From 4c67a692c849f3f24205309fae981ab623a3790a Mon Sep 17 00:00:00 2001 From: Jerry Flood Date: Tue, 26 Mar 2019 15:00:41 -0400 Subject: Commit 2 for Define Topology API mS Multiple commits required due to commit size limitation. Change-Id: I72ab781fe1ececf2c3f7dc2313ee3fe58479e8d7 Issue-ID: OPTFRA-430 Signed-off-by: Jerry Flood --- .../java/org/onap/observations/MessageHeaders.java | 155 ++++++++++++++++ .../java/org/onap/observations/Observation.java | 129 ++++++++++++++ .../onap/observations/ObservationInterface.java | 49 +++++ .../org/onap/observations/ObservationObject.java | 198 +++++++++++++++++++++ .../optf/cmso/CmsoEnvironmentPostProcessor.java | 56 ++++++ .../onap/optf/cmso/aaf/AafAuthorizationFilter.java | 89 +++++++++ .../java/org/onap/optf/cmso/aaf/AafFilter.java | 82 +++++++++ .../main/java/org/onap/optf/cmso/aaf/AafPerm.java | 137 ++++++++++++++ .../org/onap/optf/cmso/aaf/AafSecurityConfig.java | 56 ++++++ 9 files changed, 951 insertions(+) create mode 100644 cmso-topology/src/main/java/org/onap/observations/MessageHeaders.java create mode 100644 cmso-topology/src/main/java/org/onap/observations/Observation.java create mode 100644 cmso-topology/src/main/java/org/onap/observations/ObservationInterface.java create mode 100644 cmso-topology/src/main/java/org/onap/observations/ObservationObject.java create mode 100644 cmso-topology/src/main/java/org/onap/optf/cmso/CmsoEnvironmentPostProcessor.java create mode 100644 cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafAuthorizationFilter.java create mode 100644 cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafFilter.java create mode 100644 cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafPerm.java create mode 100644 cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafSecurityConfig.java (limited to 'cmso-topology') diff --git a/cmso-topology/src/main/java/org/onap/observations/MessageHeaders.java b/cmso-topology/src/main/java/org/onap/observations/MessageHeaders.java new file mode 100644 index 0000000..fe6cea2 --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/observations/MessageHeaders.java @@ -0,0 +1,155 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.observations; + +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; + +/** + * The Class MessageHeaders. + */ +public class MessageHeaders { + + /** + * The Enum HeadersEnum. + */ + public enum HeadersEnum { + UNDEFINED("UNDEFINED"), + TransactionID("X-TransactionId"), + FromAppID("X-FromAppId"), + MinorVersion("X-MinorVersion"), + PatchVersion("X-PatchVersion"), + LatestVersion("X-LatestVersion"),; + + private final String text; + + private HeadersEnum(String text) { + this.text = text; + } + + /** + * To string. + * + * @return the string + */ + @Override + public String toString() { + return text; + } + } + + /** The Constant supportedMajorVersions. */ + public static final Map supportedMajorVersions = new HashMap(); + + static { + supportedMajorVersions.put("v1", "0"); + supportedMajorVersions.put("v2", "0"); + } + + /** The Constant supportedMajorMinorVersions. */ + public static final Set supportedMajorMinorVersions = new HashSet(); + + static { + supportedMajorMinorVersions.add("v1.0"); + supportedMajorMinorVersions.add("v2.0"); + } + + /** The Constant latestVersion. */ + public static final String latestVersion = "2.0.0"; + + /** The Constant patchVersion. */ + public static final String patchVersion = "0"; + + /** + * From string. + * + * @param text the text + * @return the headers enum + */ + public static HeadersEnum fromString(String text) { + for (HeadersEnum e : HeadersEnum.values()) { + if (e.text.equals(text)) { + return e; + } + } + return HeadersEnum.UNDEFINED; + } + + /** + * Gets the patch version. + * + * @return the patch version + */ + public static String getPatchVersion() { + return patchVersion; + } + + /** + * Gets the latest version. + * + * @return the latest version + */ + public static String getLatestVersion() { + return latestVersion; + } + + /** + * Validate major version. + * + * @param major the major + * @return true, if successful + */ + public static boolean validateMajorVersion(String major) { + String majorKey = major.toLowerCase(); + if (!supportedMajorVersions.containsKey(majorKey)) { + return false; + } + return true; + } + + /** + * Validate major minor version. + * + * @param major the major + * @param minor the minor + * @return true, if