diff options
Diffstat (limited to 'src/main/java/org/onap/dcae/common/configuration')
-rw-r--r-- | src/main/java/org/onap/dcae/common/configuration/CertAuth.java | 29 | ||||
-rw-r--r-- | src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java | 32 | ||||
-rw-r--r-- | src/main/java/org/onap/dcae/common/configuration/SubjectMatcher.java (renamed from src/main/java/org/onap/dcae/common/configuration/CustomFilter.java) | 44 |
3 files changed, 16 insertions, 89 deletions
diff --git a/src/main/java/org/onap/dcae/common/configuration/CertAuth.java b/src/main/java/org/onap/dcae/common/configuration/CertAuth.java index 481fb5ec..6bd924c3 100644 --- a/src/main/java/org/onap/dcae/common/configuration/CertAuth.java +++ b/src/main/java/org/onap/dcae/common/configuration/CertAuth.java @@ -21,24 +21,15 @@ package org.onap.dcae.common.configuration; -import org.onap.dcae.ApplicationException; import org.onap.dcae.ApplicationSettings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.web.server.Ssl.ClientAuth; import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; import org.springframework.context.annotation.Configuration; -import org.springframework.core.annotation.Order; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; @Configuration -@Order(0) -@EnableWebSecurity -public class CertAuth extends WebSecurityConfigurerAdapter implements AuthMethod { +public class CertAuth implements AuthMethod { private static final Logger log = LoggerFactory.getLogger(CertAuth.class); private final ConfigurableServletWebServerFactory container; @@ -50,24 +41,6 @@ public class CertAuth extends WebSecurityConfigurerAdapter implements AuthMethod } @Override - public void configure(WebSecurity web) { - web.ignoring().anyRequest(); - } - - @Override - protected void configure(HttpSecurity http) { - try { - http.authorizeRequests() - .anyRequest().authenticated().and() - .addFilterBefore(new CustomFilter(properties), FilterSecurityInterceptor.class); - - } catch (Exception ex) { - log.error("Cannot authorize request cause: ",ex); - throw new ApplicationException(ex); - } - } - - @Override public void configure() { SslContextCreator sslContextCreator = new SslContextCreator(properties); container.setSsl(sslContextCreator.httpsContextWithTlsAuthentication(ClientAuth.NEED)); diff --git a/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java b/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java index c9e0af41..38d5ad5b 100644 --- a/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java +++ b/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java @@ -21,24 +21,15 @@ package org.onap.dcae.common.configuration; -import org.onap.dcae.ApplicationException; import org.onap.dcae.ApplicationSettings; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.web.server.Ssl.ClientAuth; import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory; import org.springframework.context.annotation.Configuration; -import org.springframework.core.annotation.Order; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; @Configuration -@Order(1) -@EnableWebSecurity -public class CertBasicAuth extends WebSecurityConfigurerAdapter implements AuthMethod{ +public class CertBasicAuth implements AuthMethod{ private static final Logger log = LoggerFactory.getLogger(CertAuth.class); private final ConfigurableServletWebServerFactory container; @@ -50,24 +41,6 @@ public class CertBasicAuth extends WebSecurityConfigurerAdapter implements AuthM } @Override - public void configure(WebSecurity web) { - web.ignoring().anyRequest(); - } - - @Override - protected void configure(HttpSecurity http) { - try { - http.authorizeRequests() - .anyRequest().authenticated().and() - .addFilterBefore(new CustomFilter(properties), FilterSecurityInterceptor.class); - - } catch (Exception ex) { - log.error("Cannot authorize request cause: ",ex); - throw new ApplicationException(ex); - } - } - - @Override public void configure() { SslContextCreator sslContextCreator = new SslContextCreator(properties); container.setPort(properties.httpsPort()); @@ -75,5 +48,4 @@ public class CertBasicAuth extends WebSecurityConfigurerAdapter implements AuthM log.info(String.format("Application work in %s mode on %s port.", properties.authMethod(), properties.httpsPort())); } -} - +}
\ No newline at end of file diff --git a/src/main/java/org/onap/dcae/common/configuration/CustomFilter.java b/src/main/java/org/onap/dcae/common/configuration/SubjectMatcher.java index ae693fa6..9ab42211 100644 --- a/src/main/java/org/onap/dcae/common/configuration/CustomFilter.java +++ b/src/main/java/org/onap/dcae/common/configuration/SubjectMatcher.java @@ -28,47 +28,29 @@ import java.util.Arrays; import java.util.regex.Pattern; import java.util.stream.Collectors; import java.util.stream.Stream; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletResponse; +import org.onap.dcae.ApplicationException; import org.onap.dcae.ApplicationSettings; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.filter.GenericFilterBean; -@Configuration -public class CustomFilter extends GenericFilterBean { +public class SubjectMatcher { - private static final String CERTIFICATE_X_509 = "javax.servlet.request.X509Certificate"; - private static final String MESSAGE = "SubjectDN didn't match with any regexp from %s file like %s"; - private ApplicationSettings properties; + private final ApplicationSettings properties; + private final X509Certificate[] cert; - public CustomFilter(ApplicationSettings properties) { + public SubjectMatcher(ApplicationSettings properties, X509Certificate[] cert) { this.properties = properties; + this.cert = cert; } - @Override - public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, - FilterChain filterChain) throws IOException, ServletException { - - X509Certificate[] cert = (X509Certificate[]) servletRequest.getAttribute(CERTIFICATE_X_509); - - if (cert != null) { - if (getLines().anyMatch(element -> Pattern.compile(element).matcher(getSubjectDN(cert)).find())) { - filterChain.doFilter(servletRequest, servletResponse); - } else { - setResponse((HttpServletResponse) servletResponse); - } - } else { - filterChain.doFilter(servletRequest, servletResponse); + public boolean match(){ + try { + return getLines().anyMatch(element -> Pattern.compile(element).matcher(getSubjectDN(cert)).find()); + } catch (IOException ex) { + throw new ApplicationException("Cannot read file cause: ", ex); } } - private void setResponse(HttpServletResponse servletResponse) throws IOException { - HttpServletResponse response = servletResponse; - response.sendError(HttpServletResponse.SC_FORBIDDEN, - String.format(MESSAGE, properties.certSubjectMatcher(), getLines().collect(Collectors.joining(" ")))); + public boolean isCert() { + return cert !=null; } private Stream<String> getLines() throws IOException { |