From b79c3686bd393e22b08b49e4398591019e8afb92 Mon Sep 17 00:00:00 2001 From: xg353y Date: Mon, 13 Aug 2018 15:22:57 +0200 Subject: Upgrade spring/camel versions Update the permission mapping method by adding more permissions Issue-ID: CLAMP-188 Change-Id: I3c1ca14060e60fd48721a5b4198100b700b3fc3d Signed-off-by: xg353y --- .../java/org/onap/clamp/clds/ClampServlet.java | 49 +++++++++++++--------- 1 file changed, 29 insertions(+), 20 deletions(-) (limited to 'src') diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 538edfe1..549b12f9 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -47,53 +47,62 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; import org.springframework.web.context.support.WebApplicationContextUtils; - public class ClampServlet extends CamelHttpTransportServlet { - /** - * - */ - private static final long serialVersionUID = -7052719614021825641L; - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampServlet.class); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampServlet.class); public static final String PERM_INSTANCE = "clamp.config.security.permission.instance"; - public static final String PERM_CL= "clamp.config.security.permission.type.cl"; + public static final String PERM_CL = "clamp.config.security.permission.type.cl"; public static final String PERM_TEMPLATE = "clamp.config.security.permission.type.template"; + public static final String PERM_VF = "clamp.config.security.permission.type.filter.vf"; + public static final String PERM_MANAGE = "clamp.config.security.permission.type.cl.manage"; @Override - protected void doService(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { + protected void doService(HttpServletRequest request, HttpServletResponse response) + throws ServletException, IOException { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); List permissionList = new ArrayList<>(); - // Get Principal info and translate it into Spring Authentication - // If authenticataion is null: a) the authentication info was set manually in the previous thread - // b) handled by Spring automatically - // for the 2 cases above, no need for the translation, just skip the following step + // Get Principal info and translate it into Spring Authentication If + // authenticataion is null: a) the authentication info was set manually + // in the previous thread b) handled by Spring automatically for the 2 + // cases above, no need for the translation, just skip the following + // step if (null == authentication) { - logger.debug ("Populate Spring Authenticataion info manually."); - ApplicationContext applicationContext = WebApplicationContextUtils.getWebApplicationContext(this.getServletContext()); - // Start a timer to clear the authentication after 5 mins, so that the authentication will be reinitialized with AAF DB + logger.debug("Populate Spring Authenticataion info manually."); + ApplicationContext applicationContext = WebApplicationContextUtils + .getWebApplicationContext(this.getServletContext()); + // Start a timer to clear the authentication after 5 mins, so that + // the authentication will be reinitialized with AAF DB new ClampTimer(300); String cldsPersmissionTypeCl = applicationContext.getEnvironment().getProperty(PERM_CL); String cldsPermissionTypeTemplate = applicationContext.getEnvironment().getProperty(PERM_TEMPLATE); String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE); + String cldsPermissionTypeFilterVf = applicationContext.getEnvironment().getProperty(PERM_VF); + String cldsPermissionTypeClManage = applicationContext.getEnvironment().getProperty(PERM_MANAGE); - // set the stragety to Mode_Global, so that all thread is able to see the authentication + // set the stragety to Mode_Global, so that all thread is able to + // see the authentication SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL); Principal p = request.getUserPrincipal(); permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read")); permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update")); - permissionList.add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "read")); - permissionList.add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "update")); + permissionList + .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "read")); + permissionList + .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "update")); + permissionList.add(SecureServicePermission.create(cldsPermissionTypeFilterVf, cldsPermissionInstance, "*")); + permissionList.add(SecureServicePermission.create(cldsPermissionTypeClManage, cldsPermissionInstance, "*")); List grantedAuths = new ArrayList<>(); - for (SecureServicePermission perm:permissionList) { + for (SecureServicePermission perm : permissionList) { String permString = perm.toString(); if (request.isUserInRole(permString)) { grantedAuths.add(new SimpleGrantedAuthority(permString)); } } - Authentication auth = new UsernamePasswordAuthenticationToken(new User(p.getName(), "", grantedAuths), "", grantedAuths); + Authentication auth = new UsernamePasswordAuthenticationToken(new User(p.getName(), "", grantedAuths), "", + grantedAuths); SecurityContextHolder.getContext().setAuthentication(auth); } super.doService(request, response); -- cgit 1.2.3-korg