diff options
Diffstat (limited to 'src')
9 files changed, 167 insertions, 116 deletions
diff --git a/src/main/java/org/onap/music/MusicApplication.java b/src/main/java/org/onap/music/MusicApplication.java index 9b831e37..aa4de01e 100755 --- a/src/main/java/org/onap/music/MusicApplication.java +++ b/src/main/java/org/onap/music/MusicApplication.java @@ -33,7 +33,6 @@ import org.onap.music.authentication.CadiAuthFilter; import org.onap.music.authentication.MusicAuthorizationFilter; import org.onap.music.eelf.logging.EELFLoggerDelegate; import org.onap.music.eelf.logging.MusicLoggingServletFilter; -import org.onap.music.main.CipherUtil; import org.onap.music.main.MusicUtil; import org.onap.music.main.PropertiesLoader; import org.springframework.beans.factory.annotation.Autowired; @@ -44,7 +43,6 @@ import org.springframework.boot.autoconfigure.data.cassandra.CassandraDataAutoCo import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.support.SpringBootServletInitializer; -import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.DependsOn; @@ -57,10 +55,15 @@ import org.springframework.web.context.request.RequestContextListener; @EnableScheduling public class MusicApplication extends SpringBootServletInitializer { + private final String KEYSPACE_PATTERN = "/v2/keyspaces/*"; + private final String LOCKS_PATTERN = "/v2/locks/*"; + private final String Q_PATTERN = "/v2/priorityq/*"; + @Autowired private PropertiesLoader propertyLoader; private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicApplication.class); + public static void main(String[] args) { new MusicApplication().configure(new SpringApplicationBuilder(MusicApplication.class)).run(args); } @@ -76,8 +79,6 @@ public class MusicApplication extends SpringBootServletInitializer { propertyLoader.loadProperties(); } - @Autowired - private ApplicationContext appContext; @Bean @DependsOn("loadProperties") @@ -96,9 +97,7 @@ public class MusicApplication extends SpringBootServletInitializer { propertyLoader.loadProperties(); if (MusicUtil.getIsCadi()) { PropAccess propAccess = propAccess(); - CadiAuthFilter cadiFilter = new CadiAuthFilter(propAccess); - - return cadiFilter; + return new CadiAuthFilter(propAccess); } else { return (ServletRequest request, ServletResponse response, FilterChain chain) -> { // do nothing for now. @@ -124,15 +123,14 @@ public class MusicApplication extends SpringBootServletInitializer { FilterRegistrationBean<Filter> frb = new FilterRegistrationBean<>(); frb.setFilter(new MusicLoggingServletFilter()); frb.addUrlPatterns( - "/v2/keyspaces/*", - "/v2/locks/*", - "/v2/priorityq/*" + KEYSPACE_PATTERN, + LOCKS_PATTERN, + Q_PATTERN ); frb.setName("logFilter"); frb.setOrder(1); return frb; } - @Bean @DependsOn("loadProperties") @@ -140,14 +138,11 @@ public class MusicApplication extends SpringBootServletInitializer { logger.info("cadiFilterRegistration called for cadi filter.."); FilterRegistrationBean<Filter> frb = new FilterRegistrationBean<>(); frb.setFilter(cadiFilter()); - - // The Following Patterns are used to control what APIs will be secure - // TODO: Make this a configurable item. Build this from an array? if (MusicUtil.getIsCadi()) { frb.addUrlPatterns( - "/v2/keyspaces/*", - "/v2/locks/*", - "/v2/priorityq/*" + KEYSPACE_PATTERN, + LOCKS_PATTERN, + Q_PATTERN ); } else { frb.addUrlPatterns("/v0/test"); @@ -175,10 +170,10 @@ public class MusicApplication extends SpringBootServletInitializer { if (MusicUtil.getIsCadi()) { frb.addUrlPatterns( - "/v2/keyspaces/*", - "/v2/locks/*", - "/v2/priorityq/*" - ); + KEYSPACE_PATTERN, + LOCKS_PATTERN, + Q_PATTERN + ); } else { frb.addUrlPatterns("/v0/test"); } @@ -192,8 +187,7 @@ public class MusicApplication extends SpringBootServletInitializer { public Filter cadiMusicAuthFilter() throws ServletException { propertyLoader.loadProperties(); if (MusicUtil.getIsCadi()) { - MusicAuthorizationFilter authFilter = new MusicAuthorizationFilter(); - return authFilter; + return new MusicAuthorizationFilter(); } else { return (ServletRequest request, ServletResponse response, FilterChain chain) -> { // do nothing for now. diff --git a/src/main/java/org/onap/music/authentication/AuthUtil.java