summaryrefslogtreecommitdiffstats
path: root/src/main/java/org/onap
diff options
context:
space:
mode:
authorsebdet <sd378r@intl.att.com>2018-09-05 18:07:57 +0200
committersebdet <sd378r@intl.att.com>2018-09-05 18:07:57 +0200
commit86bf8ee150a66ee4c389f3289412d418a83ada0f (patch)
tree90ad826a73580f6940ae502d27b25a87c5d1e68f /src/main/java/org/onap
parent1be1c979332d7665c6fa1da9bc4f97c4259eb0cc (diff)
Fix healthcheck
Fix healthcheck and creds system due to AAF changes Issue-ID: CLAMP-213 Change-Id: Idcc9a369ab384a1bba86b80f81a75a4631d8604e Signed-off-by: sebdet <sd378r@intl.att.com>
Diffstat (limited to 'src/main/java/org/onap')
-rw-r--r--src/main/java/org/onap/clamp/clds/ClampServlet.java61
-rw-r--r--src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java7
-rw-r--r--src/main/java/org/onap/clamp/clds/util/LoggingUtils.java46
3 files changed, 60 insertions, 54 deletions
diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java
index 52931340a..516325cbe 100644
--- a/src/main/java/org/onap/clamp/clds/ClampServlet.java
+++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java
@@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.camel.component.servlet.CamelHttpTransportServlet;
+import org.onap.aaf.cadi.principal.X509Principal;
import org.onap.clamp.clds.service.SecureServicePermission;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpStatus;
@@ -61,6 +62,33 @@ public class ClampServlet extends CamelHttpTransportServlet {
public static final String PERM_VF = "clamp.config.security.permission.type.filter.vf";
public static final String PERM_MANAGE = "clamp.config.security.permission.type.cl.manage";
public static final String PERM_TOSCA = "clamp.config.security.permission.type.tosca";
+ private static List<SecureServicePermission> permissionList;
+
+ private synchronized List<SecureServicePermission> getPermissionList() {
+ if (permissionList == null) {
+ permissionList=new ArrayList<>();
+ ApplicationContext applicationContext = WebApplicationContextUtils
+ .getWebApplicationContext(getServletContext());
+ String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE);
+ permissionList.add(SecureServicePermission.create(applicationContext.getEnvironment().getProperty(PERM_CL),
+ cldsPermissionInstance, "read"));
+ permissionList.add(SecureServicePermission.create(applicationContext.getEnvironment().getProperty(PERM_CL),
+ cldsPermissionInstance, "update"));
+ permissionList.add(SecureServicePermission.create(
+ applicationContext.getEnvironment().getProperty(PERM_TEMPLATE), cldsPermissionInstance, "read"));
+ permissionList.add(SecureServicePermission.create(
+ applicationContext.getEnvironment().getProperty(PERM_TEMPLATE), cldsPermissionInstance, "update"));
+ permissionList.add(SecureServicePermission.create(applicationContext.getEnvironment().getProperty(PERM_VF),
+ cldsPermissionInstance, "*"));
+ permissionList.add(SecureServicePermission
+ .create(applicationContext.getEnvironment().getProperty(PERM_MANAGE), cldsPermissionInstance, "*"));
+ permissionList.add(SecureServicePermission
+ .create(applicationContext.getEnvironment().getProperty(PERM_TOSCA), cldsPermissionInstance, "read"));
+ permissionList.add(SecureServicePermission
+ .create(applicationContext.getEnvironment().getProperty(PERM_TOSCA), cldsPermissionInstance, "update"));
+ }
+ return permissionList;
+ }
/**
* When AAF is enabled, request object will contain a cadi Wrapper, so queries
@@ -69,43 +97,18 @@ public class ClampServlet extends CamelHttpTransportServlet {
@Override
protected void doService(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
- List<SecureServicePermission> permissionList = new ArrayList<>();
-
- ApplicationContext applicationContext = WebApplicationContextUtils
- .getWebApplicationContext(this.getServletContext());
- String cldsPersmissionTypeCl = applicationContext.getEnvironment().getProperty(PERM_CL);
- String cldsPermissionTypeTemplate = applicationContext.getEnvironment().getProperty(PERM_TEMPLATE);
