From 5f7b874a73aaca110ad093cb6ca530407f54df1c Mon Sep 17 00:00:00 2001 From: Kanagaraj Manickam k00365106 Date: Thu, 17 Aug 2017 10:13:29 +0530 Subject: Add basic auth mode for service CLI-29 Change-Id: I8c46a23d5875275dadcdddfd8cc2fbb864ab03f4 Signed-off-by: Kanagaraj Manickam k00365106 --- .../src/main/java/org/onap/cli/fw/OnapCommand.java | 11 ++-- .../java/org/onap/cli/fw/ad/OnapAuthClient.java | 58 ++++++++------------ .../main/java/org/onap/cli/fw/ad/OnapService.java | 3 +- .../org/onap/cli/fw/cmd/OnapSwaggerCommand.java | 8 +-- .../main/java/org/onap/cli/fw/conf/Constants.java | 7 +-- .../org/onap/cli/fw/conf/OnapCommandConfg.java | 25 ++++++++- .../org/onap/cli/fw/http/OnapHttpConnection.java | 62 +++++++++++----------- framework/src/main/resources/onap.properties | 14 ++++- 8 files changed, 102 insertions(+), 86 deletions(-) (limited to 'framework/src/main') diff --git a/framework/src/main/java/org/onap/cli/fw/OnapCommand.java b/framework/src/main/java/org/onap/cli/fw/OnapCommand.java index 7e15fbab..1cc78f23 100644 --- a/framework/src/main/java/org/onap/cli/fw/OnapCommand.java +++ b/framework/src/main/java/org/onap/cli/fw/OnapCommand.java @@ -257,10 +257,13 @@ public abstract class OnapCommand { try { OnapCredentials creds = OnapCommandUtils.fromParameters(this.getParameters()); boolean isAuthRequired = !this.onapService.isNoAuth() - && "true".equals(paramMap.get(Constants.DEFAULT_PARAMETER_OUTPUT_NO_AUTH).getValue()); + && "false".equals(paramMap.get(Constants.DEFAULT_PARAMETER_OUTPUT_NO_AUTH).getValue()); if (!isCommandInternal()) { - this.authClient = new OnapAuthClient(creds, this.getResult().isDebug()); + this.authClient = new OnapAuthClient( + creds, + this.getResult().isDebug(), + this.getService().getAuthType()); } if (isAuthRequired) { @@ -299,10 +302,6 @@ public abstract class OnapCommand { return this.authClient.getServiceBasePath(this.getService()); } - protected String getAuthToken() { - return this.authClient.getAuthToken(); - } - /** * Returns the service service version it supports. * diff --git a/framework/src/main/java/org/onap/cli/fw/ad/OnapAuthClient.java b/framework/src/main/java/org/onap/cli/fw/ad/OnapAuthClient.java index e87ef0ae..93d5ad6b 100644 --- a/framework/src/main/java/org/onap/cli/fw/ad/OnapAuthClient.java +++ b/framework/src/main/java/org/onap/cli/fw/ad/OnapAuthClient.java @@ -16,8 +16,11 @@ package org.onap.cli.fw.ad; -import com.jayway.jsonpath.JsonPath; +import java.util.Map; + import org.apache.http.HttpStatus; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.impl.auth.BasicScheme; import org.onap.cli.fw.conf.Constants; import org.onap.cli.fw.conf.OnapCommandConfg; import org.onap.cli.fw.error.OnapCommandException; @@ -30,6 +33,8 @@ import org.onap.cli.fw.http.HttpInput; import org.onap.cli.fw.http.HttpResult; import org.onap.cli.fw.http.OnapHttpConnection; +import com.jayway.jsonpath.JsonPath; + /** * Onap Auth client helps to do login and logout. * @@ -43,8 +48,14 @@ public class OnapAuthClient { private OnapCredentials creds = null; - public OnapAuthClient(OnapCredentials creds, boolean debug) throws OnapCommandHttpFailure { + private String authType = OnapCommandConfg.getAuthType(); + + public OnapAuthClient(OnapCredentials creds, boolean debug, String... authType) throws OnapCommandHttpFailure { this.creds = creds; + if (authType.length > 0) { + this.authType = authType[0]; + } + this.http = new OnapHttpConnection(creds.getHostUrl().startsWith("https"), debug); } @@ -67,25 +78,17 @@ public class OnapAuthClient { return; } - HttpInput input = new HttpInput().setUri(this.getAuthUrl() + "/tokens") - .setBody(String.format(Constants.TOKEN, creds.getUsername(), creds.getPassword())) - .setMethod("post"); + if (this.authType.equalsIgnoreCase(Constants.AUTH_BASIC)) { + String authToken = BasicScheme.authenticate(new UsernamePasswordCredentials( + creds.getUsername(), creds.getPassword()), "UTF-8", false).getValue(); - HttpResult result; - try { - result = this.run(input); - } catch (OnapCommandHttpFailure e) { - throw new OnapCommandLoginFailed(e); - } - if (result.getStatus() != HttpStatus.SC_OK && result.getStatus() != HttpStatus.SC_CREATED) { - throw new OnapCommandLoginFailed(result.getBody(), result.getStatus()); + Map mapHeaders = OnapCommandConfg.getBasicCommonHeaders(); + mapHeaders.put(OnapCommandConfg.getXAuthTokenName(), authToken); + this.http.setCommonHeaders(mapHeaders); + return; } - if (OnapCommandConfg.isCookiesBasedAuth()) { - this.http.setAuthToken(result.getRespCookies().get(Constants.X_AUTH_TOKEN)); - } else { - this.http.setAuthToken(result.getRespHeaders().get(Constants.X_AUTH_TOKEN)); - } + //TODO mrkanag add support for aaf here } /** @@ -106,18 +109,6 @@ public class OnapAuthClient { return; } - HttpInput input = new HttpInput().setUri(this.getAuthUrl() + "/tokens").setMethod("delete"); - - HttpResult result; - try { - result = this.run(input); - } catch (OnapCommandHttpFailure e) { - throw new OnapCommandLogoutFailed(e); - } - if (result.getStatus() != HttpStatus.SC_NO_CONTENT) { - throw new OnapCommandLogoutFailed(result.getStatus()); - } - this.http.close(); } @@ -171,10 +162,6 @@ public class OnapAuthClient { return this.creds.getHostUrl() + Constants.MSB_URI; } - public String getAuthToken() { - return this.http.getAuthToken(); - } - public String getDebugInfo() { return this.http.getDebugInfo(); } @@ -189,9 +176,6 @@ public class OnapAuthClient { * exception */ public HttpResult run(HttpInput input) throws OnapCommandHttpFailure { - if (OnapCommandConfg.isCookiesBasedAuth()) { - input.getReqCookies().put(Constants.X_AUTH_TOKEN, http.getAuthToken()); - } return this.http.request(input); } } diff --git a/framework/src/main/java/org/onap/cli/fw/ad/OnapService.java b/framework/src/main/java/org/onap/cli/fw/ad/OnapService.java index c770d17c..18451472 100644 --- a/framework/src/main/java/org/onap/cli/fw/ad/OnapService.java +++ b/framework/src/main/java/org/onap/cli/fw/ad/OnapService.java @@ -17,6 +17,7 @@ package org.onap.cli.fw.ad; import org.onap.cli.fw.conf.Constants; +import org.onap.cli.fw.conf.OnapCommandConfg; /** * Onap Service as reported in api catalog. @@ -43,7 +44,7 @@ public class OnapService { */ private String mode = Constants.MODE_CATALOG; - private String authType = Constants.AUTH_BASIC; + private String authType = OnapCommandConfg.getAuthType();; public String getMode() { return mode; diff --git a/framework/src/main/java/org/onap/cli/fw/cmd/OnapSwaggerCommand.java b/framework/src/main/java/org/onap/cli/fw/cmd/OnapSwaggerCommand.java index fa3e7d7e..18fd1def 100644 --- a/framework/src/main/java/org/onap/cli/fw/cmd/OnapSwaggerCommand.java +++ b/framework/src/main/java/org/onap/cli/fw/cmd/OnapSwaggerCommand.java @@ -54,10 +54,10 @@ public abstract class OnapSwaggerCommand extends OnapCommand { Method basePath = client.getClass().getMethod("setBasePath", String.class); basePath.invoke(client, this.getBasePath()); - if (this.getAuthToken() != null) { - Method apiKey = client.getClass().getMethod("setApiKey", String.class); - apiKey.invoke(client, this.getAuthToken()); - } +// if (this.getAuthToken() != null) { +// Method apiKey = client.getClass().getMethod("setApiKey", String.class); +// apiKey.invoke(client, this.getAuthToken()); +// } return client; } catch (NoSuchMethodException | SecurityException | IllegalAccessException | IllegalArgumentException | InvocationTargetException | OnapCommandException e) { diff --git a/framework/src/main/java/org/onap/cli/fw/conf/Constants.java b/framework/src/main/java/org/onap/cli/fw/conf/Constants.java index 8eb88397..f6a4193f 100644 --- a/framework/src/main/java/org/onap/cli/fw/conf/Constants.java +++ b/framework/src/main/java/org/onap/cli/fw/conf/Constants.java @@ -24,7 +24,7 @@ public class Constants { public static final String SSLCONTEST_TLS = "TLSV1.2"; public static final String APPLICATION_JSON = "application/json"; - public static final String X_AUTH_TOKEN = "X-Auth-Token"; + public static final String X_AUTH_TOKEN = "x-auth-token"; public static final String AUTH_SERVICE = "cli.auth_service"; public static final String AUTH_SERVICE_VERSION = "v1"; @@ -109,12 +109,13 @@ public class Constants { public static final String CONF = "onap.properties"; public static final String ONAP_IGNORE_AUTH = "cli.ignore_auth"; public static final String ONAP_CLI_VERSION = "cli.version"; - public static final String HTTP_API_KEY_USE_COOKIES = "http.api_key_use_cookies"; - public static final String HTTP_X_AUTH_TOKEN = "http.x_auth_token"; + public static final String HTTP_API_KEY_USE_COOKIES = "cli.http.api_key_use_cookies"; public static final String EXCLUDE_PARAMS_INTERNAL_CMD = "cli.exclude_params_internal_cmd"; public static final String NO_AUTH_DISABLE_INCLUDE_PARAMS_EXTERNAL_CMD = "cli.no_auth_disable_include_params_external_cmd"; public static final String NO_AUTH_ENABLE_EXCLUDE_PARAMS_EXTERNAL_CMD = "cli.no_auth_enable_exclude_params_external_cmd"; public static final String NO_AUTH_ENABLE_INCLUDE_PARAMS_EXTERNAL_CMD = "cli.no_auth_enable_include_params_external_cmd"; + public static final String SERVICE_AUTH = "cli.service.auth"; + public static final String SERVICE_AUTH_BASIC_HTTP_HEADERS = "cli.http.basic.common_headers"; // Used while printing the column name during PORTRAIT mode print public static final String PORTRAINT_COLUMN_NAME_PROPERTY = "property"; diff --git a/framework/src/main/java/org/onap/cli/fw/conf/OnapCommandConfg.java b/framework/src/main/java/org/onap/cli/fw/conf/OnapCommandConfg.java index c2682cae..acb2c2b0 100644 --- a/framework/src/main/java/org/onap/cli/fw/conf/OnapCommandConfg.java +++ b/framework/src/main/java/org/onap/cli/fw/conf/OnapCommandConfg.java @@ -18,8 +18,11 @@ package org.onap.cli.fw.conf; import java.io.IOException; import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; import java.util.Properties; import java.util.Set; +import java.util.UUID; import java.util.stream.Collectors; /** @@ -76,7 +79,7 @@ public final class OnapCommandConfg { } public static String getXAuthTokenName() { - return prps.getProperty(Constants.HTTP_X_AUTH_TOKEN, "X-Auth-Token"); + return prps.getProperty(Constants.SERVICE_AUTH_BASIC_HTTP_HEADERS + "." + Constants.X_AUTH_TOKEN); } public static String getInternalCmd() { @@ -91,6 +94,26 @@ public final class OnapCommandConfg { return prps.getProperty(Constants.AUTH_SERVICE); } + public static String getAuthType() { + return prps.getProperty(Constants.SERVICE_AUTH, Constants.AUTH_BASIC); + } + + public static Map getBasicCommonHeaders() { + Map mapHeaders = new HashMap (); + + Arrays.stream(prps.getProperty(Constants.SERVICE_AUTH_BASIC_HTTP_HEADERS) + .split(",")).map(String::trim).forEach(header -> { + String headerName = prps.getProperty(Constants.SERVICE_AUTH_BASIC_HTTP_HEADERS + "." + header); + String headerValue = prps.getProperty(Constants.SERVICE_AUTH_BASIC_HTTP_HEADERS + "." + header + ".value", null); + if (headerValue != null) { + headerValue = headerValue.replaceAll("uuid", UUID.randomUUID().toString()); + } + mapHeaders.put(headerName, headerValue); + }); + + return mapHeaders; + } + public static Set getExcludeParamsForInternalCmd() { return Arrays.stream(prps.getProperty(Constants.EXCLUDE_PARAMS_INTERNAL_CMD) .split(",")).map(String::trim).collect(Collectors.toSet()); diff --git a/framework/src/main/java/org/onap/cli/fw/http/OnapHttpConnection.java b/framework/src/main/java/org/onap/cli/fw/http/OnapHttpConnection.java index 5b8cf8b1..b0ab11c4 100644 --- a/framework/src/main/java/org/onap/cli/fw/http/OnapHttpConnection.java +++ b/framework/src/main/java/org/onap/cli/fw/http/OnapHttpConnection.java @@ -16,6 +16,22 @@ package org.onap.cli.fw.http; +import java.io.File; +import java.io.IOException; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URL; +import java.nio.charset.StandardCharsets; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.X509TrustManager; + import org.apache.http.Header; import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; @@ -37,7 +53,6 @@ import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.X509HostnameVerifier; import org.apache.http.cookie.Cookie; import org.apache.http.entity.StringEntity; -import org.apache.http.entity.mime.HttpMultipartMode; import org.apache.http.entity.mime.MultipartEntity; import org.apache.http.entity.mime.content.FileBody; import org.apache.http.impl.client.BasicCookieStore; @@ -51,22 +66,6 @@ import org.apache.http.util.EntityUtils; import org.onap.cli.fw.conf.Constants; import org.onap.cli.fw.error.OnapCommandHttpFailure; -import java.io.File; -import java.io.IOException; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URL; -import java.nio.charset.StandardCharsets; -import java.security.cert.X509Certificate; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Map.Entry; - -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; - /** * Helps to make http connection.
*/ @@ -74,7 +73,7 @@ public class OnapHttpConnection { private HttpClient httpClient = null; - private String xauthToken = null; + Map mapCommonHeaders = new HashMap (); protected boolean debug = false; @@ -136,14 +135,6 @@ public class OnapHttpConnection { return this.debugDetails; } - public void setAuthToken(String token) { - this.xauthToken = token; - } - - public String getAuthToken() { - return this.xauthToken; - } - private Map getHttpHeaders(HttpResponse resp) { Map result = new HashMap<>(); @@ -228,19 +219,26 @@ public class OnapHttpConnection { return this.request(input); } + public void setCommonHeaders(Map headers) { + this.mapCommonHeaders = headers; + } + private void addCommonHeaders(HttpInput input) { if (!input.isBinaryData()) { - input.getReqHeaders().put("Content-Type", Constants.APPLICATION_JSON); + input.getReqHeaders().put("Content-Type", Constants.APPLICATION_JSON); } input.getReqHeaders().put("Accept", Constants.APPLICATION_JSON); - if (this.xauthToken != null) { - input.getReqHeaders().put(Constants.X_AUTH_TOKEN, this.xauthToken); + + for (String headerName : this.mapCommonHeaders.keySet()) { + input.getReqHeaders().put(headerName, this.mapCommonHeaders.get(headerName)); } } private void addCommonCookies(CookieStore cookieStore) { - Cookie cookie = new BasicClientCookie(Constants.X_AUTH_TOKEN, this.xauthToken); - cookieStore.addCookie(cookie); + for (String headerName : this.mapCommonHeaders.keySet()) { + Cookie cookie = new BasicClientCookie(headerName, this.mapCommonHeaders.get(headerName)); + cookieStore.addCookie(cookie); + } } private void updateResultFromCookies(HttpResult result, List cookies) { @@ -334,7 +332,7 @@ public class OnapHttpConnection { } public void close() { - this.setAuthToken(null); + this.mapCommonHeaders.clear(); } private HttpEntity getMultipartEntity(HttpInput input) { diff --git a/framework/src/main/resources/onap.properties b/framework/src/main/resources/onap.properties index 7eb8e598..84a86e83 100644 --- a/framework/src/main/resources/onap.properties +++ b/framework/src/main/resources/onap.properties @@ -1,7 +1,6 @@ cli.ignore_auth=false cli.version=1.0 -http.api_key=X-Auth-Token -http.api_key_use_cookies=true +cli.http.api_key_use_cookies=true cli.service_name=onap-cli cli.api_gateway=msb @@ -12,3 +11,14 @@ cli.exclude_params_internal_cmd=onap-username,onap-password,host-url,no-auth cli.no_auth_disable_include_params_external_cmd=onap-username,onap-password,host-url,no-auth cli.no_auth_enable_exclude_params_external_cmd=onap-username,onap-password,no-auth cli.no_auth_enable_include_params_external_cmd=host-url + +cli.service.auth=aaf +cli.http.basic.common_headers=x-auth-token,x-transaction-id,x-app-id +cli.http.basic.common_headers.x-auth-token=Authorization +cli.http.basic.common_headers.x-transaction-id=X-TransactionId +cli.http.basic.common_headers.x-transaction-id.value=req-uuid +cli.http.basic.common_headers.x-app-id=X-FromAppId +cli.http.basic.common_headers.x-app-id.value=onap-cli + +#TODO mrkanag add support for aaf like defined above for basic +#cli.service.auth=aaf \ No newline at end of file -- cgit 1.2.3-korg