diff options
Diffstat (limited to 'src/main')
22 files changed, 867 insertions, 327 deletions
diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java new file mode 100644 index 000000000..93432c9f2 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java @@ -0,0 +1,190 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.clamp.clds.config; + +import java.util.Properties; + +import javax.servlet.Filter; + +import org.onap.clamp.clds.filter.ClampCadiFilter; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@Configuration +@Profile("clamp-aaf-authentication") +@ConfigurationProperties(prefix = "clamp.config.cadi") +public class AAFConfiguration { + private static final String CADI_KEY_FILE = "cadi_keyfile"; + private static final String CADI_LOG_LEVEL = "cadi_loglevel"; + private static final String LATITUDE = "cadi_latitude"; + private static final String LONGITUDE = "cadi_longitude"; + private static final String LOCATE_URL = "aaf_locate_url"; + private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url"; + private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url"; + private static final String AAF_ENV = "aaf_env"; + private static final String AAF_URL = "aaf_url"; + private static final String X509_ISSUERS = "cadi_x509_issuers"; + + private String keyFile; + private String cadiLoglevel; + private String cadiLatitude; + private String cadiLongitude; + private String aafLocateUrl; + private String oauthTokenUrl; + private String oauthIntrospectUrl; + private String aafEnv; + private String aafUrl; + private String cadiX509Issuers; + + /** + * Method to return clamp cadi filter. + * + * @return Filter + */ + @Bean(name = "cadiFilter") + public Filter cadiFilter() { + return new ClampCadiFilter(); + } + + /** + * Method to register cadi filter. + * + * @return FilterRegistrationBean + */ + @Bean + public FilterRegistrationBean cadiFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + registration.setFilter(cadiFilter()); + registration.addUrlPatterns("/restservices/*"); + //registration.addUrlPatterns("*"); + registration.setName("cadiFilter"); + registration.setOrder(0); + return registration; + } + + public String getKeyFile() { + return keyFile; + } + + public void setKeyFile(String keyFile) { + this.keyFile = keyFile; + } + + public String getCadiLoglevel() { + return cadiLoglevel; + } + + public void setCadiLoglevel(String cadiLoglevel) { + this.cadiLoglevel = cadiLoglevel; + } + + public String getCadiLatitude() { + return cadiLatitude; + } + + public void setCadiLatitude(String cadiLatitude) { + this.cadiLatitude = cadiLatitude; + } + + public String getCadiLongitude() { + return cadiLongitude; + } + + public void setCadiLongitude(String cadiLongitude) { + this.cadiLongitude = cadiLongitude; + } + + public String getAafLocateUrl() { + return aafLocateUrl; + } + + public void setAafLocateUrl(String aafLocateUrl) { + this.aafLocateUrl = aafLocateUrl; + } + + public String getOauthTokenUrl() { + return oauthTokenUrl; + } + + public void setOauthTokenUrl(String oauthTokenUrl) { + this.oauthTokenUrl = oauthTokenUrl; + } + + public String getOauthIntrospectUrl() { + return oauthIntrospectUrl; + } + + public void setOauthIntrospectUrl(String oauthIntrospectUrl) { + this.oauthIntrospectUrl = oauthIntrospectUrl; + } + + public String getAafEnv() { + return aafEnv; + } + + public void setAafEnv(String aafEnv) { + this.aafEnv = aafEnv; + } + + public String getAafUrl() { + return aafUrl; + } + + public void setAafUrl(String aafUrl) { + this.aafUrl = aafUrl; + } + + public String getCadiX509Issuers() { + return cadiX509Issuers; + } + + public void setCadiX509Issuers(String cadiX509Issuers) { + this.cadiX509Issuers = cadiX509Issuers; + } + + public Properties getProperties() { + Properties prop = System.getProperties(); + //prop.put("cadi_prop_files", ""); + prop.put(CADI_KEY_FILE, keyFile); + prop.put(CADI_LOG_LEVEL, cadiLoglevel); + prop.put(LATITUDE, cadiLatitude); + prop.put(LONGITUDE, cadiLongitude); + prop.put(LOCATE_URL, aafLocateUrl); + if (oauthTokenUrl != null) { + prop.put(OAUTH_TOKEN_URL, oauthTokenUrl); + } + if (oauthIntrospectUrl != null) { + prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl); + } + prop.put(AAF_ENV, aafEnv); + prop.put(AAF_URL, aafUrl); + prop.put(X509_ISSUERS, cadiX509Issuers); + return prop; + } +}
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java new file mode 100644 index 000000000..a2b6c07d0 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java @@ -0,0 +1,75 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.config; + +import java.security.Principal; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +/** + * Overwrite the key method isUserInRole and getUserPrincipal, to adapt to the Clamp default user verification + */ +public class ClampUserWrap extends HttpServletRequestWrapper { + + private String user; + private List<String> roles = null; + private HttpServletRequest realRequest; + + /** + * Standard Wrapper constructor for Delegate pattern + * @param request + */ + public ClampUserWrap(HttpServletRequest request, String userName, List<String> roles){ + super(request); + + this.user = userName; + this.roles = roles; + this.realRequest = request; + } + + @Override + public boolean isUserInRole(String role) { + if (roles == null) { + return this.realRequest.isUserInRole(role); + } + return roles.contains(role); + } + + @Override + public Principal getUserPrincipal() { + if (this.user == null) { + return realRequest.getUserPrincipal(); + } + + // make an anonymous implementation to just return our user + return new Principal() { + @Override + public String getName() { + return user; + } + }; + } +} diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java new file mode 100644 index 000000000..e43aa114d --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java @@ -0,0 +1,62 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.clamp.clds.config; + +import javax.servlet.Filter; + +import org.onap.clamp.clds.filter.ClampDefaultUserFilter; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; + +@Configuration +@Profile("clamp-default-user") +public class DefaultUserConfiguration { + + /** + * Method to return clamp default user filter. + * + * @return Filter + */ + @Bean(name = "defaultUserFilter") + public Filter defaultUserFilter() { + return new ClampDefaultUserFilter(); + } + + /** + * Method to register defaultUserFilter. + * + * @return FilterRegistrationBean + */ + @Bean + public FilterRegistrationBean defaultUserFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + registration.setFilter(defaultUserFilter()); + registration.addUrlPatterns("/restservices/*"); + registration.setName("defaultUserFilter"); + registration.setOrder(0); + return registration; + } + +}
\ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java new file mode 100644 index 000000000..6a97f2356 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java @@ -0,0 +1,56 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.clamp.clds.config; + +import org.springframework.context.annotation.Configuration; + +import javax.annotation.PostConstruct; + +import org.springframework.beans.factory.annotation.Value; + +@Configuration +public class SSLConfiguration { + private static final String TRUST_STORE = "javax.net.ssl.trustStore"; + private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword"; + private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType"; + + @Value("${server.ssl.trust:none}") + private String sslTruststoreFile; + @Value("${server.ssl.trust-password:none}") + private String sslTruststorePw; + @Value("${server.ssl.trust-type:none}") + private String sslTruststoreType; + + @PostConstruct + private void configureSSL() { + if (!sslTruststoreFile.equals("none")) { + System.setProperty(TRUST_STORE, sslTruststoreFile); + } + if (!sslTruststoreType.equals("none")) { + System.setProperty(TRUST_STORE_TYPE, sslTruststoreType); + } + if (!sslTruststorePw.equals("none")) { + System.setProperty(TRUST_STORE_PW, sslTruststorePw); + } + } +} diff --git a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java deleted file mode 100644 index 961cc6b35..000000000 --- a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java +++ /dev/null @@ -1,140 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.config.spring; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.io.IOException; - -import org.onap.clamp.clds.config.ClampProperties; -import org.onap.clamp.clds.config.CldsUserJsonDecoder; -import org.onap.clamp.clds.exception.CldsConfigException; -import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; - -/** - * This class is used to enable the HTTP authentication to login. It requires a - * specific JSON file containing the user definition - * (classpath:clds/clds-users.json). - */ -@Configuration -@EnableWebSecurity -@Profile("clamp-spring-authentication") -public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter { - - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsSecurityConfigUsers.class); - protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); - @Autowired - private ClampProperties refProp; - @Value("${clamp.config.security.permission.type.cl:permission-type-cl}") - private String cldsPersmissionTypeCl; - @Value("${CLDS_PERMISSION_INSTANCE:dev}") - private String cldsPermissionInstance; - @Value("${clamp.config.security.encoder:bcrypt}") - private String cldsEncoderMethod; - @Value("${clamp.config.security.encoder.bcrypt.strength:10}") - private Integer cldsBcryptEncoderStrength; - - /** - * This method configures on which URL the authorization will be enabled. - */ - @Override - protected void configure(HttpSecurity http) { - try { - http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**") - .authenticated().anyRequest().permitAll().and().logout() - .and().sessionManagement() - .maximumSessions(1) - .and().invalidSessionUrl("/designer/timeout.html"); - - } catch (Exception e) { - logger.error("Exception occurred during the setup of the Web users in memory", e); - throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e); - } - } - - /** - * This method is called by the framework and is used to load all the users - * defined in cldsUsersFile variable (this file path can be configured in - * the application.properties). - * - * @param auth - */ - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) { - // configure algorithm used for password hashing - final PasswordEncoder passwordEncoder = getPasswordEncoder(); - - try { - CldsUser[] usersList = loadUsers(); - // no users defined - if (null == usersList) { - logger.warn("No users defined. Users should be defined under clds-users.json"); - return; - } - for (CldsUser user : usersList) { - auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword()) - .roles(user.getPermissionsString()).and().passwordEncoder(passwordEncoder); - } - } catch (Exception e) { - logger.error("Exception occurred during the setup of the Web users in memory", e); - throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e); - } - } - - /** - * This method loads physically the JSON file and convert it to an Array of - * CldsUser. - * - * @return The array of CldsUser - * @throws IOException - * In case of the file is not found - */ - private CldsUser[] loadUsers() throws IOException { - logger.info("Load from clds-users.properties"); - return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers")); - } - - /** - * This methods returns the chosen encoder for password hashing. - */ - private PasswordEncoder getPasswordEncoder() { - if ("bcrypt".equals(cldsEncoderMethod)) { - return new BCryptPasswordEncoder(cldsBcryptEncoderStrength); - } else { - throw new CldsConfigException("Invalid clamp.config.security.encoder value. 