- String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE);
- String cldsPermissionTypeFilterVf = applicationContext.getEnvironment().getProperty(PERM_VF);
- String cldsPermissionTypeClManage = applicationContext.getEnvironment().getProperty(PERM_MANAGE);
- String cldsPermissionTypeTosca = applicationContext.getEnvironment().getProperty(PERM_TOSCA);
-
- // set the stragety to Mode_Global, so that all thread is able to
- // see the authentication
- SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL);
Principal p = request.getUserPrincipal();
- if (null != p) {
- permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read"));
- permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update"));
- permissionList
- .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "read"));
- permissionList
- .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "update"));
- permissionList.add(SecureServicePermission.create(cldsPermissionTypeFilterVf, cldsPermissionInstance, "*"));
- permissionList.add(SecureServicePermission.create(cldsPermissionTypeClManage, cldsPermissionInstance, "*"));
- permissionList.add(SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "read"));
- permissionList
- .add(SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "update"));
-
+ if (p instanceof X509Principal) {
+ // When AAF is enabled, there is a need to provision the permissions to Spring
+ // system
List<GrantedAuthority> grantedAuths = new ArrayList<>();
- for (SecureServicePermission perm : permissionList) {
+ for (SecureServicePermission perm : getPermissionList()) {
String permString = perm.toString();
if (request.isUserInRole(permString)) {
grantedAuths.add(new SimpleGrantedAuthority(permString));
}
}
-
Authentication auth = new UsernamePasswordAuthenticationToken(new User(p.getName(), "", grantedAuths), "",
grantedAuths);
SecurityContextHolder.getContext().setAuthentication(auth);
diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java
index 13dccdacb..8bc6f69dc 100644
--- a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java
+++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java
@@ -29,7 +29,6 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
-import org.springframework.stereotype.Component;
@Configuration
@Profile("clamp-aaf-authentication")
@@ -54,7 +53,11 @@ public class AAFConfiguration {
public FilterRegistrationBean cadiFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(cadiFilter());
- registration.addUrlPatterns("/restservices/*");
+ registration.addUrlPatterns("/restservices/clds/v1/clds/*");
+ registration.addUrlPatterns("/restservices/clds/v1/cldsTempate/*");
+ registration.addUrlPatterns("/restservices/clds/v1/tosca/*");
+ registration.addUrlPatterns("/restservices/clds/v1/dictionary/*");
+ registration.addUrlPatterns("/restservices/clds/v1/user/*");
//registration.addUrlPatterns("*");
registration.setName("cadiFilter");
registration.setOrder(0);
diff --git a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java
index cdb2e29c5..759edb1d9 100644
--- a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java
+++ b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java
@@ -18,7 +18,7 @@
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.clamp.clds.util;
@@ -31,21 +31,21 @@ import java.net.InetAddress;
import java.net.UnknownHostException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.TimeZone;
-import java.util.UUID;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
-import javax.validation.constraints.NotNull;
+import java.util.Date;
+import java.util.TimeZone;
+import java.util.UUID;
+
import javax.servlet.http.HttpServletRequest;
+import javax.validation.constraints.NotNull;
+import org.onap.clamp.clds.service.DefaultUserNameHandler;
import org.slf4j.MDC;
import org.slf4j.event.Level;
import org.springframework.security.core.context.SecurityContextHolder;
-import org.onap.clamp.clds.service.DefaultUserNameHandler;
-
/**
* This class handles the special info that appear in the log, like RequestID,
* time context, ...
