText()); logger.info("PUT propText={}", model.getPropText()); logger.info("PUT userId={}", userId); @@ -438,7 +363,7 @@ public class CldsService extends SecureServiceBase { // Flag indicates whether it is triggered by Validation Test button // from // UI - boolean isTest = Boolean.valueOf(validateFlag); + boolean isTest = Boolean.valueOf(test); if (!isTest) { String actionTestOverride = refProp.getStringValue("action.test.override"); if (Boolean.valueOf(actionTestOverride)) { @@ -495,16 +420,16 @@ public class CldsService extends SecureServiceBase { auditLogger.info("Process model action completed"); } else { logger.error("CldsModel not found in database with modelName: " + modelName); - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity("CldsModel not found in database with modelName: \" + modelName").build(); + return new ResponseEntity<String>("CldsModel not found in database with modelName: \" + modelName", HttpStatus.INTERNAL_SERVER_ERROR); } } catch (Exception e) { errorCase = true; logger.error("Exception occured during putModelAndProcessAction", e); } if (errorCase) { - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(retrievedModel).build(); + return new ResponseEntity<>(retrievedModel, HttpStatus.INTERNAL_SERVER_ERROR); } - return Response.status(Response.Status.OK).entity(retrievedModel).build(); + return new ResponseEntity<>(retrievedModel, HttpStatus.OK); } /** @@ -513,11 +438,7 @@ public class CldsService extends SecureServiceBase { * @param test * @param dcaeEvent */ - @POST - @Path("/dcae/event") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public String postDcaeEvent(@QueryParam("test") String test, DcaeEvent dcaeEvent) { + public String postDcaeEvent(String test, DcaeEvent dcaeEvent) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: Post dcae event", getPrincipalName()); String userid = null; @@ -565,9 +486,6 @@ public class CldsService extends SecureServiceBase { * @throws DecoderException * In case of issues with the decoding of the Hex String */ - @GET - @Path("/sdc/services") - @Produces(MediaType.APPLICATION_JSON) public String getSdcServices() throws GeneralSecurityException, DecoderException { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET sdc services", getPrincipalName()); @@ -592,9 +510,6 @@ public class CldsService extends SecureServiceBase { * @throws IOException * In case of issues */ - @GET - @Path("/properties") - @Produces(MediaType.APPLICATION_JSON) public String getSdcProperties() throws IOException { return createPropertiesObjectByUUID("{}"); } @@ -610,18 +525,14 @@ public class CldsService extends SecureServiceBase { * @throws IOException * In case of issue to convert CldsServiceCache to InputStream */ - @GET - @Path("/properties/{serviceInvariantUUID}") - @Produces(MediaType.APPLICATION_JSON) public String getSdcPropertiesByServiceUUIDForRefresh( - @PathParam("serviceInvariantUUID") String serviceInvariantUUID, - @DefaultValue("false") @QueryParam("refresh") boolean refresh) + String serviceInvariantUUID, Boolean refresh) throws GeneralSecurityException, DecoderException, IOException { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: GET sdc properties by uuid", getPrincipalName()); CldsServiceData cldsServiceData = new CldsServiceData(); cldsServiceData.setServiceInvariantUUID(serviceInvariantUUID); - if (!refresh) { + if (!Optional.ofNullable(refresh).orElse(false)) { cldsServiceData = cldsDao.getCldsServiceCache(serviceInvariantUUID); } if (sdcCatalogServices.isCldsSdcCacheDataExpired(cldsServiceData)) { @@ -808,11 +719,7 @@ public class CldsService extends SecureServiceBase { return emptyvfcobjectNode; } - @PUT - @Path("/deploy/{modelName}") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public Response deployModel(@PathParam("modelName") String modelName, CldsModel model) { + public ResponseEntity<CldsModel> deployModel(String modelName, CldsModel model) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: Deploy model", getPrincipalName()); Boolean errorCase = false; @@ -865,16 +772,12 @@ public class CldsService extends SecureServiceBase { logger.error("Exception occured during deployModel", e); } if (errorCase) { - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build(); + return new ResponseEntity<>(model, HttpStatus.INTERNAL_SERVER_ERROR); } - return Response.status(Response.Status.OK).entity(model).build(); + return new ResponseEntity<>(model, HttpStatus.OK); } - @PUT - @Path("/undeploy/{modelName}") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public Response unDeployModel(@PathParam("modelName") String modelName, CldsModel model) { + public ResponseEntity<CldsModel> unDeployModel(String modelName, CldsModel model) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsService: Undeploy model", getPrincipalName()); Boolean errorCase = false; @@ -914,9 +817,9 @@ public class CldsService extends SecureServiceBase { logger.error("Exception occured during unDeployModel", e); } if (errorCase) { - return Response.status(Response.Status.INTERNAL_SERVER_ERROR).entity(model).build(); + return new ResponseEntity<>(model, HttpStatus.INTERNAL_SERVER_ERROR); } - return Response.status(Response.Status.OK).entity(model).build(); + return new ResponseEntity<>(model, HttpStatus.OK); } private void checkForDuplicateServiceVf(String modelName, String modelPropText) throws IOException { diff --git a/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java b/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java index 9e506820..276670e2 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java @@ -18,7 +18,7 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.clamp.clds.service; @@ -27,13 +27,6 @@ import java.util.Date; import java.util.List; import javax.annotation.PostConstruct; -import javax.ws.rs.Consumes; -import javax.ws.rs.GET; -import javax.ws.rs.PUT; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.model.CldsTemplate; @@ -47,7 +40,6 @@ import org.springframework.stereotype.Component; * Service to save and retrieve the CLDS model attributes. */ @Component -@Path("/cldsTempate") public class CldsTemplateService extends SecureServiceBase { @Value("${clamp.config.security.permission.type.template:permission-type-template}") @@ -60,9 +52,9 @@ public class CldsTemplateService extends SecureServiceBase { @PostConstruct private final void afterConstruction() { permissionReadTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "read"); + "read"); permissionUpdateTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "update"); + "update"); } @Autowired @@ -76,10 +68,7 @@ public class CldsTemplateService extends SecureServiceBase { * @param templateName * @return bpmn xml text - content of bpmn given name */ - @GET - @Path("/template/bpmn/{templateName}") - @Produces(MediaType.TEXT_XML) - public String getBpmnTemplate(@PathParam("templateName") String templateName) { + public String getBpmnTemplate(String templateName) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsTemplateService: GET template bpmn", getPrincipalName()); isAuthorized(permissionReadTemplate); @@ -100,10 +89,7 @@ public class CldsTemplateService extends SecureServiceBase { * @param templateName * @return image xml text - content of image given name */ - @GET - @Path("/template/image/{templateName}") - @Produces(MediaType.TEXT_XML) - public String getImageXml(@PathParam("templateName") String templateName) { + public String getImageXml(String templateName) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsTemplateService: GET template image", getPrincipalName()); isAuthorized(permissionReadTemplate); @@ -122,10 +108,7 @@ public class CldsTemplateService extends SecureServiceBase { * @param templateName * @return clds template - clds template for the given template name */ - @GET - @Path("/template/{templateName}") - @Produces(MediaType.APPLICATION_JSON) - public CldsTemplate getTemplate(@PathParam("templateName") String templateName) { + public CldsTemplate getTemplate(String templateName) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsTemplateService: GET template", getPrincipalName()); isAuthorized(permissionReadTemplate); @@ -146,11 +129,7 @@ public class CldsTemplateService extends SecureServiceBase { * @param cldsTemplate * @return The CldsTemplate modified and saved in DB */ - @PUT - @Path("/template/{templateName}") - @Consumes(MediaType.APPLICATION_JSON) - @Produces(MediaType.APPLICATION_JSON) - public CldsTemplate putTemplate(@PathParam("templateName") String templateName, CldsTemplate cldsTemplate) { + public CldsTemplate putTemplate(String templateName, CldsTemplate cldsTemplate) { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsTemplateService: PUT template", getPrincipalName()); isAuthorized(permissionUpdateTemplate); @@ -172,9 +151,6 @@ public class CldsTemplateService extends SecureServiceBase { * * @return template names in JSON */ - @GET - @Path("/template-names") - @Produces(MediaType.APPLICATION_JSON) public List<ValueItem> getTemplateNames() { Date startTime = new Date(); LoggingUtils.setRequestContext("CldsTemplateService: GET template names", getPrincipalName()); diff --git a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java index 44372b62..543dd4a9 100644 --- a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java +++ b/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java @@ -5,40 +5,39 @@ * Copyright (C) 2017 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.clamp.clds.service;
-import java.security.Principal;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.userdetails.UserDetails;
+
-import javax.ws.rs.core.SecurityContext;
public class DefaultUserNameHandler implements UserNameHandler {
/*
* (non-Javadoc)
- *
+ *
* @see
- * org.onap.clamp.clds.service.PrincipalNameHandler#handleName(javax.ws.rs.