'bcrypt' is the only option at this time."); - } - } -} diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java new file mode 100644 index 000000000..1c3ba1cf6 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -0,0 +1,91 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.clamp.clds.filter; + +import javax.servlet.FilterConfig; + +import java.io.IOException; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Properties; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.context.SecurityContextImpl; +import org.springframework.security.core.userdetails.UserDetails; + +import org.springframework.beans.factory.annotation.Value; + +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.clamp.clds.config.AAFConfiguration; + +public class ClampCadiFilter extends CadiFilter { + private static final String CADI_TRUST_STORE = "cadi_truststore"; + private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password"; + private static final String CADI_KEY_STORE = "cadi_keystore"; + private static final String CADI_KEY_STORE_PW = "cadi_keystore_password"; + private static final String ALIAS = "cadi_alias"; + + @Value("${server.ssl.key-store:none}") + private String keyStore; + + @Value("${clamp.config.cadi.cadiKeystorePassword:none}") + private String keyStorePass; + + @Value("${server.ssl.trust:none}") + private String trustStore; + + @Value("${clamp.config.cadi.cadiTruststorePassword:none}") + private String trustStorePass; + + @Value("${server.ssl.key-alias:clamp@clamp.onap.org}") + private String alias; + + @Autowired + private AAFConfiguration aafConfiguration; + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + Properties props = aafConfiguration.getProperties(); + props.setProperty(CADI_KEY_STORE, trimFileName(keyStore)); + props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore)); + props.setProperty(ALIAS, alias); + props.setProperty(CADI_KEY_STORE_PW, keyStorePass); + props.setProperty(CADI_TRUST_STORE_PW, trustStorePass); + + super.init(filterConfig); + } + + private String trimFileName (String fileName) { + int index= fileName.indexOf("file:"); + if (index == -1) { + return fileName; + } else { + return fileName.substring(index+5); + } + } +} diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java new file mode 100644 index 000000000..539e3c6a5 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java @@ -0,0 +1,70 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.clamp.clds.filter; + +import java.io.IOException; +import java.util.Arrays; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.onap.clamp.clds.config.ClampProperties; +import org.onap.clamp.clds.config.ClampUserWrap; +import org.onap.clamp.clds.config.CldsUserJsonDecoder; +import org.onap.clamp.clds.exception.CldsUsersException; +import org.onap.clamp.clds.service.CldsUser; + + +public class ClampDefaultUserFilter implements Filter { + private CldsUser defaultUser; + @Autowired + private ClampProperties refProp; + + // Load the default user + public void init(FilterConfig cfg) throws ServletException { + try { + CldsUser[] users = CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers")); + defaultUser = users[0]; + } catch (IOException e) { + // not able to load default user + throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e); + } + } + + // Call the ClampUserWrapper + @Override + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException { + HttpServletRequest hreq = (HttpServletRequest)req; + chain.doFilter(new ClampUserWrap(hreq, defaultUser.getUser(), Arrays.asList(defaultUser.getPermissionsString())), res); + } + + public void destroy() { + } +} diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java index d438a4715..996116090 100644 --- a/src/main/java/org/onap/clamp/clds/service/UserService.java +++ b/src/main/java/org/onap/clamp/clds/service/UserService.java @@ -18,7 +18,6 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * */ package org.onap.clamp.clds.service; @@ -28,6 +27,8 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.SecurityContext; import org.springframework.stereotype.Component; @@ -41,6 +42,8 @@ import org.springframework.stereotype.Component; MediaType.TEXT_PLAIN }) public class UserService { + @Context + private SecurityContext securityContext; /** * REST service that returns the username. @@ -49,9 +52,11 @@ public class UserService { * @return the user name */ @GET - @Path("/{userName}") + @Path("/getUser") @Produces(MediaType.TEXT_PLAIN) - public String getUser(@PathParam("userName") String userName) { + public String getUser() { + UserNameHandler userNameHandler = new DefaultUserNameHandler(); + String userName = userNameHandler.retrieveUserName(securityContext); return userName; } }
\ No newline at end of file diff --git a/src/main/resources/META-INF/resources/designer/authenticate.html b/src/main/resources/META-INF/resources/designer/authenticate.html index a6c2cb8da..5429dced8 100644 --- a/src/main/resources/META-INF/resources/designer/authenticate.html +++ b/src/main/resources/META-INF/resources/designer/authenticate.html @@ -18,7 +18,6 @@ limitations under the License. ============LICENSE_END============================================ =================================================================== - --> <style> .divRow { @@ -41,20 +40,13 @@ <head> <title>CLDS</title> </head> -<div ng-controller="AuthenticateCtrl"> +<div ng-controller="AuthenticateCtrl" ng-init="authenticate()"> <div id='head'> <div ng-include="'menu_simplified.html'"></div> </div> <div id='main'> - <div class="divRow"><b>Welcome to Clamp. Please login first.</b></div> - <div class="divForm"> - <form ng-submit="authenticate()" method="post" autocomplete="off"> - <div class="divFormRow"><label>User Name : <input type="text" ng-model="username" name="username"/> </label></div> - <div class="divFormRow"><label>Password: <input type="password" ng-model="password" name="password"/> </label></div> - <div class="divFormRow"><input type="submit" value=" Sign In"/></div> - </form> - </div> + <div class="divRow"><b>Welcome to Clamp.</b></div> </div> </div> diff --git a/src/main/resources/META-INF/resources/designer/invalid_login.html b/src/main/resources/META-INF/resources/designer/invalid_login.html index f42be51ec..eb7d828a9 100644 --- a/src/main/resources/META-INF/resources/designer/invalid_login.html +++ b/src/main/resources/META-INF/resources/designer/invalid_login.html @@ -32,14 +32,9 @@ <head> <title>CLDS</title> </head> -<div> +<div id='main'> <div class="divRow"><b>Login Failed!</b></div> - <div class="divRow"><b>Please make sure your login and password are correct. - If you don't have the login credential, please contact CLAMP administrator.</b></div> - - <div class="divRow">To login again, please click <a href="/designer/index.html"/>Login</a></div> + <div class="divRow">You are not authorized to access CLAMP UI, please contact CLAMP administrator.</div> + <div class="divRow">Please <a href="/designer/index.html"/>Login</a> again.