diff options
Diffstat (limited to 'src/main/java')
3 files changed, 60 insertions, 54 deletions
diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 52931340a..516325cbe 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -36,6 +36,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.camel.component.servlet.CamelHttpTransportServlet; +import org.onap.aaf.cadi.principal.X509Principal; import org.onap.clamp.clds.service.SecureServicePermission; import org.springframework.context.ApplicationContext; import org.springframework.http.HttpStatus; @@ -61,6 +62,33 @@ public class ClampServlet extends CamelHttpTransportServlet { public static final String PERM_VF = "clamp.config.security.permission.type.filter.vf"; public static final String PERM_MANAGE = "clamp.config.security.permission.type.cl.manage"; public static final String PERM_TOSCA = "clamp.config.security.permission.type.tosca"; + private static List<SecureServicePermission> permissionList; + + private synchronized List<SecureServicePermission> getPermissionList() { + if (permissionList == null) { + permissionList=new ArrayList<>(); + ApplicationContext applicationContext = WebApplicationContextUtils + .getWebApplicationContext(getServletContext()); + String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE); + permissionList.add(SecureServicePermission.create(applicationContext.getEnvironment().getProperty(PERM_CL), + cldsPermissionInstance, "read")); + permissionList.add(SecureServicePermission.create(applicationContext.getEnvironment().getProperty(PERM_CL), + cldsPermissionInstance, "update")); + permissionList.add(SecureServicePermission.create( + applicationContext.getEnvironment().getProperty(PERM_TEMPLATE), cldsPermissionInstance, "read")); + permissionList.add(SecureServicePermission.create( + applicationContext.getEnvironment().getProperty(PERM_TEMPLATE), cldsPermissionInstance, "update")); + permissionList.add(SecureServicePermission.create(applicationContext.getEnvironment().getProperty(PERM_VF), + cldsPermissionInstance, "*")); + permissionList.add(SecureServicePermission + .create(applicationContext.getEnvironment().getProperty(PERM_MANAGE), cldsPermissionInstance, "*")); + permissionList.add(SecureServicePermission + .create(applicationContext.getEnvironment().getProperty(PERM_TOSCA), cldsPermissionInstance, "read")); + permissionList.add(SecureServicePermission + .create(applicationContext.getEnvironment().getProperty(PERM_TOSCA), cldsPermissionInstance, "update")); + } + return permissionList; + } /** * When AAF is enabled, request object will contain a cadi Wrapper, so queries @@ -69,43 +97,18 @@ public class ClampServlet extends CamelHttpTransportServlet { @Override protected void doService(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - List<SecureServicePermission> permissionList = new ArrayList<>(); - - ApplicationContext applicationContext = WebApplicationContextUtils - .getWebApplicationContext(this.getServletContext()); - String cldsPersmissionTypeCl = applicationContext.getEnvironment().getProperty(PERM_CL); - String cldsPermissionTypeTemplate = applicationContext.getEnvironment().getProperty(PERM_TEMPLATE); - String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE); - String cldsPermissionTypeFilterVf = applicationContext.getEnvironment().getProperty(PERM_VF); - String cldsPermissionTypeClManage = applicationContext.getEnvironment().getProperty(PERM_MANAGE); - String cldsPermissionTypeTosca = applicationContext.getEnvironment().getProperty(PERM_TOSCA); - - // set the stragety to Mode_Global, so that all thread is able to - // see the authentication - SecurityContextHolder.setStrategyName(SecurityContextHolder.MODE_GLOBAL); Principal p = request.getUserPrincipal(); - if (null != p) { - permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read")); - permissionList.add(SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update")); - permissionList - .