diff options
-rw-r--r-- | src/main/java/org/onap/clamp/clds/ClampServlet.java | 71 | ||||
-rw-r--r-- | src/main/java/org/onap/clamp/clds/util/ClampTimer.java | 55 |
2 files changed, 43 insertions, 83 deletions
diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 549b12f9f..52931340a 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -37,8 +37,8 @@ import javax.servlet.http.HttpServletResponse; import org.apache.camel.component.servlet.CamelHttpTransportServlet; import org.onap.clamp.clds.service.SecureServicePermission; -import org.onap.clamp.clds.util.ClampTimer; import org.springframework.context.ApplicationContext; +import org.springframework.http.HttpStatus; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; @@ -49,50 +49,54 @@ import org.springframework.web.context.support.WebApplicationContextUtils; public class ClampServlet extends CamelHttpTransportServlet { + /** + * + */ + private static final long serialVersionUID = -4198841134910211542L; + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampServlet.class); public static final String PERM_INSTANCE = "clamp.config.security.permission.instance"; public static final String PERM_CL = "clamp.config.security.permission.type.cl"; public static final String PERM_TEMPLATE = "clamp.config.security.permission.type.template"; public static final String PERM_VF = "clamp.config.security.permission.type.filter.vf"; public static final String PERM_MANAGE = "clamp.config.security.permission.type.cl.manage"; + public static final String PERM_TOSCA = "clamp.config.security.permission.type.tosca"; + /** + * When AAF is enabled, request object will contain a cadi Wrapper, so queries + * to isUserInRole will invoke a http call to AAF server. + */ @Override protected void doService(HttpServletRequest request, HttpServletResponse response) - throws ServletException, IOException { - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); + throws ServletException, IOException { List<SecureServicePermission> permissionList = new ArrayList<>(); - // Get Principal info and translate it into Spring Authentication If - // authenticataion is null: a) the authentication info was set manually - // in the previous thread b) handled by Spring automatically for the 2 - // cases above, no need for the translation, just skip the following - // step - if (null == authentication) { - logger.debug("Populate Spring Authenticataion info manually."); - ApplicationContext applicationContext = WebApplicationContextUtils - .getWebApplicationContext(this.getServletContext()); - // Start a timer to clear the authentication after 5 mins, so that - // the authentication will be reinitialized with AAF DB - new ClampTimer(300); - String cldsPersmissionTypeCl = applicationContext.getEnvironment().getProperty(PERM_CL); - String cldsPermissionTypeTemplate = applicationContext.getEnvironment().getProperty(PERM_TEMPLATE); - String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE); - String cldsPermissionTypeFilterVf = applicationContext.getEnvironment().getProperty(PERM_VF); - String cldsPermissionTypeClManage = applicationContext.getEnvironment().getProperty(PERM_MANAGE); + ApplicationContext applicationContext = WebApplicationContextUtils + .getWebApplicationContext(this.getServletContext()); - // set the stragety to Mode_Global, so that all thread is able to - // see the authentication - SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL); - Principal p = request.getUserPrincipal(); + String cldsPersmissionTypeCl = applicationContext.getEnvironment().getProperty(PERM_CL); + String cldsPermissionTypeTemplate = applicationContext.getEnvironment().getProperty(PERM_TEMPLATE); + String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE); + String cldsPermissionTypeFilterVf = applicationContext.getEnvironment().getProperty(PERM_VF); + String cldsPermissionTypeClManage = applicationContext.getEnvironment().getProperty(PERM_MANAGE); + String cldsPermissionTypeTosca = applicationContext.getEnvironment().getProperty(PERM_TOSCA); + // set the stragety to Mode_Global, so that all thread is able to + // see the authentication + SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL); + Principal p = request.getUserPrincipal(); + if (null != p) { permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read")); permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update")); permissionList - .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "read")); + .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "read")); permissionList - .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "update")); + .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "update")); permissionList.add(SecureServicePermission.create(cldsPermissionTypeFilterVf, cldsPermissionInstance, "*")); permissionList.add(SecureServicePermission.create(cldsPermissionTypeClManage, cldsPermissionInstance, "*")); + permissionList.add(SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "read")); + permissionList + .add(SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "update")); List<GrantedAuthority> grantedAuths = new ArrayList<>(); for (SecureServicePermission perm : permissionList) { @@ -101,10 +105,21 @@ public class ClampServlet extends CamelHttpTransportServlet { grantedAuths.add(new SimpleGrantedAuthority(permString)); } } + Authentication auth = new UsernamePasswordAuthenticationToken(new User(p.getName(), "", grantedAuths), "", - grantedAuths); + grantedAuths); SecurityContextHolder.getContext().setAuthentication(auth); } - super.doService(request, response); + try { + super.doService(request, response); + } catch (ServletException | IOException ioe) { + logger.error("Exception caught when executing doService in servlet", ioe); + try { + response.sendError(HttpStatus.INTERNAL_SERVER_ERROR.value()); + } catch (IOException e) { + logger.error("Exception caught when executing HTTP sendError in servlet", e); + } + } + } }
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/util/ClampTimer.java b/src/main/java/org/onap/clamp/clds/util/ClampTimer.java deleted file mode 100644 index d08e73a4a..000000000 --- a/src/main/java/org/onap/clamp/clds/util/ClampTimer.java +++ /dev/null @@ -1,55 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ -package org.onap.clamp.clds.util; - -import java.util.Timer; -import java.util.TimerTask; -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import org.springframework.security.core.context.SecurityContextHolder; - -/** - * Define the ClampTimer and CleanupTask, to clear up the Spring Authenticataion info when time is up. - */ - -public class ClampTimer { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampTimer.class); - Timer timer; - - public ClampTimer(int seconds) { - timer = new Timer(); - timer.schedule(new CleanupTask(), seconds*1000L); - } - - class CleanupTask extends TimerTask { - public void run() { - logger.debug("Time is up, clear the Spring authenticataion settings"); - //Clear up the spring authentication - SecurityContextHolder.getContext().setAuthentication(null); - //Terminate the timer thread - timer.cancel(); - } - } -}
\ No newline at end of file |