diff options
Diffstat (limited to 'src/main')
20 files changed, 138 insertions, 766 deletions
diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java index b49be86b..e4a03fd3 100644 --- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java +++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java @@ -27,19 +27,18 @@ package org.onap.clamp.authorization; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; - import java.util.Date; - import org.apache.camel.Exchange; import org.onap.clamp.clds.config.ClampProperties; import org.onap.clamp.clds.exception.NotAuthorizedException; -import org.onap.clamp.clds.service.SecureServiceBase; -import org.onap.clamp.clds.service.SecureServicePermission; +import org.onap.clamp.clds.model.ClampInformation; import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.util.PrincipalUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; /** @@ -48,7 +47,7 @@ import org.springframework.stereotype.Component; @Component public class AuthorizationController { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SecureServiceBase.class); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(AuthorizationController.class); protected static final EELFLogger auditLogger = EELFManager.getInstance().getMetricsLogger(); protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); @@ -56,9 +55,36 @@ public class AuthorizationController { @Autowired private ClampProperties refProp; + private SecurityContext securityContext = SecurityContextHolder.getContext(); + public static final String PERM_PREFIX = "security.permission.type."; private static final String PERM_INSTANCE = "security.permission.instance"; + private static String retrieveUserName(SecurityContext securityContext) { + if (securityContext == null || securityContext.getAuthentication() == null) { + return null; + } + if ((securityContext.getAuthentication().getPrincipal()) instanceof String) { + // anonymous case + return ((String)securityContext.getAuthentication().getPrincipal()); + } else { + return ((UserDetails) securityContext.getAuthentication().getPrincipal()).getUsername(); + } + } + /** + * Get the principal name. + * + * @return The principal name + */ + public static String getPrincipalName(SecurityContext securityContext) { + String principal = AuthorizationController.retrieveUserName(securityContext); + String name = "Not found"; + if (principal != null) { + name = principal; + } + return name; + } + /** * Insert authorize the api based on the permission. * @@ -78,7 +104,7 @@ public class AuthorizationController { if (null != instanceVar && !instanceVar.isEmpty()) { instance = instanceVar; } - String principalName = PrincipalUtils.getPrincipalName(); + String principalName = AuthorizationController.getPrincipalName(this.securityContext); SecureServicePermission perm = SecureServicePermission.create(type, instance, action); Date startTime = new Date(); LoggingUtils.setTargetContext("Clamp", "authorize"); @@ -101,7 +127,7 @@ public class AuthorizationController { */ public boolean isUserPermitted(SecureServicePermission inPermission) { - String principalName = PrincipalUtils.getPrincipalName(); + String principalName = AuthorizationController.getPrincipalName(this.securityContext); // check if the user has the permission key or the permission key with a // combination of all instance and/or all action. if (hasRole(inPermission.getKey()) || hasRole(inPermission.getKeyAllInstance())) { @@ -124,7 +150,7 @@ public class AuthorizationController { } protected boolean hasRole(String role) { - Authentication authentication = PrincipalUtils.getSecurityContext().getAuthentication(); + Authentication authentication = securityContext.getAuthentication(); if (authentication == null) { return false; } @@ -136,4 +162,23 @@ public class AuthorizationController { return false; } + /** + * Gets clds info. CLDS IFO service will return 3 things 1. User Name 2. CLDS + * code version that is currently installed from pom.xml file 3. User + * permissions + * + * @return the clds info + */ + public ClampInformation getClampInformation() { + ClampInformation clampInfo = new ClampInformation(); + Authentication authentication = securityContext.getAuthentication(); + if (authentication == null) { + return new ClampInformation(); + } + clampInfo.setUserName(AuthorizationController.getPrincipalName(this.securityContext)); + for (GrantedAuthority auth : authentication.getAuthorities()) { + clampInfo.getAllPermissions().add(auth.getAuthority()); + } + return clampInfo; + } } diff --git