summaryrefslogtreecommitdiffstats
path: root/src/main
diff options
context:
space:
mode:
authorZlatko Murgoski <zlatko.murgoski@nokia.com>2019-08-21 11:14:04 +0200
committerpawel <pawel.kasperkiewicz@nokia.com>2019-09-11 15:08:14 +0200
commit124e11e9e7ea4652f8a538093ab48df9f575ce2a (patch)
tree2a5b23f7f7b54dd0d00a2f74267014d02e74b7aa /src/main
parentae83904e17e5e785c4945b15f824df8251a91b8a (diff)
Not Secured healtcheck
https://jira.onap.org/browse/DCAEGEN2-1539 Issue-ID: DCAEGEN2-1539 Change-Id: I55c9387e64a5a6b710785ecbfa695683d821599a Signed-off-by: Zlatko Murgoski <zlatko.murgoski@nokia.com>
Diffstat (limited to 'src/main')
-rw-r--r--src/main/java/org/onap/dcae/ApplicationSettings.java1
-rw-r--r--src/main/java/org/onap/dcae/common/configuration/ApiConfiguration.java49
-rw-r--r--src/main/java/org/onap/dcae/common/configuration/CertAuth.java4
-rw-r--r--src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java4
-rw-r--r--src/main/java/org/onap/dcae/common/configuration/TomcatHttpConfig.java54
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java44
-rw-r--r--src/main/java/org/onap/dcae/restapi/SwaggerConfig.java2
-rw-r--r--src/main/java/org/onap/dcae/restapi/WebMvcConfig.java4
8 files changed, 128 insertions, 34 deletions
diff --git a/src/main/java/org/onap/dcae/ApplicationSettings.java b/src/main/java/org/onap/dcae/ApplicationSettings.java
index 205659c4..5164f878 100644
--- a/src/main/java/org/onap/dcae/ApplicationSettings.java
+++ b/src/main/java/org/onap/dcae/ApplicationSettings.java
@@ -74,7 +74,6 @@ public class ApplicationSettings {
loadedJsonSchemas = loadJsonSchemas();
}
-
public void reloadProperties() {
try {
properties.load(configurationFileLocation);
diff --git a/src/main/java/org/onap/dcae/common/configuration/ApiConfiguration.java b/src/main/java/org/onap/dcae/common/configuration/ApiConfiguration.java
new file mode 100644
index 00000000..52e3a6de
--- /dev/null
+++ b/src/main/java/org/onap/dcae/common/configuration/ApiConfiguration.java
@@ -0,0 +1,49 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dcaegen2.collectors.ves
+ * ================================================================================
+ * Copyright (C) 2018 - 2019 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcae.common.configuration;
+
+import org.onap.dcae.ApplicationSettings;
+import org.onap.dcae.restapi.ApiAuthInterceptor;
+import org.slf4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@EnableWebMvc
+public class ApiConfiguration implements WebMvcConfigurer {
+
+ private final ApplicationSettings applicationSettings;
+ private Logger errorLogger;
+
+ @Autowired
+ ApiConfiguration(ApplicationSettings applicationSettings, Logger errorLogger) {
+ this.applicationSettings = applicationSettings;
+ this.errorLogger = errorLogger;
+ }
+
+ @Override
+ public void addInterceptors(InterceptorRegistry registry) {
+ registry.addInterceptor(new ApiAuthInterceptor(applicationSettings, errorLogger));
+ }
+}
diff --git a/src/main/java/org/onap/dcae/common/configuration/CertAuth.java b/src/main/java/org/onap/dcae/common/configuration/CertAuth.java
index 6bd924c3..53031142 100644
--- a/src/main/java/org/onap/dcae/common/configuration/CertAuth.java
+++ b/src/main/java/org/onap/dcae/common/configuration/CertAuth.java
@@ -3,7 +3,7 @@
* PROJECT
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * Copyright (C) 2018 Nokia. All rights reserved.s
+ * Copyright (C) 2018 - 2019 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -26,9 +26,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.server.Ssl.ClientAuth;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
-import org.springframework.context.annotation.Configuration;
-@Configuration
public class CertAuth implements AuthMethod {
private static final Logger log = LoggerFactory.getLogger(CertAuth.class);
diff --git a/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java b/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java
index 38d5ad5b..fa4a1b2d 100644
--- a/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java
+++ b/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java
@@ -3,7 +3,7 @@
* PROJECT
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * Copyright (C) 2018 Nokia. All rights reserved.s
+ * Copyright (C) 2018 - 2019 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -26,9 +26,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.server.Ssl.ClientAuth;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
-import org.springframework.context.annotation.Configuration;
-@Configuration
public class CertBasicAuth implements AuthMethod{
private static final Logger log = LoggerFactory.getLogger(CertAuth.class);
diff --git a/src/main/java/org/onap/dcae/common/configuration/TomcatHttpConfig.java b/src/main/java/org/onap/dcae/common/configuration/TomcatHttpConfig.java
new file mode 100644
index 00000000..4495f34b
--- /dev/null
+++ b/src/main/java/org/onap/dcae/common/configuration/TomcatHttpConfig.java
@@ -0,0 +1,54 @@
+/*
+ * ============LICENSE_START=======================================================
+ * PROJECT
+ * ================================================================================
+ * Copyright (C) 2019 Nokia. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.dcae.common.configuration;
+
+import org.apache.catalina.connector.Connector;
+import org.onap.dcae.ApplicationSettings;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.stereotype.Component;
+
+@Component
+public class TomcatHttpConfig {
+
+ @Autowired
+ private ApplicationSettings settings;
+
+ @Bean
+ private ServletWebServerFactory servletContainer() {
+
+ TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory();
+ if(!(settings.authMethod().equalsIgnoreCase(AuthMethodType.NO_AUTH.value())) && settings.httpsEnabled()){
+ tomcat.addAdditionalTomcatConnectors(getHttpConnector());
+ }
+ return tomcat;
+ }
+
+ private Connector getHttpConnector() {
+ Connector connector = new Connector(TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
+ connector.setScheme("http");
+ connector.setPort(settings.httpPort());
+ connector.setSecure(false);
+ return connector;
+ }
+}
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 9b387b84..a9281594 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* org.onap.dcaegen2.collectors.ves
* ================================================================================
- * Copyright (C) 2018 Nokia. All rights reserved.