b/src/main/java/org/onap/music/authentication/AuthUtil.java index de9c2729..223fa74e 100644 --- a/src/main/java/org/onap/music/authentication/AuthUtil.java +++ b/src/main/java/org/onap/music/authentication/AuthUtil.java @@ -37,14 +37,16 @@ import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.music.eelf.logging.EELFLoggerDelegate; +import org.onap.music.exceptions.MusicAuthenticationException; public class AuthUtil { - private static final String decodeValueOfForwardSlash = "2f"; - private static final String decodeValueOfHyphen = "2d"; - private static final String decodeValueOfAsterisk = "2a"; private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AuthUtil.class); + private AuthUtil() { + throw new IllegalStateException("Utility class"); + } + /** * Get the list of permissions from the Request object. * @@ -104,20 +106,23 @@ public class AuthUtil { * @return returns the decoded string. * @throws Exception throws excpetion */ - public static String decodeFunctionCode(String str) throws Exception { + public static String decodeFunctionCode(String str) throws MusicAuthenticationException { + final String DECODEVALUE_FORWARDSLASH = "2f"; + final String DECODEVALUE_HYPHEN = "2d"; + final String DECODEVALUE_ASTERISK = "2a"; String decodedString = str; List<Pattern> decodingList = new ArrayList<>(); - decodingList.add(Pattern.compile(decodeValueOfForwardSlash)); - decodingList.add(Pattern.compile(decodeValueOfHyphen)); - decodingList.add(Pattern.compile(decodeValueOfAsterisk)); + decodingList.add(Pattern.compile(DECODEVALUE_FORWARDSLASH)); + decodingList.add(Pattern.compile(DECODEVALUE_HYPHEN)); + decodingList.add(Pattern.compile(DECODEVALUE_ASTERISK)); for (Pattern xssInputPattern : decodingList) { try { decodedString = decodedString.replaceAll("%" + xssInputPattern, new String(Hex.decodeHex(xssInputPattern.toString().toCharArray()))); } catch (DecoderException e) { - logger.error(EELFLoggerDelegate.applicationLogger, + logger.error(EELFLoggerDelegate.securityLogger, "AuthUtil Decode Failed! for instance: " + str); - throw new Exception("decode failed", e); + throw new MusicAuthenticationException("Decode failed", e); } } @@ -132,23 +137,21 @@ public class AuthUtil { * @return boolean value if the access is allowed * @throws Exception throws exception */ - public static boolean isAccessAllowed(ServletRequest request, String nameSpace) throws Exception { + public static boolean isAccessAllowed(ServletRequest request, String nameSpace) throws MusicAuthenticationException { if (request==null) { - throw new Exception("Request cannot be null"); + throw new MusicAuthenticationException("Request cannot be null"); } if (nameSpace==null || nameSpace.isEmpty()) { - throw new Exception("NameSpace not Declared!"); + throw new MusicAuthenticationException("NameSpace not Declared!"); } boolean isauthorized = false; List<AAFPermission> aafPermsList = getAAFPermissions(request); - //logger.info(EELFLoggerDelegate.applicationLogger, - // "AAFPermission of the requested MechId for all the namespaces: " + aafPermsList); - - logger.debug(EELFLoggerDelegate.applicationLogger, "Requested nameSpace: " + nameSpace); - + logger.info(EELFLoggerDelegate.securityLogger, + "AAFPermission of the requested MechId for all the namespaces: " + aafPermsList); + logger.debug(EELFLoggerDelegate.securityLogger, "Requested nameSpace: " + nameSpace); List<AAFPermission> aafPermsFinalList = filterNameSpacesAAFPermissions(nameSpace, aafPermsList); @@ -162,10 +165,10 @@ public class AuthUtil { logger.debug(EELFLoggerDelegate.securityLogger, "AuthUtil requestUri :::" + requestUri); - for (Iterator iterator = aafPermsFinalList.iterator(); iterator.hasNext();) { + for (Iterator<AAFPermission> iterator = aafPermsFinalList.iterator(); iterator.hasNext();) { AAFPermission aafPermission = (AAFPermission) iterator.next(); if(!isauthorized) { - isauthorized = isMatchPatternWithInstanceAndAction(aafPermission, requestUri, httpRequest.getMethod()); + isauthorized = isMatchPattern(aafPermission, requestUri, httpRequest.getMethod()); } } @@ -205,23 +208,21 @@ public class AuthUtil { * @return returns a boolean * @throws Exception - throws an exception */ - private static boolean