a/src/main/java/org/onap/clamp/clds/service/CldsUser.java b/src/main/java/org/onap/clamp/authorization/CldsUser.java index 82b7727b..b50f50cb 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsUser.java +++ b/src/main/java/org/onap/clamp/authorization/CldsUser.java @@ -21,7 +21,7 @@ * */ -package org.onap.clamp.clds.service; +package org.onap.clamp.authorization; import java.util.Arrays; diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java b/src/main/java/org/onap/clamp/authorization/SecureServicePermission.java index a93732c3..374aab90 100644 --- a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java +++ b/src/main/java/org/onap/clamp/authorization/SecureServicePermission.java @@ -21,7 +21,7 @@ * */ -package org.onap.clamp.clds.service; +package org.onap.clamp.authorization; /** * Permission class that can be instantiated easily using constructor or factory diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java b/src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java index 9cbf711c..026ee802 100644 --- a/src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java +++ b/src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java @@ -21,7 +21,8 @@ * */ -package org.onap.clamp.clds.service; +package org.onap.clamp.authorization; + import com.google.gson.Gson; import com.google.gson.JsonDeserializationContext; diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/authorization/UserService.java index cf8f6630..b4f51c95 100644 --- a/src/main/java/org/onap/clamp/clds/service/UserService.java +++ b/src/main/java/org/onap/clamp/authorization/UserService.java @@ -20,8 +20,7 @@ * =================================================================== */ -package org.onap.clamp.clds.service; - +package org.onap.clamp.authorization; import org.springframework.security.core.context.SecurityContext; @@ -35,7 +34,7 @@ import org.springframework.stereotype.Controller; @Controller public class UserService { - private SecurityContext securityContext = SecurityContextHolder.getContext(); + private SecurityContext securityContext = SecurityContextHolder.getContext(); /** * REST service that returns the username. @@ -43,6 +42,6 @@ public class UserService { * @return the user name */ public String getUser() { - return new DefaultUserNameHandler().retrieveUserName(securityContext); + return AuthorizationController.getPrincipalName(securityContext); } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 54aa95e5..5908201f 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -38,7 +38,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.camel.component.servlet.CamelHttpTransportServlet; -import org.onap.clamp.clds.service.SecureServicePermission; +import org.onap.clamp.authorization.SecureServicePermission; import org.springframework.context.ApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java index 876acc83..626227e2 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java @@ -33,7 +33,7 @@ import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; +import org.onap.clamp.authorization.CldsUser; import org.onap.clamp.clds.util.JsonUtils; public class CldsUserJsonDecoder { diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java index 6a539c7e..a4515860 100644 --- a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java @@ -32,7 +32,7 @@ import java.io.IOException; import org.onap.clamp.clds.exception.CldsConfigException; import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; +import org.onap.clamp.authorization.CldsUser; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; diff --git a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java b/src/main/java/org/onap/clamp/clds/model/ClampInformation.java index 543dd4a9..d73e9420 100644 --- a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java +++ b/src/main/java/org/onap/clamp/clds/model/ClampInformation.java @@ -1,43 +1,62 @@ -/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.clamp.clds.service;
-
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.userdetails.UserDetails;
-
-
-
-public class DefaultUserNameHandler implements UserNameHandler {
-
- /*
- * (non-Javadoc)
- *
- * @see
- * org.onap.clamp.clds.service.PrincipalNameHandler#handleName(SecurityContext)
- */
- @Override
- public String retrieveUserName(SecurityContext securityContext) {
- return ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername();
- }
-}
