diff options
Diffstat (limited to 'src/main/java/org')
9 files changed, 71 insertions, 45 deletions
diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java index 4a35f4583..2e43495b7 100644 --- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java +++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java @@ -30,7 +30,7 @@ import com.att.eelf.configuration.EELFManager; import java.util.Date; -import javax.ws.rs.NotAuthorizedException; +import org.onap.clamp.clds.exception.NotAuthorizedException; import org.apache.camel.Exchange; import org.onap.clamp.clds.config.ClampProperties; @@ -57,7 +57,7 @@ public class AuthorizationController { @Autowired private ClampProperties refProp; - private static final String PERM_PREFIX = "security.permission.type."; + public static final String PERM_PREFIX = "security.permission.type."; private static final String PERM_INSTANCE = "security.permission.instance"; /** diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 90d0693d1..86524d1c6 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -27,6 +27,15 @@ package org.onap.clamp.clds; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; + +import java.io.IOException; +import java.security.Principal; +import java.util.ArrayList; +import java.util.List; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.apache.camel.component.servlet.CamelHttpTransportServlet; import org.onap.clamp.clds.service.SecureServicePermission; import org.springframework.context.ApplicationContext; @@ -39,14 +48,6 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.userdetails.User; import org.springframework.web.context.support.WebApplicationContextUtils; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.security.Principal; -import java.util.ArrayList; -import java.util.List; - public class ClampServlet extends CamelHttpTransportServlet { /** @@ -100,7 +101,8 @@ public class ClampServlet extends CamelHttpTransportServlet { permissionList.add(SecureServicePermission .create(applicationContext.getEnvironment().getProperty(PERM_TOSCA), cldsPermissionInstance, READ)); permissionList.add(SecureServicePermission - .create(applicationContext.getEnvironment().getProperty(PERM_TOSCA), cldsPermissionInstance, UPDATE)); + .create(applicationContext.getEnvironment().getProperty(PERM_TOSCA), cldsPermissionInstance, + UPDATE)); } return permissionList; } @@ -122,8 +124,8 @@ public class ClampServlet extends CamelHttpTransportServlet { grantedAuths.add(new SimpleGrantedAuthority(permString)); } } - Authentication auth = new UsernamePasswordAuthenticationToken(new User(principal.getName(), "", grantedAuths), "", - grantedAuths); + Authentication auth = new UsernamePasswordAuthenticationToken(new User(principal.getName(), "", + grantedAuths), "", grantedAuths); SecurityContextHolder.getContext().setAuthentication(auth); } try { diff --git a/src/main/java/org/onap/clamp/clds/dao/CldsDao.java b/src/main/java/org/onap/clamp/clds/dao/CldsDao.java index 44228b226..16a6a748c 100644 --- a/src/main/java/org/onap/clamp/clds/dao/CldsDao.java +++ b/src/main/java/org/onap/clamp/clds/dao/CldsDao.java @@ -352,7 +352,7 @@ public class CldsDao { } /** - * Helper method to setup the base template properties + * Helper method to setup the base template properties. * * @param template * the template @@ -474,7 +474,7 @@ public class CldsDao { } /** - * Helper method to setup the event prop to the CldsEvent class + * Helper method to setup the event prop to the CldsEvent class. * * @param event * the clds event @@ -742,12 +742,13 @@ public class CldsDao { String dictElementShortName) { SimpleDateFormat sdf = new SimpleDateFormat(DATE_FORMAT); List<CldsDictionaryItem> dictionaryItems = new ArrayList<>(); - String dictionarySql = new StringBuilder("SELECT de.dict_element_id, de.dictionary_id, de.dict_element_name, " + - "de.dict_element_short_name, de.dict_element_description, de.dict_element_type, de.created_by, " + - "de.modified_by, de.timestamp FROM dictionary_elements de, " + - "dictionary d WHERE de.dictionary_id = d.dictionary_id") + String dictionarySql = new StringBuilder("SELECT de.dict_element_id, de.dictionary_id, de.dict_element_name, " + + "de.dict_element_short_name, de.dict_element_description, de.dict_element_type, de.created_by, " + + "de.modified_by, de.timestamp FROM dictionary_elements de, " + + "dictionary d WHERE de.dictionary_id = d.dictionary_id") .append((dictionaryId != null) ? (" AND d.dictionary_id = '" + dictionaryId + "'") : "") - .append((dictElementShortName != null) ? (" AND de.dict_element_short_name = '" + dictElementShortName + "'") : "") + .append((dictElementShortName != null) ? (" AND de.dict_element_short_name = '" + dictElementShortName + + "'") : "") .append((dictionaryName != null) ? (" AND dictionary_name = '" + dictionaryName + "'") : "").toString(); List<Map<String, Object>> rows = jdbcTemplateObject.queryForList(dictionarySql); @@ -780,8 +781,8 @@ public class CldsDao { */ public Map<String, String> getDictionaryElementsByType(String dictionaryElementType) { Map<String, String> dictionaryItems = new HashMap<>(); - String dictionarySql = new StringBuilder("SELECT dict_element_name, dict_element_short_name " + - "FROM dictionary_elements WHERE dict_element_type = '") + String dictionarySql = new StringBuilder("SELECT dict_element_name, dict_element_short_name " + + "FROM dictionary_elements WHERE dict_element_type = '") .append(dictionaryElementType).append("'").toString(); List<Map<String, Object>> rows = jdbcTemplateObject.queryForList(dictionarySql); diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java index e81cc15f7..63a913314 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsService.java @@ -5,6 +5,8 @@ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -203,7 +205,7 @@ public class CldsService extends SecureServiceBase { public List<CldsMonitoringDetails> getCldsDetails() { util.entering(request, "CldsService: GET model details"); Date startTime = new Date(); - List<CldsMonitoringDetails> cldsMonitoringDetailsList = cldsDao.getCldsMonitoringDetails(); + final List<CldsMonitoringDetails> cldsMonitoringDetailsList = cldsDao.getCldsMonitoringDetails(); // audit log LoggingUtils.setTimeContext(startTime, new Date()); auditLogger.info("GET cldsDetails completed"); @@ -223,7 +225,7 @@ public class CldsService extends SecureServiceBase { LoggingUtils.setTimeContext(startTime, new Date()); CldsInfoProvider cldsInfoProvider = new CldsInfoProvider(this); - CldsInfo cldsInfo = cldsInfoProvider.getCldsInfo(); + final CldsInfo cldsInfo = cldsInfoProvider.getCldsInfo(); // audit log LoggingUtils.setTimeContext(startTime, new Date()); @@ -245,7 +247,7 @@ public class CldsService extends SecureServiceBase { Date startTime = new Date(); isAuthorized(permissionReadCl); logger.info("GET bpmnText for modelName={}", modelName); - CldsModel model = CldsModel.retrieve(cldsDao, modelName, false); + final CldsModel model = CldsModel.retrieve(cldsDao, modelName, false); // audit log LoggingUtils.setTimeContext(startTime, new Date()); auditLogger.info("GET model bpmn completed"); @@ -266,7 +268,7 @@ public class CldsService extends SecureServiceBase { Date startTime = new Date(); isAuthorized(permissionReadCl); logger.info("GET imageText for modelName={}", modelName); - CldsModel model = CldsModel.retrieve(cldsDao, modelName, false); + final CldsModel model = CldsModel.retrieve(cldsDao, modelName, false); // audit log LoggingUtils.setTimeContext(startTime, new Date()); auditLogger.info("GET model image completed"); @@ -282,7 +284,7 @@ public class CldsService extends SecureServiceBase { */ public CldsModel getModel(String modelName) { util.entering(request, "CldsService: GET model"); - Date startTime = new Date(); + final Date startTime = new Date(); isAuthorized(permissionReadCl); logger.debug("GET model for modelName={}", modelName); CldsModel cldsModel = CldsModel.retrieve(cldsDao, modelName, false); @@ -323,7 +325,7 @@ public class CldsService extends SecureServiceBase { */ public CldsModel putModel(String modelName, CldsModel cldsModel) { util.entering(request, "CldsService: PUT model"); - Date startTime = new Date(); + final Date startTime = new Date(); isAuthorized(permissionUpdateCl); isAuthorizedForVf(cldsModel); logger.info("PUT model for modelName={}", modelName); @@ -350,7 +352,7 @@ public class CldsService extends SecureServiceBase { Date startTime = new Date(); isAuthorized(permissionReadCl); logger.info("GET list of model names"); - List<ValueItem> names = cldsDao.getModelNames(); + final List<ValueItem> names = cldsDao.getModelNames(); // audit log LoggingUtils.setTimeContext(startTime, new Date()); auditLogger.info("GET model names completed"); @@ -409,11 +411,11 @@ public class CldsService extends SecureServiceBase { model.save(cldsDao, getUserId()); // get vars and format if necessary - String prop = model.getPropText(); - String bpmn = model.getBpmnText(); - String docText = model.getDocText(); - String controlName = model.getControlName(); - String bpmnJson = cldsBpmnTransformer.doXslTransformToString(bpmn); + final String prop = model.getPropText(); + final String bpmn = model.getBpmnText(); + final String docText = model.getDocText(); + final String controlName = model.getControlName(); + final String bpmnJson = cldsBpmnTransformer.doXslTransformToString(bpmn); logger.info("PUT bpmnJson={}", bpmnJson); // Test flag coming from UI or from Clamp config boolean isTest = Boolean.parseBoolean(test) @@ -471,7 +473,7 @@ public class CldsService extends SecureServiceBase { */ public String postDcaeEvent(String test, DcaeEvent dcaeEvent) { util.entering(request, "CldsService: Post dcae event"); - Date startTime = new Date(); + final Date startTime = new Date(); String userid = null; // TODO: allow auth checking to be turned off by removing the permission // type property diff --git a/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java b/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java index f60c63830..d107731b0 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsTemplateService.java @@ -5,6 +5,8 @@ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -79,7 +81,7 @@ public class CldsTemplateService extends SecureServiceBase { Date startTime = new Date(); isAuthorized(permissionReadTemplate); logger.info("GET bpmnText for templateName=" + templateName); - CldsTemplate template = CldsTemplate.retrieve(cldsDao, templateName, false); + final CldsTemplate template = CldsTemplate.retrieve(cldsDao, templateName, false); // audit log LoggingUtils.setTimeContext(startTime, new Date()); auditLogger.info("GET template bpmn completed"); @@ -100,7 +102,7 @@ public class CldsTemplateService extends SecureServiceBase { Date startTime = new Date(); isAuthorized(permissionReadTemplate); logger.info("GET imageText for templateName=" + templateName); - CldsTemplate template = CldsTemplate.retrieve(cldsDao, templateName, false); + final CldsTemplate template = CldsTemplate.retrieve(cldsDao, templateName, false); // audit log LoggingUtils.setTimeContext(startTime, new Date()); auditLogger.info("GET template image completed"); @@ -116,7 +118,7 @@ public class CldsTemplateService extends SecureServiceBase { */ public CldsTemplate getTemplate(String templateName) { util.entering(request, "CldsTemplateService: GET template"); - Date startTime = new Date(); + final Date startTime = new Date(); isAuthorized(permissionReadTemplate); logger.info("GET model for templateName=" + templateName); CldsTemplate template = CldsTemplate.retrieve(cldsDao, templateName, false); @@ -137,7 +139,7 @@ public class CldsTemplateService extends SecureServiceBase { */ public CldsTemplate putTemplate(String templateName, CldsTemplate cldsTemplate) { util.entering(request, "CldsTemplateService: PUT template"); - Date startTime = new Date(); + final Date startTime = new Date(); isAuthorized(permissionUpdateTemplate); logger.info("PUT Template for templateName=" + templateName); logger.info("PUT bpmnText=" + cldsTemplate.getBpmnText()); @@ -162,7 +164,7 @@ public class CldsTemplateService extends SecureServiceBase { Date startTime = new Date(); isAuthorized(permissionReadTemplate); logger.info("GET list of template names"); - List<ValueItem> names = cldsDao.getTemplateNames(); + final List<ValueItem> names = cldsDao.getTemplateNames(); // audit log LoggingUtils.setTimeContext(startTime, new Date()); auditLogger.info("GET template names completed"); diff --git a/src/main/java/org/onap/clamp/clds/service/CldsToscaService.java b/src/main/java/org/onap/clamp/clds/service/CldsToscaService.java index f2c75ead1..81bafef47 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsToscaService.java +++ b/src/main/java/org/onap/clamp/clds/service/CldsToscaService.java @@ -5,6 +5,8 @@ * Copyright (C) 2018 AT&T Intellectual Property. All rights * reserved. * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at @@ -84,7 +86,7 @@ public class CldsToscaService extends SecureServiceBase { * type */ public ResponseEntity<?