successful + */ + public static boolean validateMajorMinorVersion(String major, String minor) { + String majorKey = major.toLowerCase(); + if (!supportedMajorVersions.containsKey(majorKey)) { + return false; + } + + if (minor != null) { + String majorMinorKey = majorKey + "." + minor; + return supportedMajorMinorVersions.contains(majorMinorKey); + } + return true; + } +} diff --git a/cmso-topology/src/main/java/org/onap/observations/Observation.java b/cmso-topology/src/main/java/org/onap/observations/Observation.java new file mode 100644 index 0000000..e1ec30c --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/observations/Observation.java @@ -0,0 +1,129 @@ +/* + * Copyright © 2019 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.observations; + +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import org.apache.log4j.Level; +import org.onap.optf.cmso.topology.Application; + + +/** + * The Class Observation. + */ +public class Observation { + private static EELFLogger log = EELFManager.getInstance().getLogger(Application.class); + private static EELFLogger metrics = EELFManager.getInstance().getMetricsLogger(); + private static EELFLogger audit = EELFManager.getInstance().getAuditLogger(); + private static EELFLogger errors = EELFManager.getInstance().getErrorLogger(); + private static EELFLogger debug = EELFManager.getInstance().getDebugLogger(); + + /** + * Report. + * + * @param obs the o + * @param execpt the e + * @param arguments the arguments + */ + // ************************************************************************************************* + public static void report(ObservationInterface obs, Exception execpt, String... arguments) { + Mdc.setCaller(4); + Mdc.setObservation(obs); + if (obs.getAudit()) { + audit.info(obs, execpt, arguments); + } + if (obs.getMetric()) { + metrics.info(obs, execpt, arguments); + } + Level lev = obs.getLevel(); + switch (lev.toInt()) { + case Level.WARN_INT: + errors.warn(obs, arguments); + debug.debug(obs, execpt, arguments); + break; + case Level.INFO_INT: + log.info(obs, execpt, arguments); + debug.debug(obs, execpt, arguments); + break; + case Level.ERROR_INT: + errors.error(obs, arguments); + debug.debug(obs, execpt, arguments); + break; + case Level.TRACE_INT: + debug.trace(obs, execpt, arguments); + break; + case Level.DEBUG_INT: + debug.debug(obs, execpt, arguments); + break; + default: + log.info(obs, execpt, arguments); + } + Mdc.clearCaller(); + } + + /** + * Report. + * + * @param obs the o + * @param arguments the arguments + */ + public static void report(ObservationInterface obs, String... arguments) { + Mdc.setCaller(4); + Mdc.setObservation(obs); + if (obs.getAudit()) { + audit.info(obs, arguments); + } + if (obs.getMetric()) { + metrics.info(obs, arguments); + } + Level levl = obs.getLevel(); + switch (levl.toInt()) { + case Level.WARN_INT: + errors.warn(obs, arguments); + debug.debug(obs, arguments); + break; + case Level.INFO_INT: + log.info(obs, arguments); + debug.debug(obs, arguments); + break; + case Level.ERROR_INT: + errors.error(obs, arguments); + debug.debug(obs, arguments); + break; + case Level.TRACE_INT: + debug.debug(obs, arguments); + break; + case Level.DEBUG_INT: + debug.debug(obs, arguments); + break; + default: + log.info(obs, arguments); + } + Mdc.clearCaller(); + } + +} diff --git a/cmso-topology/src/main/java/org/onap/observations/ObservationInterface.java b/cmso-topology/src/main/java/org/onap/observations/ObservationInterface.java new file mode 100644 index 0000000..0dce93d --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/observations/ObservationInterface.java @@ -0,0 +1,49 @@ +/* + * Copyright © 2019 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.observations; + +import com.att.eelf.i18n.EELFResolvableErrorEnum; +import javax.ws.rs.core.Response.Status; +import org.apache.log4j.Level; + +public interface ObservationInterface extends EELFResolvableErrorEnum { + public Enum getValue(); + + public Level getLevel(); + + public String getMessage(); + + public Status getStatus(); + + public String getDomain(); + + public String name(); + + public Boolean getAudit(); + + public Boolean getMetric(); +} diff --git a/cmso-topology/src/main/java/org/onap/observations/ObservationObject.java b/cmso-topology/src/main/java/org/onap/observations/ObservationObject.java new file mode 100644 index 0000000..f1c1277 --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/observations/ObservationObject.java @@ -0,0 +1,198 @@ +/* + * Copyright © 2019 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.observations; + +import com.att.eelf.i18n.EELFResolvableErrorEnum; +import com.att.eelf.i18n.EELFResourceManager; +import javax.ws.rs.core.Response.Status; +import org.apache.log4j.Level; + + +/** + * The Class ObservationObject. + */ +public class ObservationObject implements ObservationInterface { + + // ************************************************************************************************* + // Interface class that matches the ObservationInteface pattern + // This will be used in case we decide to provide external overrides and we need to instantiate + // For now, we'll just use the Enum itself. + // + // + private Enum value = null; + + private Level level = null; + private String message = null; + private Status status = null; + private String domain = null; + private Boolean metric = false; + private Boolean audit = false; + + /** + * Instantiates a new observation object. + * + * @param obs the o + */ + public ObservationObject(ObservationInterface obs) { + this.value = obs.getValue(); + this.level = obs.getLevel(); + this.message = obs.getMessage(); + this.status = obs.getStatus(); + this.domain = obs.getDomain(); + this.metric = obs.getMetric(); + this.audit = obs.getAudit(); + + } + + /** + * Gets the value. + * + * @return the value + */ + @Override + public Enum getValue() { + return value; + } + + /** + * Gets the message. + * + * @return the message + */ + @Override + public String getMessage() { + return message; + } + + /** + * Gets the status. + * + * @return the status + */ + @Override + public Status getStatus() { + return status; + } + + /** + * Gets the domain. + * + * @return the domain + */ + @Override + public String getDomain() { + return domain; + } + + /** + * Gets the level. + * + * @return the level + */ + @Override + public Level getLevel() { + return level; + } + + /** + * Name. + * + * @return the string + */ + @Override + public String name() { + return value.name(); + } + + /** + * Gets the audit. + * + * @return the audit + */ + @Override + public Boolean getAudit() { + return audit; + } + + /** + * Gets the metric. + * + * @return the metric + */ + @Override + public Boolean getMetric() { + return metric; + } + + /** + * Gets the message. + * + * @param arguments the arguments + * @return the message + */ + public String getMessagef(String... arguments) { + return EELFResourceManager.format((EELFResolvableErrorEnum) value, arguments); + } + + /** + * Sets the value. + * + * @param value the new value + */ + public void setValue(Enum value) { + this.value = value; + } + + /** + * Sets the level. + * + * @param level the new level + */ + public void setLevel(Level level) { + this.level = level; + } + + /** + * Sets the message. + * + * @param message the new message + */ + public void setMessage(String message) { + this.message = message; + } + + /** + * Sets the status. + * + * @param status the new status + */ + public void setStatus(Status status) { + this.status = status; + } + + +} diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/CmsoEnvironmentPostProcessor.java b/cmso-topology/src/main/java/org/onap/optf/cmso/CmsoEnvironmentPostProcessor.java new file mode 100644 index 0000000..7e15760 --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/optf/cmso/CmsoEnvironmentPostProcessor.java @@ -0,0 +1,56 @@ +/* + * Copyright © 2017-2018 AT&T Intellectual Property. Modifications Copyright © 2018 IBM. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.optf.cmso; + +import java.util.HashMap; +import java.util.Map; +import org.onap.optf.cmso.common.PropertiesManagement; +import org.springframework.boot.SpringApplication; +import org.springframework.boot.env.EnvironmentPostProcessor; +import org.springframework.core.env.ConfigurableEnvironment; +import org.springframework.core.env.MapPropertySource; +import org.springframework.core.env.MutablePropertySources; + +public class CmsoEnvironmentPostProcessor implements EnvironmentPostProcessor { + // TODO tested in ONAP springboot and this is called before all of the properties files have been + // loaded... + // perhaps there is a post post processor? Until this works. DB password will be in the clear in the + // proeprties files. + @Override + public void postProcessEnvironment(ConfigurableEnvironment