+ * Copyright (C) 2018 - 2019 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -23,11 +23,6 @@ import io.vavr.control.Option;
import java.io.IOException;
import java.security.cert.X509Certificate;
import java.util.Base64;
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.dcae.ApplicationSettings;
@@ -37,9 +32,10 @@ import org.onap.dcaegen2.services.sdk.security.CryptPassword;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@Component
-public class ApiAuthInterceptor implements Filter {
+public class ApiAuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
private static final String CERTIFICATE_X_509 = "javax.servlet.request.X509Certificate";
@@ -53,32 +49,33 @@ public class ApiAuthInterceptor implements Filter {
this.errorLogger = errorLogger;
}
-
@Override
- public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+ throws IOException {
+
SubjectMatcher subjectMatcher = new SubjectMatcher(settings,(X509Certificate[]) request.getAttribute(CERTIFICATE_X_509));
- if(settings.authMethod().equalsIgnoreCase(AuthMethodType.CERT_ONLY.value())){
- if( validateCertRequest((HttpServletResponse )response, subjectMatcher)){
- chain.doFilter(request, response);
- return;
+ if(!settings.authMethod().equalsIgnoreCase(AuthMethodType.NO_AUTH.value()) && request.getServerPort() == settings.httpPort() ){
+ if(request.getRequestURI().replaceAll("^/|/$", "").equalsIgnoreCase("healthcheck")){
+ return true;
}
- return;
+ response.getWriter().write("Operation not permitted");
+ response.setStatus(400);
+ return false;
+ }
+
+ if(settings.authMethod().equalsIgnoreCase(AuthMethodType.CERT_ONLY.value())){
+ return validateCertRequest(response, subjectMatcher);
}
if(isCertSubject(subjectMatcher)){
- chain.doFilter(request, response);
- return;
+ return true;
}
if (isBasicAuth() ) {
- if(validateBasicHeader((HttpServletRequest)request, (HttpServletResponse)response)){
- chain.doFilter(request, response);
- return;
- }
- return;
+ return validateBasicHeader(request, response);
}
- chain.doFilter(request, response);
+ return true;
}
private boolean validateBasicHeader(HttpServletRequest request, HttpServletResponse response)
@@ -110,6 +107,7 @@ public class ApiAuthInterceptor implements Filter {
LOG.info("Cert and subjectDN is valid");
return true;
}
+ LOG.info(String.format(MESSAGE, settings.certSubjectMatcher()));
return false;
}
@@ -129,7 +127,7 @@ public class ApiAuthInterceptor implements Filter {
return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get());
} catch (Exception e) {
LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
- authorizationHeader), e);
+ authorizationHeader), e);
return false;
}
}
diff --git a/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java b/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java
index 267db054..03432cf2 100644
--- a/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java
+++ b/src/main/java/org/onap/dcae/restapi/SwaggerConfig.java
@@ -3,6 +3,7 @@
* PROJECT
* ================================================================================
* Copyright (C) 2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -28,7 +29,6 @@ import springfox.documentation.spi.DocumentationType;
import springfox.documentation.spring.web.plugins.Docket;
import springfox.documentation.swagger2.annotations.EnableSwagger2;
-@Configuration
@EnableSwagger2
public class SwaggerConfig{
diff --git a/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java b/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java
index c3e2a5de..c8dd7ba4 100644
--- a/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java
+++ b/src/main/java/org/onap/dcae/restapi/WebMvcConfig.java
@@ -3,7 +3,7 @@
* PROJECT
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * Copyright (C) 2018 Nokia. All rights reserved.s
+ * Copyright (C) 2018 - 2019 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -22,12 +22,10 @@
package org.onap.dcae.restapi;
import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
-@Configuration
public class WebMvcConfig extends WebMvcConfigurationSupport {
@Override