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "read")); - permissionList - .add(SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, "update")); - permissionList.add(SecureServicePermission.create(cldsPermissionTypeFilterVf, cldsPermissionInstance, "*")); - permissionList.add(SecureServicePermission.create(cldsPermissionTypeClManage, cldsPermissionInstance, "*")); - permissionList.add(SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "read")); - permissionList - .add(SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "update")); - + if (p instanceof X509Principal) { + // When AAF is enabled, there is a need to provision the permissions to Spring + // system List<GrantedAuthority> grantedAuths = new ArrayList<>(); - for (SecureServicePermission perm : permissionList) { + for (SecureServicePermission perm : getPermissionList()) { String permString = perm.toString(); if (request.isUserInRole(permString)) { grantedAuths.add(new SimpleGrantedAuthority(permString)); } } - Authentication auth = new UsernamePasswordAuthenticationToken(new User(p.getName(), "", grantedAuths), "", grantedAuths); SecurityContextHolder.getContext().setAuthentication(auth); diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java index 13dccdacb..8bc6f69dc 100644 --- a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java @@ -29,7 +29,6 @@ import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Component; @Configuration @Profile("clamp-aaf-authentication") @@ -54,7 +53,11 @@ public class AAFConfiguration { public FilterRegistrationBean cadiFilterRegistration() { FilterRegistrationBean registration = new FilterRegistrationBean(); registration.setFilter(cadiFilter()); - registration.addUrlPatterns("/restservices/*"); + registration.addUrlPatterns("/restservices/clds/v1/clds/*"); + registration.addUrlPatterns("/restservices/clds/v1/cldsTempate/*"); + registration.addUrlPatterns("/restservices/clds/v1/tosca/*"); + registration.addUrlPatterns("/restservices/clds/v1/dictionary/*"); + registration.addUrlPatterns("/restservices/clds/v1/user/*"); //registration.addUrlPatterns("*"); registration.setName("cadiFilter"); registration.setOrder(0); diff --git a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java index cdb2e29c5..759edb1d9 100644 --- a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java @@ -18,7 +18,7 @@ * limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
package org.onap.clamp.clds.util;
@@ -31,21 +31,21 @@ import java.net.InetAddress; import java.net.UnknownHostException;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
-import java.util.Date;
-import java.util.TimeZone;
-import java.util.UUID;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
-import javax.validation.constraints.NotNull;
+import java.util.Date;
+import java.util.TimeZone;
+import java.util.UUID;
+
import javax.servlet.http.HttpServletRequest;
+import javax.validation.constraints.NotNull;
+import org.onap.clamp.clds.service.DefaultUserNameHandler;
import org.slf4j.MDC;
import org.slf4j.event.Level;
import org.springframework.security.core.context.SecurityContextHolder;
-import org.onap.clamp.clds.service.DefaultUserNameHandler;
-
/**
* This class handles the special info that appear in the log, like RequestID,
* time context, ...
@@ -66,7 +66,7 @@ public class LoggingUtils { * Constructor
*/
public LoggingUtils(final EELFLogger loggerP) {
- this.mLogger = checkNotNull(loggerP);
+ this.mLogger = checkNotNull(loggerP);
}
/**
@@ -86,7 +86,7 @@ public class LoggingUtils { MDC.put("ServerIPAddress", InetAddress.getLocalHost().getHostAddress());
} catch (UnknownHostException e) {
logger.error("Failed to initiate setRequestContext", e);
- }
+ }
}
/**
@@ -149,7 +149,7 @@ public class LoggingUtils { * @return A string with the request ID
*/
public static String getRequestId() {
- String requestId = (String) MDC.get(ONAPLogConstants.MDCs.REQUEST_ID);
+ String requestId = MDC.get(ONAPLogConstants.MDCs.REQUEST_ID);
if (requestId == null || requestId.isEmpty()) {
requestId = UUID.randomUUID().toString();
MDC.put(ONAPLogConstants.MDCs.REQUEST_ID, requestId);
@@ -162,9 +162,9 @@ public class LoggingUtils { dateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
return dateFormat;
}
-
-
-
+
+
+
/*********************************************************************************************
* Method for ONAP Application Logging Specification v1.2
********************************************************************************************/
@@ -181,7 +181,7 @@ public class LoggingUtils { final String requestID = defaultToUUID(request.getHeader(ONAPLogConstants.Headers.REQUEST_ID));
final String invocationID = defaultToUUID(request.getHeader(ONAPLogConstants.Headers.INVOCATION_ID));
final String partnerName = defaultToEmpty(request.getHeader(ONAPLogConstants.Headers.PARTNER_NAME));
-
+
// Default the partner name to the user name used to login to clamp
if (partnerName.equalsIgnoreCase(EMPTY_MESSAGE)) {
MDC.put(ONAPLogConstants.MDCs.PARTNER_NAME, new DefaultUserNameHandler().retrieveUserName(SecurityContextHolder.getContext()));
@@ -192,8 +192,8 @@ public class LoggingUtils { // depending on where you need them to appear, OR extend the
// ServiceDescriptor to add them.