isMatchPatternWithInstanceAndAction( + private static boolean isMatchPattern( AAFPermission aafPermission, String requestUri, - String method) throws Exception { + String method) throws MusicAuthenticationException { if (null == aafPermission || null == requestUri || null == method) { return false; } String permKey = aafPermission.getKey(); - logger.debug(EELFLoggerDelegate.auditLogger, "isMatchPattern permKey: " + logger.debug(EELFLoggerDelegate.securityLogger, "isMatchPattern permKey: " + permKey + ", requestUri " + requestUri + " ," + method); String[] keyArray = permKey.split("\\|"); String[] subPath = null; - //String type = null; - //type = keyArray[0]; String instance = keyArray[1]; String action = keyArray[2]; @@ -251,13 +252,7 @@ public class AuthUtil { subPath = path[i].split("\\."); for (int j = 0; j < subPath.length; j++) { if (instanceList.contains(subPath[j])) { - if ("*".equals(action) || "ALL".equalsIgnoreCase(action)) { - return true; - } else if (method.equalsIgnoreCase(action)) { - return true; - } else { - return false; - } + return checkAction(method,action); } else { continue; } @@ -265,4 +260,15 @@ public class AuthUtil { } return false; } + + private static boolean checkAction(String method, String action) { + if ("*".equals(action) || "ALL".equalsIgnoreCase(action)) { + return true; + } else { + return (method.equalsIgnoreCase(action)); + } + } + + + }
\ No newline at end of file diff --git a/src/main/java/org/onap/music/authentication/CadiAuthFilter.java b/src/main/java/org/onap/music/authentication/CadiAuthFilter.java index cd58d354..d043e6d6 100644 --- a/src/main/java/org/onap/music/authentication/CadiAuthFilter.java +++ b/src/main/java/org/onap/music/authentication/CadiAuthFilter.java @@ -58,13 +58,8 @@ public class CadiAuthFilter extends CadiFilter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { logger.info(EELFLoggerDelegate.securityLogger, "Request is entering cadifilter"); - long startTime = System.currentTimeMillis(); request.setAttribute("startTime", startTime); - super.doFilter(request, response, chain); - - //Commented by saumya (sp931a) on 04/11/19 for auth filter - //chain.doFilter(request, response); } }
\ No newline at end of file diff --git a/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java b/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java index a9930d88..bde3e205 100644 --- a/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java +++ b/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java @@ -25,10 +25,6 @@ package org.onap.music.authentication; import java.io.IOException; -import java.util.Base64; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -36,10 +32,10 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.music.eelf.logging.EELFLoggerDelegate; +import org.onap.music.exceptions.MusicAuthenticationException; import org.onap.music.main.MusicUtil; import com.fasterxml.jackson.databind.ObjectMapper; @@ -62,7 +58,7 @@ public class MusicAuthorizationFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { - + // Do Nothing } @Override @@ -83,9 +79,12 @@ public class MusicAuthorizationFilter implements Filter { try { isAuthAllowed = AuthUtil.isAccessAllowed(servletRequest, musicNS); - } catch (Exception e) { + } catch (MusicAuthenticationException e) { + logger.error(EELFLoggerDelegate.securityLogger, + "Error while checking authorization Music Namespace: " + musicNS + " : " + e.getMessage(),e); + } catch ( Exception e) { logger.error(EELFLoggerDelegate.securityLogger, - "Error while checking authorization Music Namespace: " + musicNS + " : " + e.getMessage()); + "Error while checking authorization Music Namespace: " + musicNS + " : " + e.getMessage(),e); } long endTime = System.currentTimeMillis(); @@ -119,39 +118,5 @@ public class MusicAuthorizationFilter implements Filter { String serialized = new ObjectMapper().writeValueAsString(eErrorResponse); return serialized.getBytes(); } - - private Map<String, String> getHeadersInfo(HttpServletRequest request) { - - Map<String, String> map = new HashMap<String, String>(); - - Enumeration headerNames = request.getHeaderNames(); - while (headerNames.hasMoreElements()) { - String key = (String) headerNames.nextElement(); - String