summaryrefslogtreecommitdiffstats
path: root/src/main/java/org
diff options
context:
space:
mode:
authorxg353y <xg353y@intl.att.com>2018-05-08 16:21:39 +0200
committerSébastien Determe <sd378r@intl.att.com>2018-06-11 12:29:28 +0000
commite640955cbe2c2c39aaa897476ceaac156072133f (patch)
treeb0e793d158ea00485213fba82fbbbeef1331a59b /src/main/java/org
parent2c0ec04d5978a0eaf9b13d9830d0398e8aed0e66 (diff)
Integrate AAF
Integrate AAF framework into Clamp. Issue-ID: CLAMP-103 Change-Id: I2ceeb2a85b8b5674e712b3924a96a2bd6fb71d68 Signed-off-by: xg353y <xg353y@intl.att.com>
Diffstat (limited to 'src/main/java/org')
-rw-r--r--src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java190
-rw-r--r--src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java75
-rw-r--r--src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java62
-rw-r--r--src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java56
-rw-r--r--src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java140
-rw-r--r--src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java91
-rw-r--r--src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java70
-rw-r--r--src/main/java/org/onap/clamp/clds/service/UserService.java11
8 files changed, 552 insertions, 143 deletions
diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java
new file mode 100644
index 000000000..93432c9f2
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java
@@ -0,0 +1,190 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.config;
+
+import java.util.Properties;
+
+import javax.servlet.Filter;
+
+import org.onap.clamp.clds.filter.ClampCadiFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@Configuration
+@Profile("clamp-aaf-authentication")
+@ConfigurationProperties(prefix = "clamp.config.cadi")
+public class AAFConfiguration {
+ private static final String CADI_KEY_FILE = "cadi_keyfile";
+ private static final String CADI_LOG_LEVEL = "cadi_loglevel";
+ private static final String LATITUDE = "cadi_latitude";
+ private static final String LONGITUDE = "cadi_longitude";
+ private static final String LOCATE_URL = "aaf_locate_url";
+ private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url";
+ private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url";
+ private static final String AAF_ENV = "aaf_env";
+ private static final String AAF_URL = "aaf_url";
+ private static final String X509_ISSUERS = "cadi_x509_issuers";
+
+ private String keyFile;
+ private String cadiLoglevel;
+ private String cadiLatitude;
+ private String cadiLongitude;
+ private String aafLocateUrl;
+ private String oauthTokenUrl;
+ private String oauthIntrospectUrl;
+ private String aafEnv;
+ private String aafUrl;
+ private String cadiX509Issuers;
+
+ /**
+ * Method to return clamp cadi filter.
+ *
+ * @return Filter
+ */
+ @Bean(name = "cadiFilter")
+ public Filter cadiFilter() {
+ return new ClampCadiFilter();
+ }
+
+ /**
+ * Method to register cadi filter.
+ *
+ * @return FilterRegistrationBean
+ */
+ @Bean
+ public FilterRegistrationBean cadiFilterRegistration() {
+ FilterRegistrationBean registration = new FilterRegistrationBean();
+ registration.setFilter(cadiFilter());
+ registration.addUrlPatterns("/restservices/*");
+ //registration.addUrlPatterns("*");
+ registration.setName("cadiFilter");
+ registration.setOrder(0);
+ return registration;
+ }
+
+ public String getKeyFile() {
+ return keyFile;
+ }
+
+ public void setKeyFile(String keyFile) {
+ this.keyFile = keyFile;
+ }
+
+ public String getCadiLoglevel() {
+ return cadiLoglevel;
+ }
+
+ public void setCadiLoglevel(String cadiLoglevel) {
+ this.cadiLoglevel = cadiLoglevel;
+ }
+
+ public String getCadiLatitude() {
+ return cadiLatitude;
+ }
+
+ public void setCadiLatitude(String cadiLatitude) {
+ this.cadiLatitude = cadiLatitude;
+ }