environment, SpringApplication application) { + String pwd = environment.getProperty("cmso.database.password"); + if (pwd != null) { + pwd = PropertiesManagement.getDecryptedValue(pwd); + Map map = new HashMap(); + map.put("spring.datasource.password", pwd); + MapPropertySource propertySource = new MapPropertySource("abc", map); + MutablePropertySources proeprtySources = environment.getPropertySources(); + proeprtySources.addLast(propertySource); + } + } + +} diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafAuthorizationFilter.java b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafAuthorizationFilter.java new file mode 100644 index 0000000..e2602d0 --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafAuthorizationFilter.java @@ -0,0 +1,89 @@ +/******************************************************************************* + * Copyright © 2019 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ + +package org.onap.optf.cmso.aaf; + +import java.io.IOException; +import java.util.List; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.onap.aaf.cadi.CadiWrap; +import org.onap.aaf.cadi.Permission; +import org.onap.observations.Observation; +import org.onap.optf.cmso.common.exceptions.CmsoException; +import org.onap.optf.cmso.topology.SpringProfiles; +import org.onap.optf.cmso.topology.common.LogMessages; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +/** + * AAF authorization filter. + */ + +@Component +@Profile(SpringProfiles.AAF_AUTHENTICATION) +public class AafAuthorizationFilter extends OrderedRequestContextFilter { + + @Autowired + AafUserRoleProperties userRoleProperties; + + /** + * Instantiates a new aaf authorization filter. + */ + public AafAuthorizationFilter() { + this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority()); + + + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws IOException, ServletException { + try { + if (request instanceof CadiWrap) { + CadiWrap cw = (CadiWrap) request; + List perms = cw.getPermissions(cw.getUserPrincipal()); + if (userRoleProperties.processPermissions(request, perms)) { + filterChain.doFilter(request, response); + } else { + Observation.report(LogMessages.UNAUTHORIZED); + ResponseFormatter.errorResponse(request, response, new CmsoException( + LogMessages.UNAUTHORIZED.getStatus(), LogMessages.UNAUTHORIZED, "")); + } + } else { + throw new Exception(); + } + } catch (Exception e) { + Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.getMessage()); + ResponseFormatter.errorResponse(request, response, + new CmsoException(LogMessages.UNAUTHORIZED.getStatus(), LogMessages.UNAUTHORIZED, "")); + } + } +} diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafFilter.java b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafFilter.java new file mode 100644 index 0000000..e396264 --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafFilter.java @@ -0,0 +1,82 @@ +/******************************************************************************* + * Copyright © 2019 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ + +package org.onap.optf.cmso.aaf; + +import java.io.IOException; +import java.util.Properties; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.observations.Observation; +import org.onap.optf.cmso.common.exceptions.CmsoException; +import org.onap.optf.cmso.topology.Application; +import org.onap.optf.cmso.topology.SpringProfiles; +import org.onap.optf.cmso.topology.common.LogMessages; +import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; +import org.springframework.context.annotation.Profile; +import org.springframework.stereotype.Component; + +/** + * AAF authentication filter. + */ + +@Component +@Profile(SpringProfiles.AAF_AUTHENTICATION) +public class AafFilter extends OrderedRequestContextFilter { + + private final CadiFilter cadiFilter; + + /** + * Instantiates a new aaf filter. + * + * @throws IOException Signals that an I/O exception has occurred. + * @throws ServletException the servlet exception + */ + public AafFilter() throws IOException, ServletException { + Properties cadiProperties = new Properties(); + cadiProperties.load(Application.class.getClassLoader().getResourceAsStream("cadi.properties")); + cadiFilter = new CadiFilter(new PropAccess(cadiProperties)); + this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority()); + } + + @Override + protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) + throws