diff options
9 files changed, 91 insertions, 96 deletions
diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java index 511b9509..4a35f458 100644 --- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java +++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java @@ -5,6 +5,8 @@ * Copyright (C) 2019 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -39,8 +41,6 @@ import org.onap.clamp.util.PrincipalUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; /** @@ -57,12 +57,8 @@ public class AuthorizationController { @Autowired private ClampProperties refProp; - private SecurityContext securityContext = SecurityContextHolder.getContext(); - private static final String permPrefix = "security.permission.type."; - private static final String permInstance = "security.permission.instance"; - - public AuthorizationController() { - } + private static final String PERM_PREFIX = "security.permission.type."; + private static final String PERM_INSTANCE = "security.permission.instance"; /** * Insert authorize the api based on the permission @@ -77,8 +73,8 @@ public class AuthorizationController { * The action of the permissions. e.g. read */ public void authorize(Exchange camelExchange, String typeVar, String instanceVar, String action) { - String type = refProp.getStringValue(permPrefix + typeVar); - String instance = refProp.getStringValue(permInstance); + String type = refProp.getStringValue(PERM_PREFIX + typeVar); + String instance = refProp.getStringValue(PERM_INSTANCE); if (null == type || type.isEmpty()) { //authorization is turned off, since the permission is not defined @@ -93,9 +89,8 @@ public class AuthorizationController { LoggingUtils.setTargetContext("Clamp", "authorize"); LoggingUtils.setTimeContext(startTime, new Date()); securityLogger.debug("checking if {} has permission: {}", principalName, perm); - try { - isUserPermitted(perm); - } catch (NotAuthorizedException nae) { + + if (!isUserPermitted(perm)){ String msg = principalName + " does not have permission: " + perm; LoggingUtils.setErrorContext("100", "Authorization Error"); securityLogger.warn(msg); @@ -103,45 +98,26 @@ public class AuthorizationController { } } - private boolean isUserPermitted(SecureServicePermission inPermission) { - boolean authorized = false; + public boolean isUserPermitted(SecureServicePermission inPermission) { + String principalName = PrincipalUtils.getPrincipalName(); // check if the user has the permission key or the permission key with a // combination of all instance and/or all action. - if (hasRole(inPermission.getKey())) { - auditLogger.info("{} authorized because user has permission with * for instance: {}", - principalName, inPermission.getKey()); - authorized = true; + if (hasRole(inPermission.getKey()) || hasRole(inPermission.getKeyAllInstance())) { + auditLogger.info("{} authorized because user has permission with * for instance: {}", + principalName, inPermission.getKey()); + return true; // the rest of these don't seem to be required - isUserInRole method // appears to take * as a wildcard - } else if (hasRole(inPermission.getKeyAllInstance())) { - auditLogger.info("{} authorized because user has permission with * for instance: {}", - principalName, inPermission.getKey()); - authorized = true; } else if (hasRole(inPermission.getKeyAllInstanceAction())) { - auditLogger.info("{} authorized because user has permission with * for instance and * for action: {}", - principalName, inPermission.getKey()); - authorized = true; + auditLogger.info("{} authorized because user has permission with * for instance and * for action: {}", + principalName, inPermission.getKey()); + return true; } else if (hasRole(inPermission.getKeyAllAction())) { auditLogger.info("{} authorized because user has permission with * for action: {}", - principalName, inPermission.getKey()); - authorized = true; + principalName, inPermission.getKey()); + return true; } else { - throw new NotAuthorizedException(""); - } - return authorized; - } - - /** - * Verify whether the user has the permission. - * - * @param inPermission - * The permissions to verify - */ - public boolean isUserPermittedNoException(SecureServicePermission inPermission) { - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException e) { return false; } } diff --git a/src/main/java/org/onap/clamp/clds/Application.java b/src/main/java/org/onap/clamp/clds/Application.java index 025dbabd..9ca505c5 