</div> +</div> </div> - - - - diff --git a/src/main/resources/META-INF/resources/designer/logout.html b/src/main/resources/META-INF/resources/designer/logout.html deleted file mode 100644 index e17592868..000000000 --- a/src/main/resources/META-INF/resources/designer/logout.html +++ /dev/null @@ -1,40 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - ONAP CLAMP - ================================================================================ - Copyright (C) 2017 AT&T Intellectual Property. All rights - reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END============================================ - =================================================================== - - --> -<style> -.divRow { - margin-left: 5px; - font-size: 13px; - font-weight: normal; - margin-top:10px; -} -</style> - -<head> - <title>CLDS</title> -</head> -<div ng-controller="AuthenticateCtrl" ng-init="logout()"> - <div id='main'> - <div class="divRow"><b>You have been Logged Out successfully!</b></div> - <div class="divRow">To login again, please click <a href="/designer/index.html"/>Login</a></div> - </div> -</div> diff --git a/src/main/resources/META-INF/resources/designer/partials/menu.html b/src/main/resources/META-INF/resources/designer/partials/menu.html index 2aea31672..036402caf 100644 --- a/src/main/resources/META-INF/resources/designer/partials/menu.html +++ b/src/main/resources/META-INF/resources/designer/partials/menu.html @@ -141,12 +141,6 @@ id="{{section.name}}" role="presentation" ng-click="emptyMenuClick(section.link,section.name)">{{section.name}}</a> </li> - - <li ng-repeat="section in tabs[dropDownName]" - ng-if="section.name==='Log Out'"><a - id="{{section.name}}" role="presentation" - ng-click="emptyMenuClick(section.link,section.name)">{{section.name}}</a> - </li> <li ng-repeat="section in tabs[dropDownName]" ng-if="section.name != 'Create CL' && section.name != 'Open CL' && section.name != 'ECOMP User Guide - Design Overview' && section.name != 'ECOMP User Guide - Closed Loop Design' && section.name != 'ECOMP User Guide - CLAMP' && section.name != 'User Info'"><a diff --git a/src/main/resources/META-INF/resources/designer/scripts/app.js b/src/main/resources/META-INF/resources/designer/scripts/app.js index 63d44d551..7953ccc6e 100644 --- a/src/main/resources/META-INF/resources/designer/scripts/app.js +++ b/src/main/resources/META-INF/resources/designer/scripts/app.js @@ -325,8 +325,6 @@ var app = angular.module('clds-app', ['ngRoute', window.open(value); } else if (name == "Contact Us") { $rootScope.contactUs(); - } else if (name == "Log Out") { - $scope.logout(); } else if (name == "Revert Model Changes") { $scope.cldsRevertModel(); } else if (name == "Close Model") { @@ -446,10 +444,6 @@ var app = angular.module('clds-app', ['ngRoute', }, { link: "/extraUserInfo", name: "User Info" - }], - "Log Out": [{ - link: "/log_out.html", - name: "Log Out" }] }; @@ -1416,4 +1410,5 @@ function updateDecisionLabel(originalLabel, newLabel) { window.onunload = function() { window.localStorage.removeItem("isAuth"); window.localStorage.removeItem("loginuser"); + window.localStorage.removeItem("invalidUser"); }; diff --git a/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js b/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js index ac8919801..5992138bf 100644 --- a/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js +++ b/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js @@ -18,7 +18,7 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * + * */ 'use strict'; @@ -27,54 +27,30 @@ function AuthenticateCtrl($scope, $rootScope, $window, $resource, $http, $locati console.log("//////////AuthenticateCtrl"); $scope.getInclude = function() { console.log("getInclude011111111"); - var invalidUser = $window.localStorage.getItem("isInvalidUser"); + var invalidUser = $window.localStorage.getItem("invalidUser"); var isAuth = $window.localStorage.getItem("isAuth"); - - if (invalidUser != null && invalidUser == 'true') { - console.log("Authentication failed"); - $window.localStorage.removeItem("isInvalidUser"); - window.location.href = "/designer/invalid_login.html"; - } else if (isAuth == null || isAuth == 'false') { + if (invalidUser == 'true') + return "invalid_login.html"; + else if (isAuth == null || isAuth == 'false') { return "authenticate.html"; } - // Reassign the login user info, to be used in menu.html - $rootScope.loginuser = $window.localStorage.getItem("loginuser"); return "utmdashboard.html"; }; $scope.authenticate = function() { - var username = $scope.username; - var pass = $scope.password; - if (!username || !pass) { - console.log("Invalid username/password"); - $window.localStorage.setItem("isInvalidUser", true); - return; - } - var headers = username ? { - authorization: "Basic " + - btoa(username + ":" + pass) - } : {}; - // send request to a test API with the username/password to verify the authorization - $http.get('/restservices/clds/v1/user/testUser', { - headers: headers + // send request to a test API for authentication/authorization check + $http.get('/restservices/clds/v1/user/getUser', { }).success(function(data) { if (data) { $window.localStorage.setItem("isAuth", true); - $window.localStorage.setItem("loginuser", $scope.username); - $rootScope.loginuser = $scope.username; - } else { - $window.localStorage.removeItem("isInvalidUser", true); + $rootScope.loginuser = data; } + window.localStorage.removeItem("invalidUser"); callback && callback(); }).error(function() { - $window.localStorage.removeItem("isInvalidUser", true); + $window.localStorage.setItem("invalidUser", true); callback && callback(); }); }; - - $scope.logout = function() { - window.localStorage.removeItem("isAuth"); - window.localStorage.removeItem("loginuser"); - }; } diff --git a/src/main/resources/META-INF/resources/designer/timeout.html b/src/main/resources/META-INF/resources/designer/timeout.html deleted file mode 100644 index ce3002b22..000000000 --- a/src/main/resources/META-INF/resources/designer/timeout.html +++ /dev/null @@ -1,55 +0,0 @@ -<!