IOException, ServletException { + cadiFilter.doFilter(request, response, filterChain); + if (response.getStatus() == 401) { + Observation.report(LogMessages.UNAUTHENTICATED); + ResponseFormatter.errorResponse(request, response, + new CmsoException(LogMessages.UNAUTHENTICATED.getStatus(), + LogMessages.UNAUTHENTICATED, "")); + } + } + + +} diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafPerm.java b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafPerm.java new file mode 100644 index 0000000..db58156 --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafPerm.java @@ -0,0 +1,137 @@ +/******************************************************************************* + * Copyright © 2019 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + ******************************************************************************/ + +package org.onap.optf.cmso.aaf; + +import java.util.HashSet; +import java.util.Set; +import org.onap.aaf.cadi.aaf.AAFPermission; + + +/** + * The Class AafPerm. + */ +public class AafPerm { + private String type; + private String instance; + private String action; + private Set actions = new HashSet<>(); + + /** + * Gets the action. + * + * @return the action + */ + public String getAction() { + return action; + } + + /** + * Sets the action. + * + * @param action the new action + */ + public void setAction(String action) { + this.action = action; + String[] list = action.split(","); + for (String a : list) { + actions.add(a); + } + } + + /** + * Gets the type. + * + * @return the type + */ + public String getType() { + return type; + } + + /** + * Sets the type. + * + * @param type the new type + */ + public void setType(String type) { + this.type = type; + } + + /** + * Gets the single instance of AafPerm. + * + * @return single instance of AafPerm + */ + public String getInstance() { + return instance; + } + + /** + * Sets the instance. + * + * @param instance the new instance + */ + public void setInstance(String instance) { + this.instance = instance; + } + + /** + * Gets the actions. + * + * @return the actions + */ + public Set getActions() { + return actions; + } + + /** + * Sets the actions. + * + * @param actions the new actions + */ + public void setActions(Set actions) { + this.actions = actions; + } + + /** + * Matches. + * + * @param userPerm the user perm + * @return true, if successful + */ + public boolean matches(AAFPermission userPerm) { + if (type.equals(userPerm.getType())) { + if (userPerm.getInstance().equals("*") || instance.equals("*") || userPerm.getInstance().equals(instance)) { + for (String userAction : userPerm.getAction().split(",")) { + if (userAction.equals("*") || actions.contains("*") || actions.contains(userAction)) { + return true; + } + } + } + } + return false; + } +} diff --git a/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafSecurityConfig.java b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafSecurityConfig.java new file mode 100644 index 0000000..787d786 --- /dev/null +++ b/cmso-topology/src/main/java/org/onap/optf/cmso/aaf/AafSecurityConfig.java @@ -0,0 +1,56 @@ +/* + * Copyright © 2019 AT&T Intellectual Property. + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except + * in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License + * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the License for the specific language governing permissions and limitations under + * the License. + * + * + * Unless otherwise specified, all documentation contained herein is licensed under the Creative + * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except + * in compliance with the License. You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation distributed under the + * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.onap.optf.cmso.aaf; + +import org.onap.optf.cmso.topology.SpringProfiles; +import org.springframework.context.annotation.ComponentScan; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; + +@Configuration +@EnableWebSecurity +@ComponentScan("org.onap.optf") +@Profile(SpringProfiles.AAF_AUTHENTICATION) +public class AafSecurityConfig extends WebSecurityConfigurerAdapter { + + + @Override + protected void configure(AuthenticationManagerBuilder auth) throws Exception { + + } + + @Override + protected void configure(HttpSecurity http) throws Exception { + + http.csrf().disable(); + + } +} -- cgit 1.2.3-korg