+
+ public String getCadiLongitude() {
+ return cadiLongitude;
+ }
+
+ public void setCadiLongitude(String cadiLongitude) {
+ this.cadiLongitude = cadiLongitude;
+ }
+
+ public String getAafLocateUrl() {
+ return aafLocateUrl;
+ }
+
+ public void setAafLocateUrl(String aafLocateUrl) {
+ this.aafLocateUrl = aafLocateUrl;
+ }
+
+ public String getOauthTokenUrl() {
+ return oauthTokenUrl;
+ }
+
+ public void setOauthTokenUrl(String oauthTokenUrl) {
+ this.oauthTokenUrl = oauthTokenUrl;
+ }
+
+ public String getOauthIntrospectUrl() {
+ return oauthIntrospectUrl;
+ }
+
+ public void setOauthIntrospectUrl(String oauthIntrospectUrl) {
+ this.oauthIntrospectUrl = oauthIntrospectUrl;
+ }
+
+ public String getAafEnv() {
+ return aafEnv;
+ }
+
+ public void setAafEnv(String aafEnv) {
+ this.aafEnv = aafEnv;
+ }
+
+ public String getAafUrl() {
+ return aafUrl;
+ }
+
+ public void setAafUrl(String aafUrl) {
+ this.aafUrl = aafUrl;
+ }
+
+ public String getCadiX509Issuers() {
+ return cadiX509Issuers;
+ }
+
+ public void setCadiX509Issuers(String cadiX509Issuers) {
+ this.cadiX509Issuers = cadiX509Issuers;
+ }
+
+ public Properties getProperties() {
+ Properties prop = System.getProperties();
+ //prop.put("cadi_prop_files", "");
+ prop.put(CADI_KEY_FILE, keyFile);
+ prop.put(CADI_LOG_LEVEL, cadiLoglevel);
+ prop.put(LATITUDE, cadiLatitude);
+ prop.put(LONGITUDE, cadiLongitude);
+ prop.put(LOCATE_URL, aafLocateUrl);
+ if (oauthTokenUrl != null) {
+ prop.put(OAUTH_TOKEN_URL, oauthTokenUrl);
+ }
+ if (oauthIntrospectUrl != null) {
+ prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl);
+ }
+ prop.put(AAF_ENV, aafEnv);
+ prop.put(AAF_URL, aafUrl);
+ prop.put(X509_ISSUERS, cadiX509Issuers);
+ return prop;
+ }
+} \ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java
new file mode 100644
index 000000000..a2b6c07d0
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java
@@ -0,0 +1,75 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.config;
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+/**
+ * Overwrite the key method isUserInRole and getUserPrincipal, to adapt to the Clamp default user verification
+ */
+public class ClampUserWrap extends HttpServletRequestWrapper {
+
+ private String user;
+ private List<String> roles = null;
+ private HttpServletRequest realRequest;
+
+ /**
+ * Standard Wrapper constructor for Delegate pattern
+ * @param request
+ */
+ public ClampUserWrap(HttpServletRequest request, String userName, List<String> roles){
+ super(request);
+
+ this.user = userName;
+ this.roles = roles;
+ this.realRequest = request;
+ }
+
+ @Override
+ public boolean isUserInRole(String role) {
+ if (roles == null) {
+ return this.realRequest.isUserInRole(role);
+ }
+ return roles.contains(role);
+ }
+
+ @Override
+ public Principal getUserPrincipal() {
+ if (this.user == null) {
+ return realRequest.getUserPrincipal();
+ }
+
+ // make an anonymous implementation to just return our user
+ return new Principal() {
+ @Override
+ public String getName() {
+ return user;
+ }
+ };
+ }
+}
diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java
new file mode 100644
index 000000000..e43aa114d
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java
@@ -0,0 +1,62 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.clamp.clds.config;
+
+import javax.servlet.Filter;
+
+import org.onap.clamp.clds.filter.ClampDefaultUserFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+
+@Configuration
+@Profile("clamp-default-user")
+public class DefaultUserConfiguration {
+
+ /**
+ * Method to return clamp default user filter.
+ *
+ * @return Filter
+ */
+ @Bean(name = "defaultUserFilter")
+ public Filter defaultUserFilter() {
+ return new ClampDefaultUserFilter();
+ }
+
+ /**
+ * Method to register defaultUserFilter.