-- - ============LICENSE_START======================================================= - ONAP CLAMP - ================================================================================ - Copyright (C) 2017 AT&T Intellectual Property. All rights - reserved. - ================================================================================ - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - ============LICENSE_END============================================ - =================================================================== - - --> -<style> -.divRow { - margin-left: 5px; - font-size: 13px; - font-weight: normal; - margin-top:10px; -} -</style> - -<head> - <title>CLDS</title> - <script language="javascript"> - function buttonVilibility() - { - if (window.opener && window.opener !== window) { - document.getElementById("boton1").style.visibility="visible"; - } else { - document.getElementById("boton1").style.visibility="hidden"; - } - } - </script> -</head> -<body onload='buttonVilibility()'> -<div ng-controller="AuthenticateCtrl" ng-init="logout()"> - <div id='main'> - <div class="divRow"><b>Your session is timeout.</b></div> - <div class="divRow">Please <a href="/designer/index.html"/>Login</a> again.</div> - </div> - <div> - <button id="boton1" ng-click="close(true)" class="btn btn-primary">Close</button> - </div> -</div> -</body> diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties new file mode 100644 index 000000000..8d0395b47 --- /dev/null +++ b/src/main/resources/application-noaaf.properties @@ -0,0 +1,220 @@ +### +# ============LICENSE_START======================================================= +# ONAP CLAMP +# ================================================================================ +# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights +# reserved. +# ================================================================================ +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# ============LICENSE_END============================================ +# =================================================================== +# +### + +info.build.artifact=@project.artifactId@ +info.build.name=@project.name@ +info.build.description=@project.description@ +info.build.version=@project.version@ + +### Set the port for HTTP or HTTPS protocol (Controlled by Spring framework, only one at a time). +### (See below for the parameter 'server.http.port' if you want to have both enabled) +### To have only HTTP, keep the lines server.ssl.* commented +### To have only HTTPS enabled, uncomment the server.ssl.* lines and specify a right keystore location +### server.port=8080 +### Settings for HTTPS (this automatically enables the HTTPS on the port 'server.port') +#server.ssl.key-store=file:/tmp/mykey.jks +#server.ssl.key-store-password=pass +#server.ssl.key-password=pass + +### In order to be user friendly when HTTPS is enabled, +### you can add another HTTP port that will be automatically redirected to HTTPS +### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...) +#server.http-to-https-redirection.port=8090 + +### HTTP Example: +###-------------- +### server.port=8080 + +### HTTPS Example: +### -------------- +### server.port=8443 +### server.ssl.key-store=file:/tmp/mykey.jks +### server.ssl.key-store-password=mypass +### server.ssl.key-password=mypass +server.port=8443 +server.ssl.client-auth=want +server.ssl.key-store=file:/opt/clamp/config/org.onap.clamp.p12 +server.ssl.key-store-password=China in the Spring +server.ssl.key-password=China in the Spring +server.ssl.key-store-type=PKCS12 +server.ssl.trust=/opt/clamp/config/truststoreONAPall.jks +server.ssl.trust-pass=changeit +server.ssl.trust-type=JKS +server.ssl.key-alias=clamp@clamp.onap.org +server.http-to-https-redirection.port=8080 + +server.contextPath=/ +#Modified engine-rest applicationpath +spring.profiles.active=clamp-default,clamp-default-user,clamp-sdc-controller + +#The max number of active threads in this pool +server.tomcat.max-threads=200 +#The minimum number of threads always kept alive +server.tomcat.min-Spare-Threads=25 +#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads +server.tomcat.max-idle-time=60000 + +#Servlet context parameters +server.context_parameters.p-name=value #context parameter with p-name as key and value as value. + +camel.springboot.consumer-template-cache-size=1000 +camel.springboot.producer-template-cache-size=1000 +camel.springboot.jmx-enabled=false +camel.defaultthreadpool.poolsize=10 +camel.defaultthreadpool.maxpoolsize=20 +camel.defaultthreadpool.maxqueuesize=1000 +camel.defaultthreadpool.keepaliveTime=60 +camel.defaultthreadpool.rejectpolicy=CallerRuns +#camel.springboot.xmlRoutes = false +camel.springboot.xmlRoutes=classpath:/clds/camel/*.xml +#camel.springboot.typeConversion = false + +#clds datasource connection details +spring.datasource.cldsdb.driverClassName=org.mariadb.jdbc.Driver +spring.datasource.cldsdb.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3 +spring.datasource.cldsdb.username=clds +spring.datasource.cldsdb.password=4c90a0b48204383f4283448d23e0b885a47237b2a23588e7c4651604f51c1067 +spring.datasource.cldsdb.validationQuery=SELECT 1 +spring.datasource.cldsdb.validationQueryTimeout=20000 +spring.datasource.cldsdb.validationInterval=30000 +spring.datasource.cldsdb.testWhileIdle = true +spring.datasource.cldsdb.minIdle = 0 +spring.datasource.cldsdb.initialSize=0 +# Automatically test whether a connection provided is good or not +spring.datasource.cldsdb.testOnBorrow=true +spring.datasource.cldsdb.ignoreExceptionOnPreLoad=true + +#Async Executor default Parameters +async.core.pool.size=10 +async.max.pool.size=20 +async.queue.capacity=500 + +clamp.config.log.path=/var/log/onap +clamp.config.files.systemProperties=classpath:/system.properties +clamp.config.files.cldsUsers=classpath:/clds/clds-users.json +clamp.config.files.globalProperties=classpath:/clds/templates/globalProperties.json +clamp.config.files.sdcController=classpath:/clds/sdc-controllers-config.json + +# Properties for Clamp +# DCAE request build properties +# +clamp.config.dcae.template=classpath:/clds/templates/dcae-template.json +clamp.config.dcae.decode.service_ids=classpath:/clds/templates/dcae-decode-service_ids.json +clamp.config.dcae.deployment.template=classpath:/clds/templates/dcae-deployment-template.json +# +# SDC request blueprint properties +# +clamp.config.sdc.template=classpath:/clds/templates/sdc-template.json +clamp.config.sdc.decode.service_ids=classpath:/clds/templates/sdc-decode-service_ids.json +# +# +# Configuration Settings for Policy Engine Components +clamp.config.policy.pdpUrl1=http://policy.api.