value = request.getHeader(key); - map.put(key, value); - } - - return map; - } - - private static String getUserNamefromRequest(HttpServletRequest httpRequest) { - String authHeader = httpRequest.getHeader("Authorization"); - String username = null; - if (authHeader != null) { - String[] split = authHeader.split("\\s+"); - if (split.length > 0) { - String basic = split[0]; - - if ("Basic".equalsIgnoreCase(basic)) { - byte[] decodedBytes = Base64.getDecoder().decode(split[1]); - String decodedString = new String(decodedBytes); - int p = decodedString.indexOf(":"); - if (p != -1) { - username = decodedString.substring(0, p); - } - } - } - } - return username; - } } + diff --git a/src/main/java/org/onap/music/exceptions/MusicAuthenticationException.java b/src/main/java/org/onap/music/exceptions/MusicAuthenticationException.java new file mode 100644 index 00000000..ab44fd6e --- /dev/null +++ b/src/main/java/org/onap/music/exceptions/MusicAuthenticationException.java @@ -0,0 +1,75 @@ +/* + * ============LICENSE_START========================================== + * org.onap.music + * =================================================================== + * Copyright (c) 2019 AT&T Intellectual Property + * =================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================= + * ==================================================================== + */ + +package org.onap.music.exceptions; + +/** + * @author inam + * + */ +public class MusicAuthenticationException extends Exception { + + /** + * + */ + public MusicAuthenticationException() { + + } + + /** + * @param message + */ + public MusicAuthenticationException(String message) { + super(message); + + } + + /** + * @param cause + */ + public MusicAuthenticationException(Throwable cause) { + super(cause); + + } + + /** + * @param message + * @param cause + */ + public MusicAuthenticationException(String message, Throwable cause) { + super(message, cause); + + } + + /** + * @param message + * @param cause + * @param enableSuppression + * @param writableStackTrace + */ + public MusicAuthenticationException(String message, Throwable cause, boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + + } + +} diff --git a/src/main/java/org/onap/music/main/MusicCore.java b/src/main/java/org/onap/music/main/MusicCore.java index 6a0d2471..1f1d6a16 100644 --- a/src/main/java/org/onap/music/main/MusicCore.java +++ b/src/main/java/org/onap/music/main/MusicCore.java @@ -34,17 +34,21 @@ import org.onap.music.lockingservice.cassandra.CassaLockStore; import org.onap.music.lockingservice.cassandra.LockType; import org.onap.music.lockingservice.cassandra.MusicLockState; import org.onap.music.service.MusicCoreService; -import org.onap.music.service.impl.MusicCassaCore; import com.datastax.driver.core.ResultSet; public class MusicCore { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicCore.class); - private static boolean unitTestRun = true; - private static MusicCoreService musicCore = MusicUtil.getMusicCoreService(); - public static CassaLockStore mLockHandle; + private static CassaLockStore mLockHandle; + + public static CassaLockStore getmLockHandle() { + return mLockHandle; + } + public static void setmLockHandle(CassaLockStore mLockHandleIn) { + mLockHandle = mLockHandleIn; + } /** * Acquire lock @@ -178,4 +182,6 @@ public class MusicCore { return musicCore.releaseLock(lockId, voluntaryRelease); } + + } diff --git a/src/main/java/org/onap/music/service/impl/MusicCassaCore.java b/src/main/java/org/onap/music/service/impl/MusicCassaCore.java index 253081e0..07864576 100644 --- a/src/main/java/org/onap/music/service/impl/MusicCassaCore.java +++ b/src/main/java/org/onap/music/service/impl/MusicCassaCore.java @@ -29,7 +29,6 @@ import java.io.StringWriter; import java.util.List; import java.util.Map; import java.util.StringTokenizer; -import java.util.concurrent.TimeUnit; import org.onap.music.datastore.MusicDataStore; import org.onap.music.datastore.MusicDataStoreHandle; @@ -51,7 +50,6 @@ import org.onap.music.main.ResultType; import org.onap.music.main.ReturnType; import org.onap.music.service.MusicCoreService; -import com.att.eelf.configuration.EELFLogger; import com.datastax.driver.core.DataType; import com.datastax.driver.core.ResultSet; import com.datastax.driver.core.Row; @@ -61,14 +59,22 @@ import org.onap.music.datastore.