+/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.clds.model; + +import com.google.gson.annotations.Expose; +import java.util.ArrayList; +import java.util.List; +import org.onap.clamp.clds.util.ClampVersioning; + +public class ClampInformation { + @Expose + private String userName; + @Expose + private String cldsVersion = ClampVersioning.getCldsVersionFromProps(); + @Expose + List<String> allPermissions = new ArrayList<>(); + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getCldsVersion() { + return cldsVersion; + } + + public void setCldsVersion(String cldsVersion) { + this.cldsVersion = cldsVersion; + } + + public List<String> getAllPermissions() { + return allPermissions; + } + + public void setAllPermissions(List<String> allPermissions) { + this.allPermissions = allPermissions; + } +} diff --git a/src/main/java/org/onap/clamp/clds/model/CldsInfo.java b/src/main/java/org/onap/clamp/clds/model/CldsInfo.java deleted file mode 100644 index f3cf6ed1..00000000 --- a/src/main/java/org/onap/clamp/clds/model/CldsInfo.java +++ /dev/null @@ -1,110 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.model; - -import com.google.gson.annotations.Expose; - -public class CldsInfo { - @Expose - private String userName; - @Expose - private String cldsVersion; - @Expose - private boolean permissionReadCl; - @Expose - private boolean permissionUpdateCl; - @Expose - private boolean permissionReadTemplate; - @Expose - private boolean permissionUpdateTemplate; - @Expose - private boolean permissionReadTosca; - @Expose - private boolean permissionUpdateTosca; - - public String getUserName() { - return userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - public String getCldsVersion() { - return cldsVersion; - } - - public void setCldsVersion(String cldsVersion) { - this.cldsVersion = cldsVersion; - } - - public boolean isPermissionReadCl() { - return permissionReadCl; - } - - public void setPermissionReadCl(boolean permissionReadCl) { - this.permissionReadCl = permissionReadCl; - } - - public boolean isPermissionUpdateCl() { - return permissionUpdateCl; - } - - public void setPermissionUpdateCl(boolean permissionUpdateCl) { - this.permissionUpdateCl = permissionUpdateCl; - } - - public boolean isPermissionReadTemplate() { - return permissionReadTemplate; - } - - public void setPermissionReadTemplate(boolean permissionReadTemplate) { - this.permissionReadTemplate = permissionReadTemplate; - } - - public boolean isPermissionUpdateTemplate() { - return permissionUpdateTemplate; - } - - public void setPermissionUpdateTemplate(boolean permissionUpdateTemplate) { - this.permissionUpdateTemplate = permissionUpdateTemplate; - } - - public boolean isPermissionReadTosca() { - return permissionReadTosca; - } - - public void setPermissionReadTosca(boolean permissionReadTosca) { - this.permissionReadTosca = permissionReadTosca; - } - - public boolean isPermissionUpdateTosca() { - return permissionUpdateTosca; - } - - public void setPermissionUpdateTosca(boolean permissionUpdateTosca) { - this.permissionUpdateTosca = permissionUpdateTosca; - } - -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java b/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java deleted file mode 100644 index 7027cf1b..00000000 --- a/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java +++ /dev/null @@ -1,52 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import org.onap.clamp.clds.model.CldsInfo; -import org.onap.clamp.clds.util.ClampVersioning; - -class CldsInfoProvider { - - - private final CldsService cldsService; - - public CldsInfoProvider(CldsService cldsService) { - this.cldsService = cldsService; - } - - public CldsInfo getCldsInfo() { - CldsInfo cldsInfo = new CldsInfo(); - cldsInfo.setUserName(cldsService.getUserName()); - cldsInfo.setCldsVersion(ClampVersioning.getCldsVersionFromProps()); - - cldsInfo.setPermissionReadCl(cldsService.isAuthorizedNoException(cldsService.permissionReadCl)); - cldsInfo.setPermissionUpdateCl(cldsService.isAuthorizedNoException(cldsService.permissionUpdateCl)); - cldsInfo.setPermissionReadTemplate(cldsService.isAuthorizedNoException(cldsService.permissionReadTemplate)); - cldsInfo.setPermissionUpdateTemplate(cldsService.isAuthorizedNoException(cldsService.permissionUpdateTemplate)); - cldsInfo.setPermissionReadTosca(cldsService.isAuthorizedNoException(cldsService.permissionReadTosca)); - cldsInfo.setPermissionUpdateTosca(cldsService.isAuthorizedNoException(cldsService.permissionUpdateTosca)); - return cldsInfo; - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java deleted file mode 100644 index 3b84e360..00000000 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ /dev/null @@ -1,180 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Modifications Copyright (c) 2019 Samsung - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.util.Date; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.clamp.clds.model.CldsInfo; -import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.clds.util.OnapLogConstants; -import org.slf4j.event.Level; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.stereotype.Component; - -/** - * Service to save and retrieve the CLDS model attributes. - */ -@Component -public class CldsService extends SecureServiceBase { - - /** - * The constant securityLogger. - */ - protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); - /** - * The constant logger. - */ - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsService.class); - - private final String cldsPermissionTypeFilterVf; - private final String cldsPermissionInstance; - /** - * The Permission read cl. - */ - final SecureServicePermission permissionReadCl; - /** - * The Permission update cl. - */ - final SecureServicePermission permissionUpdateCl; - /** - * The Permission read template. - */ - final SecureServicePermission permissionReadTemplate; - /** - * The Permission update template. - */ - final SecureServicePermission permissionUpdateTemplate; - /** - * The Permission read tosca. - */ - final SecureServicePermission permissionReadTosca; - /** - * The Permission update tosca. - */ - final SecureServicePermission permissionUpdateTosca; - - private LoggingUtils util = new LoggingUtils(logger); - - @Autowired - private HttpServletRequest request; - - /** - * Instantiates a new Clds service. - * - * @param cldsPersmissionTypeCl the clds persmission type cl - * @param cldsPermissionTypeClManage the clds permission type cl manage - * @param cldsPermissionTypeClEvent the clds permission type cl event - * @param cldsPermissionTypeFilterVf the clds permission type filter vf - * @param cldsPermissionTypeTemplate the clds permission type template - * @param cldsPermissionTypeTosca the clds permission type tosca - * @param cldsPermissionInstance the clds permission instance - */ - @Autowired - public CldsService( - @Value("${clamp.config.security.permission.type.cl:permission-type-cl}") String cldsPersmissionTypeCl, - @Value("${clamp.config.security.permission.type.cl.manage:permission-type-cl-manage}") - String cldsPermissionTypeClManage, - @Value("${clamp.config.security.permission.type.cl.event:permission-type-cl-event}") - String cldsPermissionTypeClEvent, - @Value("${clamp.config.security.permission.type.filter.vf:permission-type-filter-vf}") - String cldsPermissionTypeFilterVf, - @Value("${clamp.config.security.permission.type.template:permission-type-template}") - String cldsPermissionTypeTemplate, - @Value("${clamp.config.security.permission.type.tosca:permission-type-tosca}") - String cldsPermissionTypeTosca, - @Value("${clamp.config.security.permission.instance:dev}") String cldsPermissionInstance) { - this.cldsPermissionTypeFilterVf = cldsPermissionTypeFilterVf; - this.cldsPermissionInstance = cldsPermissionInstance; - permissionReadCl = SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read"); - permissionUpdateCl = SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update"); - permissionReadTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "read"); - permissionUpdateTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "update"); - permissionReadTosca = SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "read"); - permissionUpdateTosca = SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, - "update"); - } - - /** - * Gets clds info. CLDS IFO service will return 3 things 1. User Name 2. CLDS - * code version that is currently installed from pom.xml file 3. User - * permissions - * - * @return the clds info - */ - public CldsInfo getCldsInfo() { - util.entering(request, "CldsService: GET cldsInfo"); - final Date startTime = new Date(); - LoggingUtils.setTimeContext(startTime, new Date()); - - CldsInfoProvider cldsInfoProvider = new CldsInfoProvider(this); - final CldsInfo cldsInfo = cldsInfoProvider.getCldsInfo(); - - // audit log - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.info("GET cldsInfo completed"); - util.exiting("200", "Get cldsInfo success", Level.INFO, OnapLogConstants.ResponseStatus.COMPLETED); - return cldsInfo; - } - - /** - * Determine if the user is authorized for a particular VF by its invariant - * UUID. - * - * @param vfInvariantUuid the vf invariant uuid - * @return boolean or throws