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123 +clamp.config.policy.pdpUrl2=http://policy.api.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123 +clamp.config.policy.papUrl=http://policy.api.simpledemo.onap.org:8081/pap/ , testpap, alpha123 +clamp.config.policy.notificationType=websocket +clamp.config.policy.notificationUebServers=localhost +clamp.config.policy.notificationTopic=PDPD-CONFIGURATION +clamp.config.policy.clientId=python +# base64 encoding + +clamp.config.policy.clientKey=dGVzdA== +#DEVL for development +#TEST for Test environments +#PROD for prod environments +clamp.config.policy.policyEnvironment=TEST +# General Policy request properties +# +clamp.config.policy.onap.name=DCAE +clamp.config.policy.pdp.group=default +clamp.config.policy.ms.type=MicroService +clamp.config.policy.ms.policyNamePrefix=Config_MS_ +clamp.config.policy.op.policyNamePrefix=Config_BRMS_Param_ +clamp.config.policy.base.policyNamePrefix=Config_ +clamp.config.policy.op.type=BRMS_Param + + +# TCA MicroService Policy request build properties +# +clamp.config.tca.policyid.prefix=DCAE.Config_ +clamp.config.tca.policy.template=classpath:/clds/templates/tca-policy-template.json +clamp.config.tca.template=classpath:/clds/templates/tca-template.json +clamp.config.tca.thresholds.template=classpath:/clds/templates/tca-thresholds-template.json + +# +# +# Operational Policy request build properties +# +clamp.config.op.policyDescription=from clds +# default +clamp.config.op.templateName=ClosedLoopControlName +clamp.config.op.operationTopic=APPC-CL +clamp.config.op.notificationTopic=POLICY-CL-MGT +clamp.config.op.controller=amsterdam +clamp.config.op.policy.appc=APPC +# +# Sdc service properties +clamp.config.sdc.catalog.url=http://sdc.api.simpledemo.onap.org:8080/sdc/v1/catalog/ +clamp.config.sdc.hostUrl=http://sdc.api.simpledemo.onap.org:8080 +clamp.config.sdc.serviceUrl=http://sdc.api.simpledemo.onap.org:8080/sdc/v1/catalog/services +clamp.config.sdc.serviceUsername=clamp +clamp.config.sdc.servicePassword=b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981 +clamp.config.sdc.artifactLabel=blueprintclampcockpit +clamp.config.sdc.sdcX-InstanceID=CLAMP +clamp.config.sdc.artifactType=DCAE_INVENTORY_BLUEPRINT +clamp.config.sdc.locationArtifactLabel=locationclampcockpit +clamp.config.sdc.locationArtifactType=DCAE_INVENTORY_JSON +clamp.config.sdc.InstanceID=X-ECOMP-InstanceID +clamp.config.sdc.header.requestId = X-ECOMP-RequestID +# +clamp.config.sdc.csarFolder = /tmp/sdc-controllers +clamp.config.sdc.blueprint.parser.mapping = classpath:/clds/blueprint-parser-mapping.json +# +clamp.config.ui.location.default=classpath:/clds/templates/ui-location-default.json +clamp.config.ui.alarm.default=classpath:/clds/templates/ui-alarm-default.json +# +# if action.test.override is true, then any action will be marked as test=true (even if incoming action request had test=false); otherwise, test flag will be unchanged on the action request +clamp.config.action.test.override=false +# if action.insert.test.event is true, then insert event even if the action is set to test +clamp.config.action.insert.test.event=false +clamp.config.clds.service.cache.invalidate.after.seconds=120 + +#DCAE Inventory Url Properties +clamp.config.dcae.inventory.url=http://dcae.api.simpledemo.onap.org:8080 +clamp.config.dcae.intentory.retry.interval=10000 +clamp.config.dcae.intentory.retry.limit=3 + +#DCAE Dispatcher Url Properties +clamp.config.dcae.dispatcher.url=http://dcae.api.simpledemo.onap.org:8188 +clamp.config.dcae.dispatcher.retry.interval=10000 +clamp.config.dcae.dispatcher.retry.limit=10 +clamp.config.dcae.header.requestId = X-ECOMP-RequestID + +#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case ! +clamp.config.security.permission.type.cl=org.onap.clamp.clds.cl +clamp.config.security.permission.type.cl.manage=org.onap.clamp.clds.cl.manage +clamp.config.security.permission.type.cl.event=org.onap.clds.cl.event +clamp.config.security.permission.type.filter.vf=org.onap.clamp.clds.filter.vf +clamp.config.security.permission.type.template=org.onap.clamp.clds.template +#This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties +clamp.config.security.permission.instance=dev diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index 179553dde..9a9bd2827 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -30,7 +30,7 @@ info.build.version=@project.version@ ### (See below for the parameter 'server.http.port' if you want to have both enabled)
### To have only HTTP, keep the lines server.ssl.* commented
### To have only HTTPS enabled, uncomment the server.ssl.* lines and specify a right keystore location
-server.port=8080
+### server.port=8080
### Settings for HTTPS (this automatically enables the HTTPS on the port 'server.port')
#server.ssl.key-store=file:/tmp/mykey.jks
#server.ssl.key-store-password=pass
@@ -54,15 +54,21 @@ server.port=8080 ### HTTP (Redirected to HTTPS) and HTTPS Example:
### --------------------------------------------
-### server.port=8443 <-- The HTTPS port
-### server.ssl.key-store=file:/tmp/mykey.jks
-### server.ssl.key-store-password=mypass
-### server.ssl.key-password=mypass
-### server.http-to-https-redirection.port=8090 <-- The HTTP port
+server.port=8443
+server.ssl.client-auth=want
+server.ssl.key-store=file:/opt/clamp/config/org.onap.clamp.p12
+server.ssl.key-store-password=China in the Spring
+server.ssl.key-password=China in the Spring
+server.ssl.key-store-type=PKCS12
+server.ssl.trust=/opt/clamp/config/truststoreONAPall.jks
+server.ssl.trust-pass=changeit
+server.ssl.trust-type=JKS
+server.ssl.key-alias=clamp@clamp.onap.org
+server.http-to-https-redirection.port=8080
server.contextPath=/
#Modified engine-rest applicationpath
-spring.profiles.active=clamp-default,clamp-spring-authentication,clamp-sdc-controller
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller
#The max number of active threads in this pool
server.tomcat.max-threads=200
@@ -208,10 +214,24 @@ clamp.config.dcae.dispatcher.retry.limit=10 clamp.config.dcae.header.requestId = X-ECOMP-RequestID
#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case !