+ *
+ * @return FilterRegistrationBean
+ */
+ @Bean
+ public FilterRegistrationBean defaultUserFilterRegistration() {
+ FilterRegistrationBean registration = new FilterRegistrationBean();
+ registration.setFilter(defaultUserFilter());
+ registration.addUrlPatterns("/restservices/*");
+ registration.setName("defaultUserFilter");
+ registration.setOrder(0);
+ return registration;
+ }
+
+} \ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java
new file mode 100644
index 000000000..f1d50c777
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java
@@ -0,0 +1,56 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.config;
+
+import org.springframework.context.annotation.Configuration;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.beans.factory.annotation.Value;
+
+@Configuration
+public class SSLConfiguration {
+ private static final String TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword";
+ private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
+
+ @Value("${server.ssl.trust:/opt/app/osaaf/client/local/truststoreONAP.p12}")
+ private String sslTruststoreFile;
+ @Value("${server.ssl.trust-password:changeit}")
+ private String sslTruststorePw;
+ @Value("${server.ssl.trust-type:PKCS12}")
+ private String sslTruststoreType;
+
+ @PostConstruct
+ private void configureSSL() {
+ if (!sslTruststoreFile.equals("none")) {
+ System.setProperty(TRUST_STORE, sslTruststoreFile);
+ }
+ if (!sslTruststoreType.equals("none")) {
+ System.setProperty(TRUST_STORE_TYPE, sslTruststoreType);
+ }
+ if (!sslTruststorePw.equals("none")) {
+ System.setProperty(TRUST_STORE_PW, sslTruststorePw);
+ }
+ }
+}
diff --git a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
index 961cc6b35..e69de29bb 100644
--- a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
+++ b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
@@ -1,140 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.clamp.clds.config.spring;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
-import java.io.IOException;
-
-import org.onap.clamp.clds.config.ClampProperties;
-import org.onap.clamp.clds.config.CldsUserJsonDecoder;
-import org.onap.clamp.clds.exception.CldsConfigException;
-import org.onap.clamp.clds.exception.CldsUsersException;
-import org.onap.clamp.clds.service.CldsUser;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-/**
- * This class is used to enable the HTTP authentication to login. It requires a
- * specific JSON file containing the user definition
- * (classpath:clds/clds-users.json).
- */
-@Configuration
-@EnableWebSecurity
-@Profile("clamp-spring-authentication")
-public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter {
-
- protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsSecurityConfigUsers.class);
- protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
- @Autowired
- private ClampProperties refProp;
- @Value("${clamp.config.security.permission.type.cl:permission-type-cl}")
- private String cldsPersmissionTypeCl;
- @Value("${CLDS_PERMISSION_INSTANCE:dev}")
- private String cldsPermissionInstance;
- @Value("${clamp.config.security.encoder:bcrypt}")
- private String cldsEncoderMethod;
- @Value("${clamp.config.security.encoder.bcrypt.strength:10}")
- private Integer cldsBcryptEncoderStrength;
-
- /**
- * This method configures on which URL the authorization will be enabled.
- */
- @Override
- protected void configure(HttpSecurity http) {
- try {
- http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
- .authenticated().anyRequest().permitAll().and().logout()
- .and().sessionManagement()
- .maximumSessions(1)
- .and().invalidSessionUrl("/designer/timeout.html");
-
- } catch (Exception e) {
- logger.error("Exception occurred during the setup of the Web users in memory", e);
- throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
- }
- }
-
- /**
- * This method is called by the framework and is used to load all the users
- * defined in cldsUsersFile variable (this file path can be configured in
- * the application.properties).
- *
- * @param auth
- */
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) {
- // configure algorithm used for password hashing
- final PasswordEncoder passwordEncoder = getPasswordEncoder();
-
- try {
- CldsUser[] usersList = loadUsers();
- // no users defined
- if (null == usersList) {
- logger.warn("No users defined. Users should be defined under clds-users.json");
- return;
- }
- for (CldsUser user : usersList) {
- auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
- .roles(user.getPermissionsString()).and().passwordEncoder(passwordEncoder);
- }
- } catch (Exception e) {
- logger.error("Exception occurred during the setup of the Web users in memory", e);
- throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
- }
- }
-
- /**
- * This method loads physically the JSON file and convert it to an Array of
- * CldsUser.
- *
- * @return The array of CldsUser
- * @throws IOException
- * In case of the file is not found
- */
- private CldsUser[] loadUsers() throws IOException {
- logger.info("Load from clds-users.properties");
- return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
- }
-
- /**
- * This methods returns the chosen encoder for password hashing.