- * core.SecurityContext)
+ * org.onap.clamp.clds.service.PrincipalNameHandler#handleName(SecurityContext)
*/
@Override
public String retrieveUserName(SecurityContext securityContext) {
- Principal p = securityContext.getUserPrincipal();
- return (p == null ? "Not found" : p.getName());
+ return ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername();
}
}
diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java b/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java index 22fe4a8e..522f682b 100644 --- a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java +++ b/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java @@ -18,7 +18,7 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.clamp.clds.service; @@ -26,14 +26,15 @@ package org.onap.clamp.clds.service; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; -import java.security.Principal; import java.util.Date; - import javax.ws.rs.NotAuthorizedException; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.SecurityContext; import org.onap.clamp.clds.util.LoggingUtils; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; /** * Base/abstract Service class. Implements shared security methods. @@ -46,8 +47,8 @@ public abstract class SecureServiceBase { // By default we'll set it to a default handler private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); - @Context - private SecurityContext securityContext; + + private SecurityContext securityContext = SecurityContextHolder.getContext(); /** * Get the userId from AAF/CSP. @@ -78,10 +79,10 @@ public abstract class SecureServiceBase { * @return */ public String getPrincipalName() { - Principal principal = securityContext.getUserPrincipal(); + String principal = ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); String name = "Not found"; if (principal != null) { - name = principal.getName(); + name = principal; } logger.debug("userPrincipal.getName()={}", name); return name; @@ -103,20 +104,20 @@ public abstract class SecureServiceBase { * In case of issues with the permission test, error is returned * in this exception */ - public boolean isAuthorized(SecureServicePermission inPermission) throws NotAuthorizedException { - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorized"); - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - throw new NotAuthorizedException(msg); - } - } + public boolean isAuthorized(SecureServicePermission inPermission) throws NotAuthorizedException { + Date startTime = new Date(); + LoggingUtils.setTargetContext("CLDS", "isAuthorized"); + LoggingUtils.setTimeContext(startTime, new Date()); + securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); + try { + return isUserPermitted(inPermission); + } catch (NotAuthorizedException nae) { + String msg = getPrincipalName() + " does not have permission: " + inPermission; + LoggingUtils.setErrorContext("100", "Authorization Error"); + securityLogger.warn(msg); + throw new NotAuthorizedException(msg); + } + } /** * Check if user is authorized for the given aaf permission. Allow matches @@ -131,26 +132,26 @@ public abstract class SecureServiceBase { * @return A boolean to indicate if the user has the permission to do * execute the inPermission */ - public boolean isAuthorizedNoException(SecureServicePermission inPermission) { - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorizedNoException"); - LoggingUtils.setTimeContext(startTime, new Date()); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - } - return false; - } + public boolean isAuthorizedNoException(SecureServicePermission inPermission) { + securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); + Date startTime = new Date(); + LoggingUtils.setTargetContext("CLDS", "isAuthorizedNoException"); + LoggingUtils.setTimeContext(startTime, new Date()); + try { + return isUserPermitted(inPermission); + } catch (NotAuthorizedException nae) { + String msg = getPrincipalName() + " does not have permission: " + inPermission; + LoggingUtils.setErrorContext("100", "Authorization Error"); + securityLogger.warn(msg); + } + return false; + } /** * This method can be used by the Application.class to set the * UserNameHandler that must be used in this class. The UserNameHandler * where to get the User name - * + * * @param handler * The Handler impl to use */ @@ -163,28 +164,42 @@ public abstract class SecureServiceBase { public void setSecurityContext(SecurityContext securityContext) { this.securityContext = securityContext; } - - private boolean isUserPermitted(SecureServicePermission inPermission) throws NotAuthorizedException { - boolean authorized = false; - // check if the user has the permission key or the permission key with a + + private boolean isUserPermitted(SecureServicePermission inPermission) { + boolean authorized = false; + // check if the user has the permission key or the permission key with a // combination of all instance and/or all action. - if (securityContext.isUserInRole(inPermission.getKey())) { - securityLogger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); + if (hasRole(inPermission.getKey())) { + securityLogger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); authorized = true; // the rest of these don't seem to be required - isUserInRole method // appears to take * as a wildcard - } else if (securityContext.isUserInRole(inPermission.getKeyAllInstance())) { + } else if (hasRole(inPermission.getKeyAllInstance())) { securityLogger.info("{} authorized because user has permission with * for instance: {}", getPrincipalName(), inPermission.getKey()); authorized = true; - } else if (securityContext.isUserInRole(inPermission.getKeyAllInstanceAction())) { - securityLogger.info("{} authorized because user has permission with * for instance and * for action: {}", getPrincipalName(), inPermission.getKey()); + } else if (hasRole(inPermission.getKeyAllInstanceAction())) { + securityLogger.info("{} authorized because user has permission with * for instance and * for action: {}", getPrincipalName(), inPermission.getKey()); authorized = true; - } else if (securityContext.isUserInRole(inPermission.getKeyAllAction())) { - securityLogger.info("{} authorized because user has permission with * for action: {}", getPrincipalName(), inPermission.getKey()); + } else if (hasRole(inPermission.getKeyAllAction())) { + securityLogger.info("{} authorized because user has permission with * for action: {}", getPrincipalName(), inPermission.getKey()); authorized = true; } else { throw new NotAuthorizedException(""); } return authorized; } + + protected boolean hasRole(String role) { + Authentication authentication = securityContext.getAuthentication(); + if (authentication == null) { + return false; + } + + for (GrantedAuthority auth : authentication.getAuthorities()) { + if (role.equals(auth.getAuthority())) + return true; + } + + return false; + } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java b/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java index 2d4de644..ae30d2aa 100644 --- a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java +++ b/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java @@ -5,20 +5,20 @@ * Copyright (C) 2017 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ package org.onap.clamp.clds.service; @@ -28,7 +28,7 @@ package org.onap.clamp.clds.service; * methods. */ public class SecureServicePermission { - public final static String ALL = "*"; + public static final String ALL = "*"; private String type; private String instance; diff --git a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java index bd3aa93a..d48700f6 100644 --- a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java +++ b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java @@ -5,25 +5,25 @@ * Copyright (C) 2017 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.clamp.clds.service;
-import javax.ws.rs.core.SecurityContext;
+import org.springframework.security.core.context.SecurityContext;
public interface UserNameHandler {
diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java index 99611609..cfe50c95 100644 --- a/src/main/java/org/onap/clamp/clds/service/UserService.java +++ b/src/main/java/org/onap/clamp/clds/service/UserService.java @@ -5,16 +5,16 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== @@ -22,28 +22,20 @@ package org.onap.clamp.clds.service; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.Produces; -import javax.ws.rs.core.MediaType; -import javax.ws.rs.core.Context; -import javax.ws.rs.core.SecurityContext; -import org.springframework.stereotype.Component; + +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Controller; /** * User service used for authorization verification at the login page. Do not * remove this class. */ -@Component -@Path("/user") -@Produces({ - MediaType.TEXT_PLAIN -}) +@Controller public class UserService { - @Context - private SecurityContext securityContext; + + private SecurityContext securityContext= SecurityContextHolder.getContext(); /** * REST service that returns the username. @@ -51,12 +43,7 @@ public class UserService { * @param userName * @return the user name */ - @GET - @Path("/getUser") - @Produces(MediaType.TEXT_PLAIN) public String getUser() { - UserNameHandler userNameHandler = new DefaultUserNameHandler(); - String userName = userNameHandler.retrieveUserName(securityContext); - return userName; + return new DefaultUserNameHandler().retrieveUserName(securityContext); } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/util/ClampTimer.java b/src/main/java/org/onap/clamp/clds/util/ClampTimer.java new file mode 100644 index 00000000..794e2b48 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/util/ClampTimer.java @@ -0,0 +1,54 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.clamp.clds.util; + +import java.util.Timer; +import java.util.TimerTask; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; + +import org.springframework.security.core.context.SecurityContextHolder; + +/** + * Define the ClampTimer and CleanupTask, to clear up the Spring Authenticataion info when time is up. + */ + +public class ClampTimer { + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampTimer.class); + Timer timer; + + public ClampTimer(int seconds) { + timer = new Timer(); + timer.schedule(new CleanupTask(), seconds*1000); + } + + class CleanupTask extends TimerTask { + public void run() { + logger.debug("Time is up, clear the Spring authenticataion settings"); + //Clear up the spring authentication + SecurityContextHolder.getContext().setAuthentication(null); + //Terminate the timer thread + timer.cancel(); + } + } +}
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java index 7a6667c4..71835fa1 100644 --- a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java @@ -31,7 +31,7 @@ import java.util.Date; import java.util.TimeZone;
import java.util.UUID;
import javax.validation.constraints.NotNull;
-import org.apache.log4j.MDC;
+import org.slf4j.MDC;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
|