NotAuthorizedException - */ - public boolean isAuthorizedForVf(String vfInvariantUuid) { - if (cldsPermissionTypeFilterVf != null && !cldsPermissionTypeFilterVf.isEmpty()) { - SecureServicePermission permission = SecureServicePermission.create(cldsPermissionTypeFilterVf, - cldsPermissionInstance, vfInvariantUuid); - return isAuthorized(permission); - } else { - // if CLDS_PERMISSION_TYPE_FILTER_VF property is not provided, then - // VF filtering is turned off - logger.warn("VF filtering turned off"); - return true; - } - } - - /** - * Sets logging util. - * - * @param utilP the util p - */ - // Created for the integration test - public void setLoggingUtil(LoggingUtils utilP) { - util = utilP; - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java b/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java deleted file mode 100644 index debd687c..00000000 --- a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java +++ /dev/null @@ -1,226 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.util.Date; -import javax.ws.rs.NotAuthorizedException; - -import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.clds.util.OnapLogConstants; -import org.slf4j.event.Level; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; - -/** - * Base/abstract Service class. Implements shared security methods. - */ -public abstract class SecureServiceBase { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SecureServiceBase.class); - protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); - protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); - - // By default we'll set it to a default handler - private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); - - - private SecurityContext securityContext = SecurityContextHolder.getContext(); - - /** - * Get the userId from AAF/CSP. - * - * @return user ID - */ - public String getUserId() { - return getUserName(); - } - - /** - * Get the Full name. - * - * @return user name - */ - public String getUserName() { - String name = userNameHandler.retrieveUserName(securityContext); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "getUserName"); - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.debug("User logged into the CLDS system={}", name); - return name; - } - - /** - * Get the principal name. - * - * @return the principal name - */ - public String getPrincipalName() { - String principal = ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - String name = "Not found"; - if (principal != null) { - name = principal; - } - logger.debug("userPrincipal.getName()={}", name); - return name; - } - - /** - * Check if user is authorized for the given the permission. Allow matches - * if user has a permission with an "*" in permission instance or permission - * action even if the permission to check has a specific value in those - * fields. For example: if the user has this permission: app-perm-type|*|* - * it will be authorized if the inPermission to check is: - * app-perm-type|dev|read - * - * @param inPermission - * The permission to validate - * @return A boolean to indicate if the user has the permission to do - * execute the inPermission - * @throws NotAuthorizedException - * In case of issues with the permission test, error is returned - * in this exception - */ - public boolean isAuthorized(SecureServicePermission inPermission) throws NotAuthorizedException { - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorized"); - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - throw new NotAuthorizedException(msg); - } - } - - /** - * Check if user is authorized for the given aaf permission. Allow matches - * if user has a permission with an "*" in permission instance or permission - * action even if the permission to check has a specific value in those - * fields. For example: if the user has this permission: app-perm-type|*|* - * it will be authorized if the inPermission to check is: - * app-perm-type|dev|read - * - * @param inPermission - * The permission to validate - * @return A boolean to indicate if the user has the permission to do - * execute the inPermission - */ - public boolean isAuthorizedNoException(SecureServicePermission inPermission) { - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorizedNoException"); - LoggingUtils.setTimeContext(startTime, new Date()); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - } - return false; - } - - /** - * This method can be used by the Application.class to set the - * UserNameHandler that must be used in this class. The UserNameHandler - * where