*; public class MusicCassaCore implements MusicCoreService { - public static CassaLockStore mLockHandle = null;; + private static CassaLockStore mLockHandle = null; private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicCassaCore.class); - private static boolean unitTestRun=true; private static MusicCassaCore musicCassaCoreInstance = null; private MusicCassaCore() { + // not going to happen + } + + public static CassaLockStore getmLockHandle() { + return mLockHandle; + } + public static void setmLockHandle(CassaLockStore mLockHandle) { + MusicCassaCore.mLockHandle = mLockHandle; } + public static MusicCassaCore getInstance() { if(musicCassaCoreInstance == null) { @@ -77,6 +83,9 @@ public class MusicCassaCore implements MusicCoreService { return musicCassaCoreInstance; } + + + public static CassaLockStore getLockingServiceHandle() throws MusicLockingException { logger.info(EELFLoggerDelegate.applicationLogger,"Acquiring lock store handle"); long start = System.currentTimeMillis(); @@ -95,7 +104,7 @@ public class MusicCassaCore implements MusicCoreService { } public String createLockReference(String fullyQualifiedKey) throws MusicLockingException { - return createLockReference(fullyQualifiedKey, LockType.WRITE); + return createLockReference(fullyQualifiedKey, LockType.WRITE); } public String createLockReference(String fullyQualifiedKey, LockType locktype) throws MusicLockingException { @@ -125,8 +134,8 @@ public class MusicCassaCore implements MusicCoreService { public ReturnType acquireLockWithLease(String fullyQualifiedKey, String lockReference, long leasePeriod) throws MusicLockingException, MusicQueryException, MusicServiceException { - evictExpiredLockHolder(fullyQualifiedKey,leasePeriod); - return acquireLock(fullyQualifiedKey, lockReference); + evictExpiredLockHolder(fullyQualifiedKey,leasePeriod); + return acquireLock(fullyQualifiedKey, lockReference); } private void evictExpiredLockHolder(String fullyQualifiedKey, long leasePeriod) @@ -167,7 +176,7 @@ public class MusicCassaCore implements MusicCoreService { if (!lockInfo.getIsLockOwner()) { return new ReturnType(ResultType.FAILURE, lockId + " is not a lock holder");//not top of the lock store q } - + //check to see if the value of the key has to be synced in case there was a forceful release String syncTable = keyspace+".unsyncedKeys_"+table; String query = "select * from "+syncTable+" where key='"+localFullyQualifiedKey+"';"; @@ -805,4 +814,5 @@ public class MusicCassaCore implements MusicCoreService { return null; } + } diff --git a/src/test/java/org/onap/music/unittests/TestRestMusicQAPI.java b/src/test/java/org/onap/music/unittests/TestRestMusicQAPI.java index a9e6e4b6..385a4698 100644 --- a/src/test/java/org/onap/music/unittests/TestRestMusicQAPI.java +++ b/src/test/java/org/onap/music/unittests/TestRestMusicQAPI.java @@ -132,7 +132,7 @@ public class TestRestMusicQAPI { try { ReflectionTestUtils.setField(MusicDataStoreHandle.class, "mDstoreHandle", CassandraCQL.connectToEmbeddedCassandra()); - MusicCore.mLockHandle = new CassaLockStore(MusicDataStoreHandle.getDSHandle()); + MusicCore.setmLockHandle(new CassaLockStore(MusicDataStoreHandle.getDSHandle())); // System.out.println("before class keysp"); //resp=data.createKeySpace(majorV,minorV,patchV,aid,appName,userId,password,kspObject,keyspaceName); diff --git a/src/test/java/org/onap/music/unittests/TestsUsingCassandra.java b/src/test/java/org/onap/music/unittests/TestsUsingCassandra.java index e2c65447..cc7c5146 100644 --- a/src/test/java/org/onap/music/unittests/TestsUsingCassandra.java +++ b/src/test/java/org/onap/music/unittests/TestsUsingCassandra.java @@ -66,7 +66,7 @@ public class TestsUsingCassandra { public static void beforeClass() throws Exception { ReflectionTestUtils.setField(MusicDataStoreHandle.class, "mDstoreHandle", CassandraCQL.connectToEmbeddedCassandra()); - MusicCore.mLockHandle = new CassaLockStore(MusicDataStoreHandle.getDSHandle()); + MusicCore.setmLockHandle(new CassaLockStore(MusicDataStoreHandle.getDSHandle())); createAdminTable(); } |