100644 --- a/src/main/java/org/onap/clamp/clds/Application.java +++ b/src/main/java/org/onap/clamp/clds/Application.java @@ -5,6 +5,8 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -54,9 +56,8 @@ import org.springframework.scheduling.annotation.EnableAsync; import org.springframework.scheduling.annotation.EnableScheduling; import org.springframework.transaction.annotation.EnableTransactionManagement; -@SpringBootApplication @ComponentScan(basePackages = { "org.onap.clamp" }) -@EnableAutoConfiguration(exclude = { DataSourceAutoConfiguration.class, SecurityAutoConfiguration.class, +@SpringBootApplication(exclude = { DataSourceAutoConfiguration.class, SecurityAutoConfiguration.class, UserDetailsServiceAutoConfiguration.class }) @EnableJpaRepositories(basePackages = { "org.onap.clamp" }) @EntityScan(basePackages = { "org.onap.clamp" }) diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java index 602ee62e..876acc83 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java @@ -5,6 +5,8 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -36,6 +38,9 @@ import org.onap.clamp.clds.util.JsonUtils; public class CldsUserJsonDecoder { + private CldsUserJsonDecoder() { + } + /** * This method decodes the JSON file provided to a CldsUser Array. The stream is * closed after this call, this is not possible to reuse it. @@ -68,7 +73,4 @@ public class CldsUserJsonDecoder { throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e); } } - - private CldsUserJsonDecoder() { - } } diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java index 529753f1..20d5d697 100644 --- a/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/sdc/BlueprintParserMappingConfiguration.java @@ -23,9 +23,6 @@ package org.onap.clamp.clds.config.sdc; - -import com.google.gson.JsonElement; -import com.google.gson.JsonParser; import com.google.gson.reflect.TypeToken; import java.io.InputStream; import java.io.InputStreamReader; diff --git a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java index b7a7f0e7..ad2751bb 100644 --- a/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/sdc/SdcControllersConfiguration.java @@ -5,6 +5,8 @@ * Copyright (C) 2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -23,9 +25,6 @@ package org.onap.clamp.clds.config.sdc; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - import com.google.gson.JsonObject; import java.io.IOException; import java.io.InputStreamReader; @@ -49,8 +48,7 @@ import org.springframework.core.io.Resource; */ public class SdcControllersConfiguration { - private static final EELFLogger logger = EELFManager.getInstance().getLogger(SdcControllersConfiguration.class); - public static final String CONTROLLER_SUBTREE_KEY = "sdc-connections"; + private static final String CONTROLLER_SUBTREE_KEY = "sdc-connections"; @Autowired protected ApplicationContext appContext; /** diff --git a/src/main/java/org/onap/clamp/clds/dao/CldsDao.java b/src/main/java/org/onap/clamp/clds/dao/CldsDao.java index 8378af8c..e0d67dbf 100644 --- a/src/main/java/org/onap/clamp/clds/dao/CldsDao.java +++ b/src/main/java/org/onap/clamp/clds/dao/CldsDao.java @@ -199,17 +199,13 @@ public class CldsDao { .addValue("v_model_blueprint_text", model.getBlueprintText()) .addValue("v_service_type_id", model.getTypeId()).addValue("v_deployment_id", model.getDeploymentId()) .addValue("v_deployment_status_url", model.getDeploymentStatusUrl()) - .addValue("v_control_name_prefix", model.getControlNamePrefix()) + .addValue(V_CONTROL_NAME_PREFIX, model.getControlNamePrefix()) .addValue(V_CONTROL_NAME_UUID, model.getControlNameUuid()); Map<String, Object> out = logSqlExecution(procSetModel, in); model.setControlNamePrefix((String) out.get(V_CONTROL_NAME_PREFIX)); model.setControlNameUuid((String) out.get(V_CONTROL_NAME_UUID)); model.setId((String) (out.get("v_model_id"))); - model.getEvent().setId((String) (out.get("v_event_id"))); - model.getEvent().setActionCd((String) out.get("v_action_cd")); - model.getEvent().setActionStateCd((String) out.get("v_action_state_cd")); - model.getEvent().setProcessInstanceId((String) out.get("v_event_process_instance_id")); - model.getEvent().setUserid((String) out.get("v_event_user_id")); + setEventProp(model.getEvent(), out); return model; } @@ -318,14 +314,9 @@ public class CldsDao { .addValue("v_user_id", userid).addValue("v_template_bpmn_text", template.getBpmnText()) .addValue("v_template_image_text", template.getImageText()) .addValue("v_template_doc_text", template.getPropText()); - Map<String, Object> out = logSqlExecution(procSetTemplate, in); - template.setId((String) (out.get("v_template_id"))); - template.setBpmnUserid((String) (out.get("v_template_bpmn_user_id"))); - template.setBpmnId((String) (out.get("v_template_bpmn_id"))); - template.setImageId((String) (out.get("v_template_image_id"))); - template.setImageUserid((String) out.get("v_template_image_user_id")); - template.setPropId((String) (out.get("v_template_doc_id"))); - template.setPropUserid((String) out.get("v_template_doc_user_id")); + + // properties to setup the template is return from the logSqlExecution method + setTemplateBaseProp(template, logSqlExecution(procSetTemplate, in)); } /** @@ -349,20 +340,35 @@ public class CldsDao { CldsTemplate template = new CldsTemplate(); template.setName(templateName); SqlParameterSource in = new MapSqlParameterSource().addValue("v_template_name", templateName); + Map<String, Object> out = logSqlExecution(procGetTemplate, in); - template.setId((String) (out.get("v_template_id"))); - template.setBpmnUserid((String) (out.get("v_template_bpmn_user_id"))); - template.setBpmnId((String) (out.get("v_template_bpmn_id"))); - template.setBpmnText((String) (out.get("v_template_bpmn_text"))); - template.setImageId((String) (out.get("v_template_image_id"))); - template.setImageUserid((String) out.get("v_template_image_user_id")); - template.setImageText((String) out.get("v_template_image_text")); - template.setPropId((String) (out.get("v_template_doc_id"))); - template.setPropUserid((String) out.get("v_template_doc_user_id")); + setTemplateBaseProp(template, out); + + // additional template setting's template.setPropText((String) out.get("v_template_doc_text")); + template.setBpmnText((String) out.get("v_template_bpmn_text")); + template.setImageText((String) out.get("v_template_image_text")); return template; } + /** + * Helper method to setup the base template properties + * + * @param template + * the template + * @param prop + * collection with the properties + */ + private void setTemplateBaseProp(CldsTemplate template, Map prop) { + template.setId((String) prop.get("v_template_id")); + template.setBpmnUserid((String) prop.get("v_template_bpmn_user_id")); + template.setBpmnId((String) prop.get("v_template_bpmn_id")); + template.setImageId((String) prop.get("v_template_image_id")); + template.setImageUserid((String) prop.get("v_template_image_user_id")); + template.setPropId((String) prop.get("v_template_doc_id")); + template.setPropUserid((String) prop.get("v_template_doc_user_id")); + } + private static Map<String, Object> logSqlExecution(SimpleJdbcCall call, SqlParameterSource source) { try { return call.execute(source); @@ -452,22 +458,35 @@ public class CldsDao { private void populateModelProperties(CldsModel model, Map out) { model.setControlNamePrefix((String) out.get(V_CONTROL_NAME_PREFIX)); model.setControlNameUuid((String) out.get(V_CONTROL_NAME_UUID)); - model.setId((String) (out.get("v_model_id"))); - model.setTemplateId((String) (out.get("v_template_id"))); + model.setId((String) out.get("v_model_id")); + model.setTemplateId((String) out.get("v_template_id")); model.setTemplateName((String) (out.get("v_template_name"))); model.setBpmnText((String) out.get("v_template_bpmn_text")); model.setPropText((String) out.get("v_model_prop_text")); model.setImageText((String) out.get("v_template_image_text")); model.setDocText((String) out.get("v_template_doc_text")); model.setBlueprintText((String) out.get("v_model_blueprint_text")); - model.getEvent().setId((String) (out.get("v_event_id"))); - model.getEvent().setActionCd((String) out.get("v_action_cd")); - model.getEvent().setActionStateCd((String) out.get("v_action_state_cd")); - model.getEvent().setProcessInstanceId((String) out.get("v_event_process_instance_id")); - model.getEvent().setUserid((String) out.get("v_event_user_id")); model.setTypeId((String) out.get("v_service_type_id")); model.setDeploymentId((String) out.get("v_deployment_id")); model.setDeploymentStatusUrl((String) out.get("v_deployment_status_url")); + + setEventProp(model.getEvent(), out); + } + + /** + * Helper method to setup the event prop to the CldsEvent class + * + * @param event + * the clds event + * @param prop + * collection with the configuration + */ + private void setEventProp(CldsEvent event, Map