- */
- private PasswordEncoder getPasswordEncoder() {
- if ("bcrypt".equals(cldsEncoderMethod)) {
- return new BCryptPasswordEncoder(cldsBcryptEncoderStrength);
- } else {
- throw new CldsConfigException("Invalid clamp.config.security.encoder value. 'bcrypt' is the only option at this time.");
- }
- }
-}
diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
new file mode 100644
index 000000000..1c3ba1cf6
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
@@ -0,0 +1,91 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.filter;
+
+import javax.servlet.FilterConfig;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import org.springframework.beans.factory.annotation.Value;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.clamp.clds.config.AAFConfiguration;
+
+public class ClampCadiFilter extends CadiFilter {
+ private static final String CADI_TRUST_STORE = "cadi_truststore";
+ private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password";
+ private static final String CADI_KEY_STORE = "cadi_keystore";
+ private static final String CADI_KEY_STORE_PW = "cadi_keystore_password";
+ private static final String ALIAS = "cadi_alias";
+
+ @Value("${server.ssl.key-store:none}")
+ private String keyStore;
+
+ @Value("${clamp.config.cadi.cadiKeystorePassword:none}")
+ private String keyStorePass;
+
+ @Value("${server.ssl.trust:none}")
+ private String trustStore;
+
+ @Value("${clamp.config.cadi.cadiTruststorePassword:none}")
+ private String trustStorePass;
+
+ @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
+ private String alias;
+
+ @Autowired
+ private AAFConfiguration aafConfiguration;
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ Properties props = aafConfiguration.getProperties();
+ props.setProperty(CADI_KEY_STORE, trimFileName(keyStore));
+ props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore));
+ props.setProperty(ALIAS, alias);
+ props.setProperty(CADI_KEY_STORE_PW, keyStorePass);
+ props.setProperty(CADI_TRUST_STORE_PW, trustStorePass);
+
+ super.init(filterConfig);
+ }
+
+ private String trimFileName (String fileName) {
+ int index= fileName.indexOf("file:");
+ if (index == -1) {
+ return fileName;
+ } else {
+ return fileName.substring(index+5);
+ }
+ }
+}
diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java
new file mode 100644
index 000000000..539e3c6a5
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java
@@ -0,0 +1,70 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.clamp.clds.filter;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.onap.clamp.clds.config.ClampProperties;
+import org.onap.clamp.clds.config.ClampUserWrap;
+import org.onap.clamp.clds.config.CldsUserJsonDecoder;
+import org.onap.clamp.clds.exception.CldsUsersException;
+import org.onap.clamp.clds.service.CldsUser;
+
+
+public class ClampDefaultUserFilter implements Filter {
+ private CldsUser defaultUser;
+ @Autowired
+ private ClampProperties refProp;
+
+ // Load the default user
+ public void init(FilterConfig cfg) throws ServletException {
+ try {
+ CldsUser[] users = CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
+ defaultUser = users[0];
+ } catch (IOException e) {
+ // not able to load default user
+ throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e);
+ }
+ }
+
+ // Call the ClampUserWrapper
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
+ HttpServletRequest hreq = (HttpServletRequest)req;
+ chain.doFilter(new ClampUserWrap(hreq, defaultUser.getUser(), Arrays.asList(defaultUser.getPermissionsString())), res);
+ }
+
+ public void destroy() {
+ }
+}
diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java
index d438a4715..996116090 100644
--- a/src/main/java/org/onap/clamp/clds/service/UserService.java
+++ b/src/main/java/org/onap/clamp/clds/service/UserService.java
@@ -18,7 +18,6 @@
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
*/
package org.onap.clamp.clds.service;
@@ -28,6 +27,8 @@ import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.SecurityContext;
import org.springframework.stereotype.Component;
@@ -41,6 +42,8 @@ import org.springframework.stereotype.Component;
MediaType.TEXT_PLAIN
})
public class UserService {
+ @Context
+ private SecurityContext securityContext;
/**
* REST service that returns the username.
@@ -49,9 +52,11 @@ public class UserService {
* @return the user name
*/
@GET
- @Path("/{userName}")
+ @Path("/getUser")
@Produces(MediaType.TEXT_PLAIN)
- public String getUser(@PathParam("userName") String userName) {
+ public String getUser() {
+ UserNameHandler userNameHandler = new DefaultUserNameHandler();
+ String userName = userNameHandler.retrieveUserName(securityContext);
return userName;
}
} \ No newline at end of file