aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/org/onap/dcae/common/configuration
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/onap/dcae/common/configuration')
-rw-r--r--src/main/java/org/onap/dcae/common/configuration/CertAuth.java29
-rw-r--r--src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java32
-rw-r--r--src/main/java/org/onap/dcae/common/configuration/SubjectMatcher.java (renamed from src/main/java/org/onap/dcae/common/configuration/CustomFilter.java)44
3 files changed, 16 insertions, 89 deletions
diff --git a/src/main/java/org/onap/dcae/common/configuration/CertAuth.java b/src/main/java/org/onap/dcae/common/configuration/CertAuth.java
index 481fb5ec..6bd924c3 100644
--- a/src/main/java/org/onap/dcae/common/configuration/CertAuth.java
+++ b/src/main/java/org/onap/dcae/common/configuration/CertAuth.java
@@ -21,24 +21,15 @@
package org.onap.dcae.common.configuration;
-import org.onap.dcae.ApplicationException;
import org.onap.dcae.ApplicationSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.server.Ssl.ClientAuth;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
@Configuration
-@Order(0)
-@EnableWebSecurity
-public class CertAuth extends WebSecurityConfigurerAdapter implements AuthMethod {
+public class CertAuth implements AuthMethod {
private static final Logger log = LoggerFactory.getLogger(CertAuth.class);
private final ConfigurableServletWebServerFactory container;
@@ -50,24 +41,6 @@ public class CertAuth extends WebSecurityConfigurerAdapter implements AuthMethod
}
@Override
- public void configure(WebSecurity web) {
- web.ignoring().anyRequest();
- }
-
- @Override
- protected void configure(HttpSecurity http) {
- try {
- http.authorizeRequests()
- .anyRequest().authenticated().and()
- .addFilterBefore(new CustomFilter(properties), FilterSecurityInterceptor.class);
-
- } catch (Exception ex) {
- log.error("Cannot authorize request cause: ",ex);
- throw new ApplicationException(ex);
- }
- }
-
- @Override
public void configure() {
SslContextCreator sslContextCreator = new SslContextCreator(properties);
container.setSsl(sslContextCreator.httpsContextWithTlsAuthentication(ClientAuth.NEED));
diff --git a/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java b/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java
index c9e0af41..38d5ad5b 100644
--- a/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java
+++ b/src/main/java/org/onap/dcae/common/configuration/CertBasicAuth.java
@@ -21,24 +21,15 @@
package org.onap.dcae.common.configuration;
-import org.onap.dcae.ApplicationException;
import org.onap.dcae.ApplicationSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.web.server.Ssl.ClientAuth;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
@Configuration
-@Order(1)
-@EnableWebSecurity
-public class CertBasicAuth extends WebSecurityConfigurerAdapter implements AuthMethod{
+public class CertBasicAuth implements AuthMethod{
private static final Logger log = LoggerFactory.getLogger(CertAuth.class);
private final ConfigurableServletWebServerFactory container;
@@ -50,24 +41,6 @@ public class CertBasicAuth extends WebSecurityConfigurerAdapter implements AuthM
}
@Override
- public void configure(WebSecurity web) {
- web.ignoring().anyRequest();
- }
-
- @Override
- protected void configure(HttpSecurity http) {
- try {
- http.authorizeRequests()
- .anyRequest().authenticated().and()
- .addFilterBefore(new CustomFilter(properties), FilterSecurityInterceptor.class);
-
- } catch (Exception ex) {
- log.error("Cannot authorize request cause: ",ex);
- throw new ApplicationException(ex);
- }
- }
-
- @Override
public void configure() {
SslContextCreator sslContextCreator = new SslContextCreator(properties);
container.setPort(properties.httpsPort());
@@ -75,5 +48,4 @@ public class CertBasicAuth extends WebSecurityConfigurerAdapter implements AuthM
log.info(String.format("Application work in %s mode on %s port.",
properties.authMethod(), properties.httpsPort()));
}
-}
-
+} \ No newline at end of file
diff --git a/src/main/java/org/onap/dcae/common/configuration/CustomFilter.java b/src/main/java/org/onap/dcae/common/configuration/SubjectMatcher.java
index ae693fa6..9ab42211 100644
--- a/src/main/java/org/onap/dcae/common/configuration/CustomFilter.java
+++ b/src/main/java/org/onap/dcae/common/configuration/SubjectMatcher.java
@@ -28,47 +28,29 @@ import java.util.Arrays;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletResponse;
+import org.onap.dcae.ApplicationException;
import org.onap.dcae.ApplicationSettings;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.filter.GenericFilterBean;
-@Configuration
-public class CustomFilter extends GenericFilterBean {
+public class SubjectMatcher {
- private static final String CERTIFICATE_X_509 = "javax.servlet.request.X509Certificate";
- private static final String MESSAGE = "SubjectDN didn't match with any regexp from %s file like %s";
- private ApplicationSettings properties;
+ private final ApplicationSettings properties;
+ private final X509Certificate[] cert;
- public CustomFilter(ApplicationSettings properties) {
+ public SubjectMatcher(ApplicationSettings properties, X509Certificate[] cert) {
this.properties = properties;
+ this.cert = cert;
}
- @Override
- public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse,
- FilterChain filterChain) throws IOException, ServletException {
-
- X509Certificate[] cert = (X509Certificate[]) servletRequest.getAttribute(CERTIFICATE_X_509);
-
- if (cert != null) {
- if (getLines().anyMatch(element -> Pattern.compile(element).matcher(getSubjectDN(cert)).find())) {
- filterChain.doFilter(servletRequest, servletResponse);
- } else {
- setResponse((HttpServletResponse) servletResponse);
- }
- } else {
- filterChain.doFilter(servletRequest, servletResponse);
+ public boolean match(){
+ try {
+ return getLines().anyMatch(element -> Pattern.compile(element).matcher(getSubjectDN(cert)).find());
+ } catch (IOException ex) {
+ throw new ApplicationException("Cannot read file cause: ", ex);
}
}
- private void setResponse(HttpServletResponse servletResponse) throws IOException {
- HttpServletResponse response = servletResponse;
- response.sendError(HttpServletResponse.SC_FORBIDDEN,
- String.format(MESSAGE, properties.certSubjectMatcher(), getLines().collect(Collectors.joining(" "))));
+ public boolean isCert() {
+ return cert !=null;
}
private Stream<String> getLines() throws IOException {