> parseToscaModelAndSave(String toscaModelName, CldsToscaModel cldsToscaModel) { - Date startTime = new Date(); + final Date startTime = new Date(); LoggingUtils.setRequestContext("CldsToscaService: Parse Tosca model and save", getPrincipalName()); // TODO revisit based on new permissions isAuthorized(permissionUpdateTosca); @@ -107,7 +109,7 @@ public class CldsToscaService extends SecureServiceBase { LoggingUtils.setRequestContext("CldsToscaService: Get All tosca models", getPrincipalName()); // TODO revisit based on new permissions isAuthorized(permissionReadTosca); - List<CldsToscaModel> cldsToscaModels = Optional.ofNullable(cldsDao.getAllToscaModels()).get(); + final List<CldsToscaModel> cldsToscaModels = Optional.ofNullable(cldsDao.getAllToscaModels()).get(); LoggingUtils.setTimeContext(startTime, new Date()); LoggingUtils.setResponseContext("0", "Get All tosca models success", this.getClass().getName()); auditLogger.info("Get All tosca models"); @@ -128,7 +130,8 @@ public class CldsToscaService extends SecureServiceBase { LoggingUtils.setRequestContext("CldsToscaService: Get tosca models by model name", getPrincipalName()); // TODO revisit based on new permissions isAuthorized(permissionReadTosca); - List<CldsToscaModel> cldsToscaModels = Optional.ofNullable(cldsDao.getToscaModelByName(toscaModelName)).get(); + final List<CldsToscaModel> cldsToscaModels = Optional.ofNullable(cldsDao.getToscaModelByName(toscaModelName)) + .get(); LoggingUtils.setTimeContext(startTime, new Date()); LoggingUtils.setResponseContext("0", "Get tosca models by model name success", this.getClass().getName()); auditLogger.info("GET tosca models by model name completed"); @@ -140,6 +143,7 @@ public class CldsToscaService extends SecureServiceBase { * from the database. * * @param policyType + * The type of the policy * @return clds tosca model - CLDS tosca model for a given policy type */ public CldsToscaModel getToscaModelsByPolicyType(String policyType) { @@ -147,7 +151,8 @@ public class CldsToscaService extends SecureServiceBase { LoggingUtils.setRequestContext("CldsToscaService: Get tosca models by policyType", getPrincipalName()); // TODO revisit based on new permissions isAuthorized(permissionReadTosca); - List<CldsToscaModel> cldsToscaModels = Optional.ofNullable(cldsDao.getToscaModelByPolicyType(policyType)).get(); + final List<CldsToscaModel> cldsToscaModels = Optional.ofNullable(cldsDao.getToscaModelByPolicyType(policyType)) + .get(); LoggingUtils.setTimeContext(startTime, new Date()); LoggingUtils.setResponseContext("0", "Get tosca models by policyType success", this.getClass().getName()); auditLogger.info("GET tosca models by policyType completed"); diff --git a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java index f08bf7b28..85aae0a5d 100644 --- a/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/CryptoUtils.java @@ -162,7 +162,7 @@ public final class CryptoUtils { private static SecretKeySpec readSecretKeySpec(String propertiesFileName) { Properties props = new Properties(); try { - //Workaround fix to make encryption key configurable + // Workaround fix to make encryption key configurable // System environment variable takes precedence for over clds/key.properties String encryptionKey = System.getenv(AES_ENCRYPTION_KEY); if(encryptionKey != null && encryptionKey.trim().length() > 0) { diff --git a/src/main/java/org/onap/clamp/clds/util/XmlTools.java b/src/main/java/org/onap/clamp/clds/util/XmlTools.java index a812fa127..a7d4ed9fb 100644 --- a/src/main/java/org/onap/clamp/clds/util/XmlTools.java +++ b/src/main/java/org/onap/clamp/clds/util/XmlTools.java @@ -24,6 +24,7 @@ package org.onap.clamp.clds.util; import java.io.StringWriter; +import javax.xml.XMLConstants; import javax.xml.transform.OutputKeys; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerException; @@ -39,6 +40,12 @@ import org.w3c.dom.Document; public class XmlTools { /** + * Private constructor to avoid creating instances of util class. + */ + private XmlTools(){ + } + + /** * Transforms document to XML string. * * @param doc XML document @@ -47,6 +54,7 @@ public class XmlTools { public static String exportXmlDocumentAsString(Document doc) { try { TransformerFactory tf = TransformerFactory.newInstance(); + tf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true); Transformer transformer = tf.newTransformer(); transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); StringWriter writer = new StringWriter(); diff --git a/src/main/java/org/onap/clamp/util/PrincipalUtils.java b/src/main/java/org/onap/clamp/util/PrincipalUtils.java index d6b20f30b..d6dfacbdb 100644 --- a/src/main/java/org/onap/clamp/util/PrincipalUtils.java +++ b/src/main/java/org/onap/clamp/util/PrincipalUtils.java @@ -38,6 +38,12 @@ public class PrincipalUtils { private static SecurityContext securityContext = SecurityContextHolder.getContext(); /** + * Private constructor to avoid creating instances of util class. + */ + private PrincipalUtils(){ + } + + /** * Get the Full name. * * @return The user name |