prop) { + event.setId((String) prop.get("v_event_id")); + event.setActionCd((String) prop.get("v_action_cd")); + event.setActionStateCd((String) prop.get("v_action_state_cd")); + event.setProcessInstanceId((String) prop.get("v_event_process_instance_id")); + event.setUserid((String) prop.get("v_event_user_id")); } /** @@ -555,7 +574,7 @@ public class CldsDao { .addValue("v_tosca_model_yaml", cldsToscaModel.getToscaModelYaml()) .addValue("v_tosca_model_json", cldsToscaModel.getToscaModelJson()).addValue("v_user_id", userId); Map<String, Object> out = logSqlExecution(procInsertNewToscaModelVersion, in); - cldsToscaModel.setRevisionId((String) (out.get("v_revision_id"))); + cldsToscaModel.setRevisionId((String) out.get("v_revision_id")); return cldsToscaModel; } @@ -593,7 +612,7 @@ public class CldsDao { .addValue("v_dictionary_name", cldsDictionary.getDictionaryName()) .addValue("v_user_id", cldsDictionary.getCreatedBy()); Map<String, Object> out = logSqlExecution(procInsertDictionary, in); - cldsDictionary.setDictionaryId((String) (out.get("v_dictionary_id"))); + cldsDictionary.setDictionaryId((String) out.get("v_dictionary_id")); } /** @@ -677,7 +696,7 @@ public class CldsDao { .addValue("v_dict_element_description", cldsDictionaryItem.getDictElementDesc()) .addValue("v_dict_element_type", cldsDictionaryItem.getDictElementType()).addValue("v_user_id", userId); Map<String, Object> out = logSqlExecution(procInsertDictionaryElement, in); - cldsDictionaryItem.setDictElementId((String) (out.get("v_dict_element_id"))); + cldsDictionaryItem.setDictElementId((String) out.get("v_dict_element_id")); } /** diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java index b9cce087..71dd5c4f 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsService.java @@ -32,18 +32,15 @@ import com.google.gson.JsonObject; import com.google.gson.reflect.TypeToken; import java.io.IOException; import java.lang.reflect.Type; -import java.security.GeneralSecurityException; import java.util.Date; import java.util.List; import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.BadRequestException; -import javax.ws.rs.NotAuthorizedException; import javax.xml.transform.TransformerException; import org.apache.camel.Produce; -import org.apache.commons.codec.DecoderException; import org.json.simple.parser.ParseException; import org.onap.clamp.clds.camel.CamelProxy; import org.onap.clamp.clds.client.DcaeDispatcherServices; diff --git a/src/main/java/org/onap/clamp/clds/util/drawing/AwtUtils.java b/src/main/java/org/onap/clamp/clds/util/drawing/AwtUtils.java index e9e589e0..1ece484b 100755 --- a/src/main/java/org/onap/clamp/clds/util/drawing/AwtUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/drawing/AwtUtils.java @@ -5,6 +5,8 @@ * Copyright (C) 2019 Nokia. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -39,6 +41,9 @@ public class AwtUtils { private static final String FONT_FACE = "SansSerif"; private static final Color TRANSPARENT = new Color(0.0f, 0.0f, 0.0f, 0.0f); + private AwtUtils() { + } + static void rectWithText(Graphics2D g2d, String text, Point point, int width, int height) { Rectangle rect = new Rectangle(point.x, point.y, width, height); g2d.draw(rect); diff --git a/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java b/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java index a15c556e..58d94685 100644 --- a/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java +++ b/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java @@ -87,9 +87,9 @@ public class AuthorizationControllerItCase { PrincipalUtils.setSecurityContext(securityContext); AuthorizationController auth = new AuthorizationController(); - assertTrue(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-cl","dev","read"))); - assertTrue(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-cl-manage","dev","DEPLOY"))); - assertTrue(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-filter-vf","dev","12345-55555-55555-5555"))); - assertFalse(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-cl","test","read"))); + assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","dev","read"))); + assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl-manage","dev","DEPLOY"))); + assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-filter-vf","dev","12345-55555-55555-5555"))); + assertFalse(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","test","read"))); } } |