-clamp.config.security.permission.type.cl=permission-type-cl
-clamp.config.security.permission.type.cl.manage=permission-type-cl-manage
-clamp.config.security.permission.type.cl.event=permission-type-cl-event
-clamp.config.security.permission.type.filter.vf=permission-type-filter-vf
-clamp.config.security.permission.type.template=permission-type-template
+clamp.config.security.permission.type.cl=org.onap.clamp.clds.cl
+clamp.config.security.permission.type.cl.manage=org.onap.clamp.clds.cl.manage
+clamp.config.security.permission.type.cl.event=org.onap.clds.cl.event
+clamp.config.security.permission.type.filter.vf=org.onap.clamp.clds.filter.vf
+clamp.config.security.permission.type.template=org.onap.clamp.clds.template
#This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties
clamp.config.security.permission.instance=dev
+
+#AAF related parameters
+clamp.config.cadi.keyFile=/opt/clamp/config/org.onap.clamp.keyfile
+clamp.config.cadi.cadiLoglevel=INFO
+clamp.config.cadi.cadiLatitude=37.78187
+clamp.config.cadi.cadiLongitude=-122.26147
+clamp.config.cadi.aafLocateUrl=https://aaf-onap-beijing-test.osaaf.org
+clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs
+clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf
+#clamp.config.cadi.oauthTokenUrl=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+#clamp.config.cadi.oauthIntrospectUrll=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+clamp.config.cadi.aafEnv=DEV
+clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
diff --git a/src/main/resources/clds/aaf/org.onap.clamp.keyfile b/src/main/resources/clds/aaf/org.onap.clamp.keyfile new file mode 100644 index 000000000..45cdcb602 --- /dev/null +++ b/src/main/resources/clds/aaf/org.onap.clamp.keyfile @@ -0,0 +1,27 @@ +HTQLJHUg5Du0VM7wHY5cBMTgupk6ujhSoAgx5BTHp9wt9CoWvD72ScIciyldEH9R2QZIL9ZvpVo0 +h2o-hSQueaVjPcIFUhVIl4HWmNC6I2YAlNkwy3VMl1g9otKaOTgo3ChsFUVq7ACIrcr2977wo4B_ +FeHa0lInuaLoEjHMP1fszTWYBBx9oY3K9s-9MQQyCo6bFV-4L733sPeE60j20FWoygUwvIqxp3Pc +Bmnm1AtcrhGH0elqDg9qNjmnmC3gxZaGpGiclaEds_lVu57RIXwtTHgYyMbJzfP-Ziq3T7i8d-h3 +JZThj1l9JvDLYm2z0BEXuQ3Owvn4m98cWB9P5esJOKYEvsfIGK_Fd6uT04fzkeDT1wNV4-Swuorr +ymZQxnvHbUAp91NJEa3EtWTuBxNeoqV0cw97WkAYn95pgjH4ZVhBdczclS-EStFJyYOHtTRAs1A_ +8i36GiuUPHn3KolkRF2GvtZfwNj5AYfcUKhqULJ-T_is2KKYnGwQ2iaItX2852o4zlzkMXFMkt5C +qbsDmrU7F5zxn4HG6yShW5sIXgAcS9cyIs8IFgHtkYauDJlKZWynhzqibh3-bzPyfFmreTHxQ-Av +Lgp5sAtf1B9_1feVyE78bmQ3IMtxE-YkV8RYPDJzKw0nIdjce7j89azNq_as5JMfCCHSlYcKRs8O +Nrh8gXYun28iUL_kwEUWK0WohPgwQBb46_Hkc6a0aSYbuFA_7qgprPB9wmAlHtuqnCAb2vk8GT-h +07DB6yPGgzE-OgXUzLIWHXVzPO6SjOg3ifYpCRigOsNqkV1paBBOzje7dn2RnpgaRJS3zupTMnqF +g5N9qCgubxRlII626-Dc_i5X1OAWPzJK8UZPuxRAg3YVJNHluB3O0Q2Uo14RkO3a2Tn_Ce9XoTUJ +Jqi_qZWytIB9sHMNM7KvcRxGedLqd_230O3zV7rTa4Up0BFoMyHmnf2SZu96x_Yz_n_AWhiaALvE +ON_nTxPEOHfEfrNzo7pCwIaI5gM6eu_S24aZTf4L-5tekqH7l1PEbKr2QP4XfTZBN4FgNExgGpzG +the3zv4k7hJeWe7GbtMmnZXIQUJkZVTHBwqvHkqtN9cBWpihCNVmI3zKq6Bsy6Us0SDZ686kpeVS +s9eyrzj6uLPE65mQxCpoMt6G4HSjzMqA3HOX_7ixBBhtdVi5-X7NeTigr-uaZg67yP3cSikfFf9w +dyFuMjg29jtlaTNzOov8HFrcLq01N3fpwDkSU_2TmLndU-FMat78CMCLW5QuS1KF3hC9T8wzKWS_ +WHK2oMA3SqWyqnj_cE_T4Ql_VKL3nkvf_bzTvLso_BWodUw2A-eO-1qjtCHp3nnTdSVH06E3_eRH +BuKWEt0MLyNpm88OD0tgOC3fn7casioynQLoFatta5nlQfj4nsAXj2bD6CrohtDhjOKXqHxDU6s7 +adtNoBGyEK5FKy3HtHMC7KXsK_6wbYUluz93nCNMok696HIHojNUydGFqfr2HluQTi0S3uHnD_pS +-QM8DbsFi8oIztn6Er4CFFJQ-tUuDyX6ahfY5gWLqCgRM7RzrkoHY7b4vkHxZTBLZlPGWfRtG0vc +GTSqIRNI2Z_Zte5-wW7T9vfFVBsArF0SJWOrlUqf7fGN1_2H9B9aIpLEMaHF7EEp1OP6_SNnfuhB +K31EFy0VW0eGnLezpd3HT540kznub7h_m6phZaqeZJxsle9jHEOS7qDc3T6s1hZ7DLK2Ej5RFuq8 +5LA9Cj5VrdejKMZKZJwmyWylLe224RyY4gDa0MB_lDAeC-YFdY2ClymYRJmclFFSWf7X1j5beQve +xGbsXJaWZcJpahpFu4RR-kOOyZBLPsdiyOZ7PGXz83l35NiXabmRapgjve1t7NFSuRluafihc0Lg +GKoz_-3YAFJmh4Z3bcCsz1WhCUYqzWyDsnZiD7sMQT7Oyje7RqzoxBZs5Ke1_0jtpgFrc7BcqHG7 +WpwJr6hg53o3BpWcUEopBomhbdxiDSLxZmDrePy9LDC7YNk_7-gVKIc7dZDMgw6kSRR330p0
\ No newline at end of file diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12 Binary files differnew file mode 100644 index 000000000..5cd75944f --- /dev/null +++ b/src/main/resources/clds/aaf/org.onap.clamp.p12 diff --git a/src/main/resources/clds/aaf/truststoreONAPall.jks b/src/main/resources/clds/aaf/truststoreONAPall.jks Binary files differnew file mode 100644 index 000000000..2da1dcc4b --- /dev/null +++ b/src/main/resources/clds/aaf/truststoreONAPall.jks diff --git a/src/main/resources/clds/clds-users.json b/src/main/resources/clds/clds-users.json index 8be08e1d4..18ab7d394 100644 --- a/src/main/resources/clds/clds-users.json +++ b/src/main/resources/clds/clds-users.json @@ -3,11 +3,12 @@ "password":"$2a$10$H/e21kl04Dw9C978CHuM7OewyMGUN5WGzAAx7SgIaR4ix8.wTcssi", "permissions": [ - "permission-type-cl|dev|read", - "permission-type-cl|dev|update", - "permission-type-cl-manage|dev|*", - "permission-type-filter-vf|dev|*", - "permission-type-template|dev|read" + "org.onap.clamp.clds.cl|dev|read", + "org.onap.clamp.clds.cl|dev|update", + "org.onap.clamp.clds.cl.manage|dev|*", + "org.onap.clamp.clds.filter.vf|dev|*", + "org.onap.clamp.clds.template|dev|read", + "org.onap.clamp.clds.template|dev|update" ] }, { @@ -15,12 +16,12 @@ "password":"$2a$10$H/e21kl04Dw9C978CHuM7OewyMGUN5WGzAAx7SgIaR4ix8.wTcssi", "permissions": [ - "permission-type-cl|dev|read", - "permission-type-cl|dev|update", - "permission-type-cl-manage|dev|*", - "permission-type-filter-vf|dev|*", - "permission-type-template|dev|read", - "permission-type-template|dev|update" + "org.onap.clamp.clds.cl|dev|read", + "org.onap.clamp.clds.cl|dev|update", + "org.onap.clamp.clds.cl.manage|dev|*", + "org.onap.clamp.clds.filter.vf|dev|*", + "org.onap.clamp.clds.template|dev|read", + "org.onap.clamp.clds.template|dev|update" ] } ] diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml index 22206fee6..e15e0ddfe 100644 --- a/src/main/resources/logback.xml +++ b/src/main/resources/logback.xml @@ -126,7 +126,13 @@ <queueSize>256</queueSize> <appender-ref ref="SECURITY" /> </appender> - + <!-- AAF related loggers --> + <logger name="org.onap.aaf" level="INFO" additivity="true"> + <appender-ref ref="DEBUG" /> + </logger> + <logger name="org.apache.catalina.core" level="INFO" additivity="true"> + <appender-ref ref="DEBUG" /> + </logger> <!-- CLDS related loggers --> <logger name="org.onap.clamp.clds" level="INFO" additivity="true"> <appender-ref ref="ERROR" /> |