MDC.put(ONAPLogConstants.MDCs.ENTRY_TIMESTAMP,
- ZonedDateTime.now(ZoneOffset.UTC)
- .format(DateTimeFormatter.ISO_INSTANT));
+ ZonedDateTime.now(ZoneOffset.UTC)
+ .format(DateTimeFormatter.ISO_INSTANT));
MDC.put(ONAPLogConstants.MDCs.REQUEST_ID, requestID);
MDC.put(ONAPLogConstants.MDCs.INVOCATION_ID, invocationID);
MDC.put(ONAPLogConstants.MDCs.CLIENT_IP_ADDRESS, defaultToEmpty(request.getRemoteAddr()));
@@ -203,7 +203,7 @@ public class LoggingUtils { // Default the service name to the requestURI, in the event that
// no value has been provided.
if (serviceName == null ||
- serviceName.equalsIgnoreCase(EMPTY_MESSAGE)) {
+ serviceName.equalsIgnoreCase(EMPTY_MESSAGE)) {
MDC.put(ONAPLogConstants.MDCs.SERVICE_NAME, request.getRequestURI());
}
@@ -217,7 +217,7 @@ public class LoggingUtils { */
public void exiting(String code, String descrption, Level severity, ONAPLogConstants.ResponseStatus status) {
try {
- MDC.put(ONAPLogConstants.MDCs.RESPONSE_CODE, defaultToEmpty(code));
+ MDC.put(ONAPLogConstants.MDCs.RESPONSE_CODE, defaultToEmpty(code));
MDC.put(ONAPLogConstants.MDCs.RESPONSE_DESCRIPTION, defaultToEmpty(descrption));
MDC.put(ONAPLogConstants.MDCs.RESPONSE_SEVERITY, defaultToEmpty(severity));
MDC.put(ONAPLogConstants.MDCs.RESPONSE_STATUS_CODE, defaultToEmpty(status));
@@ -241,11 +241,11 @@ public class LoggingUtils { // Set standard HTTP headers on (southbound request) builder.
con.setRequestProperty(ONAPLogConstants.Headers.REQUEST_ID,
- defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.REQUEST_ID)));
+ defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.REQUEST_ID)));
con.setRequestProperty(ONAPLogConstants.Headers.INVOCATION_ID,
- invocationID);
+ invocationID);
con.setRequestProperty(ONAPLogConstants.Headers.PARTNER_NAME,
- defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.PARTNER_NAME)));
+ defaultToEmpty(MDC.get(ONAPLogConstants.MDCs.PARTNER_NAME)));
invokeContext(targetEntity, targetServiceName, invocationID);
@@ -314,8 +314,8 @@ public class LoggingUtils { MDC.put(ONAPLogConstants.MDCs.TARGET_SERVICE_NAME, defaultToEmpty(targetServiceName));
MDC.put(ONAPLogConstants.MDCs.INVOCATIONID_OUT, invocationID);
MDC.put(ONAPLogConstants.MDCs.INVOKE_TIMESTAMP,
- ZonedDateTime.now(ZoneOffset.UTC)
- .format(DateTimeFormatter.ISO_INSTANT));
+ ZonedDateTime.now(ZoneOffset.UTC)
+ .format(DateTimeFormatter.ISO_INSTANT));
}
/**
|