to get the User name - * - * @param handler - * The Handler impl to use - */ - public static final void setUserNameHandler(UserNameHandler handler) { - if (handler != null) { - userNameHandler = handler; - } - } - - public void setSecurityContext(SecurityContext securityContext) { - this.securityContext = securityContext; - } - - private boolean isUserPermitted(SecureServicePermission inPermission) { - boolean authorized = false; - // check if the user has the permission key or the permission key with a - // combination of all instance and/or all action. - if (hasRole(inPermission.getKey())) { - securityLogger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); - authorized = true; - // the rest of these don't seem to be required - isUserInRole method - // appears to take * as a wildcard - } else if (hasRole(inPermission.getKeyAllInstance())) { - securityLogger.info("{} authorized because user has permission with * for instance: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else if (hasRole(inPermission.getKeyAllInstanceAction())) { - securityLogger.info("{} authorized because user has permission with * for instance and * for action: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else if (hasRole(inPermission.getKeyAllAction())) { - securityLogger.info("{} authorized because user has permission with * for action: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else { - throw new NotAuthorizedException(""); - } - return authorized; - } - - protected boolean hasRole(String role) { - Authentication authentication = securityContext.getAuthentication(); - if (authentication == null) { - return false; - } - - for (GrantedAuthority auth : authentication.getAuthorities()) { - if (role.equals(auth.getAuthority())) { - return true; - } - } - - return false; - } - - protected void auditLogInfo(LoggingUtils util, String actionDescription, Date startTime) { - LoggingUtils.setTimeContext(startTime, new Date()); - auditLogger.info(actionDescription + " completed"); - util.exiting("200", actionDescription + " success", Level.INFO, - OnapLogConstants.ResponseStatus.COMPLETED); - } - - protected void auditLogInfo(String actionDescription, Date startTime) { - - LoggingUtils.setTimeContext(startTime, new Date()); - LoggingUtils.setResponseContext("0", actionDescription + " success", - this.getClass().getName()); - auditLogger.info(actionDescription + " completed"); - } -}
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java deleted file mode 100644 index d48700f6..00000000 --- a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java +++ /dev/null @@ -1,31 +0,0 @@ -/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.clamp.clds.service;
-
-import org.springframework.security.core.context.SecurityContext;
-
-public interface UserNameHandler {
-
- public String retrieveUserName(SecurityContext securityContext);
-}
diff --git a/src/main/java/org/onap/clamp/clds/util/JsonUtils.java b/src/main/java/org/onap/clamp/clds/util/JsonUtils.java index 704d3ac3..8024331f 100644 --- a/src/main/java/org/onap/clamp/clds/util/JsonUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/JsonUtils.java @@ -30,8 +30,8 @@ import com.google.gson.GsonBuilder; import java.time.Instant; -import org.onap.clamp.clds.service.SecureServicePermission; -import org.onap.clamp.clds.service.SecureServicePermissionDeserializer; +import org.onap.clamp.authorization.SecureServicePermission; +import org.onap.clamp.authorization.SecureServicePermissionDeserializer; import org.onap.clamp.dao.model.gson.converter.InstantDeserializer; import org.onap.clamp.dao.model.gson.converter.InstantSerializer; diff --git a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java index 1a6cca6b..a471b411 100644 --- a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java @@ -25,7 +25,6 @@ package org.onap.clamp.clds.util; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; - import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.URLConnection; @@ -39,12 +38,10 @@ import java.time.temporal.ChronoUnit; import java.util.Date; import java.util.TimeZone; import java.util.UUID; - import javax.net.ssl.HttpsURLConnection; import javax.servlet.http.HttpServletRequest; import javax.validation.constraints.NotNull; - -import org.onap.clamp.clds.service.DefaultUserNameHandler; +import org.onap.clamp.authorization.AuthorizationController; import org.slf4j.MDC; import org.slf4j.event.Level; import org.springframework.security.core.context.SecurityContextHolder; @@ -188,8 +185,8 @@ public class LoggingUtils { // Default the partner name to the user name used to login to clamp if (partnerName.equalsIgnoreCase(EMPTY_MESSAGE)) { - MDC.put(OnapLogConstants.Mdcs.PARTNER_NAME, new DefaultUserNameHandler() - .retrieveUserName(SecurityContextHolder.getContext())); + MDC.put(OnapLogConstants.Mdcs.PARTNER_NAME, + AuthorizationController.getPrincipalName(SecurityContextHolder.getContext())); } // Set standard MDCs. Override this entire method if you want to set diff --git a/src/main/java/org/onap/clamp/tosca/DictionaryService.java b/src/main/java/org/onap/clamp/tosca/DictionaryService.java index 21ca1f7f..5b24def9 100644 --- a/src/main/java/org/onap/clamp/tosca/DictionaryService.java +++ b/src/main/java/org/onap/clamp/tosca/DictionaryService.java @@ -27,12 +27,11 @@ import com.google.common.collect.Sets; import java.util.List; import java.util.Set; import javax.persistence.EntityNotFoundException; -import org.onap.clamp.clds.service.SecureServiceBase; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @Service -public class DictionaryService extends SecureServiceBase { +public class DictionaryService { private final DictionaryRepository dictionaryRepository; private final DictionaryElementsRepository dictionaryElementsRepository; diff --git a/src/main/java/org/onap/clamp/util/PrincipalUtils.java b/src/main/java/org/onap/clamp/util/PrincipalUtils.java deleted file mode 100644 index d6dfacbd..00000000 --- a/src/main/java/org/onap/clamp/util/PrincipalUtils.java +++ /dev/null @@ -1,89 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.util; - -import java.util.Date; - -import org.onap.clamp.clds.service.DefaultUserNameHandler; -import org.onap.clamp.clds.service.UserNameHandler; -import org.onap.clamp.clds.util.LoggingUtils; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; - -public class PrincipalUtils { - private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); - private static SecurityContext securityContext = SecurityContextHolder.getContext(); - - /** - * Private constructor to avoid creating instances of util class. - */ - private PrincipalUtils(){ - } - - /** - * Get the Full name. - * - * @return The user name - */ - public static String getUserName() { - String name = userNameHandler.retrieveUserName(securityContext); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "getUserName"); - LoggingUtils.setTimeContext(startTime, new Date()); - return name; - } - - /** - * Get the userId from AAF/CSP. - * - * @return The user ID - */ - public static String getUserId() { - return getUserName(); - } - - /** - * Get the principal name. - * - * @return The principal name - */ - public static String getPrincipalName() { - String principal = ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - String name = "Not found"; - if (principal != null) { - name = principal; - } - return name; - } - - public static void setSecurityContext(SecurityContext securityContext) { - PrincipalUtils.securityContext = securityContext; - } - - public static SecurityContext getSecurityContext() { - return securityContext; - } -} diff --git a/src/main/resources/clds/camel/rest/clamp-api-v2.xml b/src/main/resources/clds/camel/rest/clamp-api-v2.xml index d62a0c28..1f927267 100644 --- a/src/main/resources/clds/camel/rest/clamp-api-v2.xml +++ b/src/main/resources/clds/camel/rest/clamp-api-v2.xml @@ -1050,5 +1050,10 @@ </doTry> </route> </get> + <get uri="/v2/clampInformation" outType="org.onap.clamp.clds.model.ClampInformation" + produces="application/json"> + <to + uri="bean:org.onap.clamp.authorization.AuthorizationController?method=getClampInformation()" /> + </get> </rest> </rests> diff --git a/src/main/resources/clds/camel/rest/clds-services.xml b/src/main/resources/clds/camel/rest/clds-services.xml index dd3a4bfd..ce52f31d 100644 --- a/src/main/resources/clds/camel/rest/clds-services.xml +++ b/src/main/resources/clds/camel/rest/clds-services.xml @@ -1,10 +1,5 @@ <rests xmlns="http://camel.apache.org/schema/spring"> <rest> - <get uri="/v1/clds/cldsInfo" outType="org.onap.clamp.clds.model.CldsInfo" - produces="application/json"> - <to - uri="bean:org.onap.clamp.clds.service.CldsService?method=getCldsInfo()" /> - </get> <get uri="/v1/healthcheck" produces="application/json" outType="org.onap.clamp.clds.model.CldsHealthCheck"> <route> @@ -23,7 +18,7 @@ </get> <get uri="/v1/user/getUser" produces="text/plain"> - <to uri="bean:org.onap.clamp.clds.service.UserService?method=getUser()" /> + <to uri="bean:org.onap.clamp.authorization.UserService?method=getUser()" /> </get> </rest> </rests> |