@@ -66,7 +66,7 @@ public class LoggingUtils {
* Constructor
*/
public LoggingUtils(final EELFLogger loggerP) {
- this.mLogger = checkNotNull(loggerP);
+ this.mLogger = checkNotNull(loggerP);
}
/**
@@ -86,7 +86,7 @@ public class LoggingUtils {
MDC.put("ServerIPAddress", InetAddress.getLocalHost().getHostAddress());
} catch (UnknownHostException e) {
logger.error("Failed to initiate setRequestContext", e);
- }
+ }
}
/**
@@ -149,7 +149,7 @@ public class LoggingUtils {
* @return A string with the request ID
*/
public static String getRequestId() {
- String requestId = (String) MDC.get(ONAPLogConstants.MDCs.REQUEST_ID);
+ String requestId = MDC.get(ONAPLogConstants.MDCs.REQUEST_ID);
if (requestId == null || requestId.isEmpty()) {
requestId = UUID.randomUUID().toString();
MDC.put(ONAPLogConstants.MDCs.REQUEST_ID, requestId);
@@ -162,9 +162,9 @@ public class LoggingUtils {
dateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
return dateFormat;
}
-
-
-
+
+
+
/*********************************************************************************************
* Method for ONAP Application Logging Specification v1.2
********************************************************************************************/
@@ -181,7 +181,7 @@ public class LoggingUtils {
final String requestID = defaultToUUID(request.getHeader(ONAPLogConstants.Headers.REQUEST_ID));
final String invocationID = defaultToUUID(request.getHeader(ONAPLogConstants.Headers.INVOCATION_ID));
final String partnerName = defaultToEmpty(request.getHeader(ONAPLogConstants.Headers.PARTNER_NAME));
-
+
// Default the partner name to the user name used to login to clamp
if (partnerName.equalsIgnoreCase(EMPTY_MESSAGE)) {
MDC.put(ONAPLogConstants.MDCs.PARTNER_NAME, new DefaultUserNameHandler().retrieveUserName(SecurityContextHolder.getContext()));
@@ -192,8 +192,8 @@ public class LoggingUtils {
// depending on where you need them to appear, OR extend the
// ServiceDescriptor to add them.
MDC.put(ONAPLogConstants.MDCs.ENTRY_TIMESTAMP,
- ZonedDateTime.now(ZoneOffset.UTC)
- .format(DateTimeFormatter.ISO_INSTANT));
+ ZonedDateTime.now(ZoneOffset.UTC)
+ .format(DateTimeFormatter.ISO_INSTANT));
MDC.put(ONAPLogConstants.MDCs.REQUEST_ID, requestID);
MDC.put(ONAPLogConstants.MDCs.INVOCATION_ID, invocationID);
MDC.put(ONAPLogConstants.MDCs.CLIENT_IP_ADDRESS, defaultToEmpty(request.getRemoteAddr()));
@@ -203,7 +203,7 @@ public class LoggingUtils {
// Default the service name to the requestURI, in the event that
// no value has been provided.
if (serviceName == null ||
- serviceName.equalsIgnoreCase(EMPTY_MESSAGE)) {
+ serviceName.equalsIgnoreCase(EMPTY_MESSAGE)) {
MDC.put(ONAPLogConstants.MDCs.SERVICE_NAME, request.getRequestURI());
}
@@ -217,7 +217,7 @@ public class LoggingUtils {
*/
public void exiting(String code, String descrption, Level severity, ONAPLogConstants.ResponseStatus status) {
try {
- MDC.put(ONAPLogConstants.MDCs.RESPONSE_CODE, defaultToEmpty(code));
+ MDC.put(ONAPLogConstants.MDCs.RESPONSE_CODE, defaultToEmpty(code));
MDC.put(ONAPLogConstants.MDCs.RESPONSE_DESCRIPTION, defaultToEmpty(descrption));
MDC.put(ONAPLogConstants.MDCs.RESPONSE_SEVERITY, defaultToEmpty(severity));
MDC.put(ONAPLogConstants.MDCs.RESPONSE_STATUS_CODE, defaultToEmpty(status));
@@ -241,11 +241,11 @@ public class LoggingUtils {
// Set standard HTTP headers on (southbound request) builder.
con.setRequestProperty(ONAPLogConstants.Headers.REQUEST_ID,
- defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.REQUEST_ID)));
+ defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.REQUEST_ID)));
con.setRequestProperty(ONAPLogConstants.Headers.INVOCATION_ID,
- invocationID);
+ invocationID);
con.setRequestProperty(ONAPLogConstants.Headers.PARTNER_NAME,
- defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.PARTNER_NAME)));
+ defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.PARTNER_NAME)));
invokeContext(targetEntity, targetServiceName, invocationID);
@@ -314,8 +314,8 @@ public class LoggingUtils {
MDC.put(ONAPLogConstants.MDCs.TARGET_SERVICE_NAME, defaultToEmpty(targetServiceName));
MDC.put(ONAPLogConstants.MDCs.INVOCATIONID_OUT, invocationID);
MDC.put(ONAPLogConstants.MDCs.INVOKE_TIMESTAMP,
- ZonedDateTime.now(ZoneOffset.UTC)
- .format(DateTimeFormatter.ISO_INSTANT));
+ ZonedDateTime.now(ZoneOffset.UTC)
+ .format(DateTimeFormatter.ISO_INSTANT));
}
/**