From abc9a515805880992a0d73e05ae9ae04cbd15154 Mon Sep 17 00:00:00 2001 From: Jerry Flood Date: Wed, 6 Mar 2019 17:27:06 -0500 Subject: Commit 4 for TM API definition Initial commit of Ticket Management Simulator. Multiple commits required by commit size limitation. Change-Id: I6a39c9a9d1d693a9193c854bc41db2e82270a7f0 Issue-ID: OPTFRA-432 Signed-off-by: Jerry Flood --- .../ticketmgt/CMSEnvironmentPostProcessor.java | 60 ++++++++++++ .../onap/optf/ticketmgt/JerseyConfiguration.java | 103 +++++++++++++++++++++ .../org/onap/optf/ticketmgt/SecurityConfig.java | 63 +++++++++++++ .../org/onap/optf/ticketmgt/SpringProfiles.java | 29 ++++++ .../optf/ticketmgt/aaf/AafAuthorizationFilter.java | 75 +++++++++++++++ .../org/onap/optf/ticketmgt/aaf/AafFilter.java | 75 +++++++++++++++ .../onap/optf/ticketmgt/aaf/FilterPriority.java | 35 +++++++ .../onap/optf/ticketmgt/aaf/ResponseFormatter.java | 42 +++++++++ 8 files changed, 482 insertions(+) create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/CMSEnvironmentPostProcessor.java create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/JerseyConfiguration.java create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SecurityConfig.java create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SpringProfiles.java create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafAuthorizationFilter.java create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafFilter.java create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/FilterPriority.java create mode 100644 cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/ResponseFormatter.java (limited to 'cmso-ticketmgt/src/main/java/org/onap') diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/CMSEnvironmentPostProcessor.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/CMSEnvironmentPostProcessor.java new file mode 100644 index 0000000..f5c6345 --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/CMSEnvironmentPostProcessor.java @@ -0,0 +1,60 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. + * Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ + +package org.onap.optf.ticketmgt; + +import java.util.HashMap; +import java.util.Map; + +import org.onap.optf.cmso.common.PropertiesManagement; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.env.EnvironmentPostProcessor; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.MapPropertySource; +import org.springframework.core.env.MutablePropertySources; + +public class CMSEnvironmentPostProcessor implements EnvironmentPostProcessor { + // TODO tested in ONAP springboot and this is called before all of the properties files have been loaded... + // perhaps there is a post post processor? Until this works. DB password will be in the clear in the proeprties files. + @Override + public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) { + String pwd = environment.getProperty("cmso.database.password"); + if (pwd != null) { + pwd = PropertiesManagement.getDecryptedValue(pwd); + Map map = new HashMap(); + map.put("spring.datasource.password", pwd); + MapPropertySource propertySource = new MapPropertySource("abc", map); + MutablePropertySources proeprtySources = environment.getPropertySources(); + proeprtySources.addLast(propertySource); + } + } + +} diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/JerseyConfiguration.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/JerseyConfiguration.java new file mode 100644 index 0000000..3bc0153 --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/JerseyConfiguration.java @@ -0,0 +1,103 @@ +/* + * Copyright © 2017-2019 AT&T Intellectual Property. + * Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ + +package org.onap.optf.ticketmgt; + +import java.util.logging.Logger; + +import javax.ws.rs.ApplicationPath; +import javax.ws.rs.client.Client; +import javax.ws.rs.client.ClientBuilder; + +import org.glassfish.jersey.client.ClientConfig; +import org.glassfish.jersey.logging.LoggingFeature; +import org.glassfish.jersey.server.ResourceConfig; +import org.glassfish.jersey.servlet.ServletProperties; +import org.onap.optf.ticketmgt.filters.CMSOContainerFilters; +import org.onap.optf.ticketmgt.service.rs.AdminToolImpl; +import org.onap.optf.ticketmgt.service.rs.AvailabilityInterfaceImpl; +import org.onap.optf.ticketmgt.service.rs.HealthCheckImpl; +import org.onap.optf.ticketmgt.service.rs.TicketManagementImpl; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Primary; +import org.springframework.stereotype.Component; + +import com.fasterxml.jackson.annotation.JsonInclude; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.MapperFeature; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.SerializationFeature; + +@Component +@ApplicationPath("/") +public class JerseyConfiguration extends ResourceConfig { + private static final Logger log = Logger.getLogger(JerseyConfiguration.class.getName()); + + @Bean + @Primary + public ObjectMapper objectMapper() { + ObjectMapper objectMapper = new ObjectMapper(); + objectMapper.setSerializationInclusion(JsonInclude.Include.NON_NULL); + objectMapper.configure(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS, false); + objectMapper.enable(MapperFeature.ACCEPT_CASE_INSENSITIVE_PROPERTIES); + objectMapper.enable(DeserializationFeature.READ_ENUMS_USING_TO_STRING); + return objectMapper; + } + + @Autowired + public JerseyConfiguration( /* LogRequestFilter lrf */ ) { + register(HealthCheckImpl.class); + register(AdminToolImpl.class); + register(TicketManagementImpl.class); + register(AvailabilityInterfaceImpl.class); + property(ServletProperties.FILTER_FORWARD_ON_404, true); + // TODO: ONAP Conversion identify appropriate ONAP logging filters if any + // register(lrf, 6001); + // register(LogResponseFilter.class, 6004); + + // TODO: Examine which logging features to enable + register(new LoggingFeature(log)); + register(CMSOContainerFilters.class); + } + + @Bean + public Client jerseyClient() { + ClientConfig client = new ClientConfig(); + + // TODO: ONAP Conversion identify appropriate ONAP logging filters if any + // client.register(TransactionIdRequestFilter.class); + // client.register(TransactionIdResponseFilter.class); + // client.register(DateTimeParamConverterProvider.class); + + return ClientBuilder.newClient(client); + } +} diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SecurityConfig.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SecurityConfig.java new file mode 100644 index 0000000..27f9019 --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SecurityConfig.java @@ -0,0 +1,63 @@ +/* + * Copyright © 2018 AT&T Intellectual Property. + * Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. +*/ +package org.onap.optf.ticketmgt; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableWebSecurity +@ComponentScan("org.onap.optf") +@Profile(SpringProfiles.PROPRIETARY__AUTHENTICATION) +public class SecurityConfig extends WebSecurityConfigurerAdapter { + + @Autowired + private AuthProvider authProvider; + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + + auth.authenticationProvider(authProvider); + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + + http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic(); + + } +} \ No newline at end of file diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SpringProfiles.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SpringProfiles.java new file mode 100644 index 0000000..2cb2c99 --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/SpringProfiles.java @@ -0,0 +1,29 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.optf.cmso + * ================================================================================ + * Copyright © 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.optf.ticketmgt; + +public class SpringProfiles +{ + + public static final String AAF_AUTHENTICATION = "aaf-auth"; + public static final String PROPRIETARY__AUTHENTICATION = "proprietary-auth"; + + private SpringProfiles(){} +} diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafAuthorizationFilter.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafAuthorizationFilter.java new file mode 100644 index 0000000..53a8d52 --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafAuthorizationFilter.java @@ -0,0 +1,75 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.optf.cmso + * ================================================================================ + * Copyright © 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.optf.ticketmgt.aaf; + +import java.io.IOException; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.onap.observations.Observation; +import org.onap.optf.cmso.common.exceptions.CMSException; +import org.onap.optf.ticketmgt.SpringProfiles; +import org.onap.optf.ticketmgt.common.LogMessages; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; +import org.springframework.context.annotation.Profile; +import org.springframework.context.annotation.PropertySource; +import org.springframework.stereotype.Component; + +/** + * AAF authorization filter + */ + +@Component +@Profile(SpringProfiles.AAF_AUTHENTICATION) +@PropertySource("file:${server.local.startpath}/aaf/permissions.properties") +public class AafAuthorizationFilter extends OrderedRequestContextFilter { + + @Value("${permission.type}") + String type; + + @Value("${permission.instance}") + String instance; + + public AafAuthorizationFilter() { + this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority()); + + + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { + String permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase()); + if(request.getRequestURI().matches("^.