Not Secured healtcheck

https://jira.onap.org/browse/DCAEGEN2-1539 Issue-ID: DCAEGEN2-1539 Change-Id: I55c9387e64a5a6b710785ecbfa695683d821599a Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
author: Zlatko Murgoski <zlatko.murgoski@nokia.com> 2019-08-21 11:14:04 +0200
committer: pawel <pawel.kasperkiewicz@nokia.com> 2019-09-11 15:08:14 +0200
commit: 124e11e9e7ea4652f8a538093ab48df9f575ce2a (patch)
tree: 2a5b23f7f7b54dd0d00a2f74267014d02e74b7aa /src/main/java/org/onap/dcae/restapi
parent: ae83904e17e5e785c4945b15f824df8251a91b8a (diff)
3 files changed, 23 insertions, 27 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 9b387b84..a9281594 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START=======================================================
  * org.onap.dcaegen2.collectors.ves
  * ================================================================================
- * Copyright (C) 2018 Nokia. All rights reserved.
+ * Copyright (C) 2018 - 2019 Nokia. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -23,11 +23,6 @@ import io.vavr.control.Option;
 import java.io.IOException;
 import java.security.cert.X509Certificate;
 import java.util.Base64;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.onap.dcae.ApplicationSettings;
@@ -37,9 +32,10 @@ import org.onap.dcaegen2.services.sdk.security.CryptPassword;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 @Component
-public class ApiAuthInterceptor implements Filter {
+public class ApiAuthInterceptor extends HandlerInterceptorAdapter {
 
     private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
     private static final String CERTIFICATE_X_509 = "javax.servlet.request.X509Certificate";
@@ -53,32 +49,33 @@ public class ApiAuthInterceptor implements Filter {
         this.errorLogger = errorLogger;
     }
 
-
     @Override
-    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+        throws IOException {
+
         SubjectMatcher subjectMatcher = new SubjectMatcher(settings,(X509Certificate[]) request.getAttribute(CERTIFICATE_X_509));
 
-        if(settings.authMethod().equalsIgnoreCase(AuthMethodType.CERT_ONLY.value())){
-            if( validateCertRequest((HttpServletResponse )response, subjectMatcher)){
-                chain.doFilter(request, response);
-                return;
+        if(!settings.authMethod().equalsIgnoreCase(AuthMethodType.NO_AUTH.value()) && request.getServerPort() == settings.httpPort() ){
+            if(request.getRequestURI().replaceAll("^/|/$", "").equalsIgnoreCase("healthcheck")){
+                return true;
             }
-            return;
+            response.getWriter().write("Operation not permitted");
+            response.setStatus(400);
+            return false;
+        }
+
+        if(settings.authMethod().equalsIgnoreCase(AuthMethodType.CERT_ONLY.value())){
+            return validateCertRequest(response, subjectMatcher);
         }
 
         if(isCertSubject(subjectMatcher)){
-            chain.doFilter(request, response);
-            return;
+            return true;
         }
 
         if (isBasicAuth() ) {
-            if(validateBasicHeader((HttpServletRequest)request, (HttpServletResponse)response)){
-                chain.doFilter(request, response);
-                return;
-            }
-            return;
+            return validateBasicHeader(request, response);
         }
-        chain.doFilter(request, response);
+        return true;
     }
 
     private boolean validateBasicHeader(HttpServletRequest request, HttpServletResponse response)
@@ -110,6 +107,7 @@ public class ApiAuthInterceptor implements Filter {
             LOG.info("Cert and subjectDN is valid");
             return true;
         }
+        LOG.info(String.format(MESSAGE, settings.certSubjectMatcher()));
         return false;
     }
 
@@ -129,7 +127,7 @@ public class ApiAuthInterceptor implements Filter {
             return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get());
         } catch (Exception e) {
             LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
-                    authorizationHeader), e);
+                authorizationHeader), e);
             return false;
         }
     }
diff --git a/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java b/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java
index 267db054..03432cf2 100644
--- a/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java
+++ b/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java
@@ -3,6 +3,7 @@
  * PROJECT
  * ================================================================================
  * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 Nokia. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,7 +29,6 @@ import springfox.documentation.spi.DocumentationType;
 import springfox.documentation.spring.web.plugins.Docket;
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
-@Configuration
 @EnableSwagger2
 public class SwaggerConfig{
 
diff --git a/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java b/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java
index c3e2a5de..c8dd7ba4 100644
--- a/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java
+++ b/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java
@@ -3,7 +3,7 @@
  * PROJECT
  * ================================================================================
  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * Copyright (C) 2018 Nokia. All rights reserved.s
+ * Copyright (C) 2018 - 2019 Nokia. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -22,12 +22,10 @@
 package org.onap.dcae.restapi;
 
 import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
 import org.springframework.web.servlet.view.InternalResourceViewResolver;
 
-@Configuration
 public class WebMvcConfig extends WebMvcConfigurationSupport {
 
     @Override
author	Zlatko Murgoski <zlatko.murgoski@nokia.com>	2019-08-21 11:14:04 +0200
committer	pawel <pawel.kasperkiewicz@nokia.com>	2019-09-11 15:08:14 +0200
commit	124e11e9e7ea4652f8a538093ab48df9f575ce2a (patch)
tree	2a5b23f7f7b54dd0d00a2f74267014d02e74b7aa /src/main/java/org/onap/dcae/restapi
parent	ae83904e17e5e785c4945b15f824df8251a91b8a (diff)