*/util/echo$")){ + filterChain.doFilter(request, response); + } + if(!request.isUserInRole(permission)){ + Observation.report(LogMessages.UNAUTHORIZED); + ResponseFormatter.errorResponse(request, response, + new CMSException(LogMessages.UNAUTHORIZED.getStatus(), + LogMessages.UNAUTHORIZED, "")); + }else{ + filterChain.doFilter(request,response); + } + } +} diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafFilter.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafFilter.java new file mode 100644 index 0000000..89d6e3b --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/AafFilter.java @@ -0,0 +1,75 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.optf.cmso + * ================================================================================ + * Copyright © 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.optf.ticketmgt.aaf; + + +import java.io.IOException; +import java.util.Properties; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.observations.Observation; +import org.onap.optf.cmso.common.exceptions.CMSException; +import org.onap.optf.ticketmgt.Application; +import org.onap.optf.ticketmgt.SpringProfiles; +import org.onap.optf.ticketmgt.common.LogMessages; +import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +/** + * AAF authentication filter + */ + +@Component +@Profile(SpringProfiles.AAF_AUTHENTICATION) +public class AafFilter extends OrderedRequestContextFilter { + + private final CadiFilter cadiFilter; + + public AafFilter() throws IOException, ServletException { + Properties cadiProperties = new Properties(); + cadiProperties.load(Application.class.getClassLoader().getResourceAsStream("cadi.properties")); + cadiFilter = new CadiFilter(new PropAccess(cadiProperties)); + this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority()); + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { + if(!request.getRequestURI().matches("^.*/util/echo$")){ + cadiFilter.doFilter(request, response, filterChain); + if(response.getStatus() >=400 && response.getStatus() < 500){ + Observation.report(LogMessages.UNAUTHENTICATED); + ResponseFormatter.errorResponse(request, response, + new CMSException(LogMessages.UNAUTHENTICATED.getStatus(), + LogMessages.UNAUTHENTICATED, "")); + } + } else { + filterChain.doFilter(request, response); + } + } + + +} diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/FilterPriority.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/FilterPriority.java new file mode 100644 index 0000000..0a74a97 --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/FilterPriority.java @@ -0,0 +1,35 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.optf.cmso + * ================================================================================ + * Copyright © 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.optf.ticketmgt.aaf; + +import org.springframework.core.Ordered; + +public enum FilterPriority { + AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE), + AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1); //higher number = lower priority + + private final int priority; + + FilterPriority(final int p) { + priority = p; + } + + public int getPriority() { return priority; } +} diff --git a/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/ResponseFormatter.java b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/ResponseFormatter.java new file mode 100644 index 0000000..626776c --- /dev/null +++ b/cmso-ticketmgt/src/main/java/org/onap/optf/ticketmgt/aaf/ResponseFormatter.java @@ -0,0 +1,42 @@ +/** + * ============LICENSE_START======================================================= + * org.onap.optf.cmso + * ================================================================================ + * Copyright © 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ +package org.onap.optf.ticketmgt.aaf; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.ws.rs.core.MediaType; + +import org.onap.optf.cmso.common.exceptions.CMSException; + +class ResponseFormatter { + + private static final String ACCEPT_HEADER = "accept"; + + static void errorResponse(HttpServletRequest request, HttpServletResponse response, CMSException error) throws IOException { + String accept = request.getHeader(ACCEPT_HEADER) == null ? MediaType.APPLICATION_JSON : request.getHeader(ACCEPT_HEADER); + response.setStatus(error.getStatus().getStatusCode()); + response.getWriter().write(error.getRequestError().toString()); + response.getWriter().flush(); + response.getWriter().close(); + } + +} -- cgit 1.2.3-korg