From 7658007d67c5c2bc1d81bff4bf972b315cb5bea6 Mon Sep 17 00:00:00 2001 From: sebdet Date: Sun, 23 Feb 2020 09:31:04 -0800 Subject: Simplify the user management Simplify the user management and fix a bug in the server, crashing when no user are logged and an operation is requested, and also previous user still stored in the securitycontext when admin is logged (due to static variable) Issue-ID: CLAMP-651 Change-Id: I57523bc2c3afaf5ca5a3acf5c59823df06fd4cd9 Signed-off-by: sebdet --- .../authorization/AuthorizationController.java | 63 +++++- .../org/onap/clamp/authorization/CldsUser.java | 97 +++++++++ .../authorization/SecureServicePermission.java | 203 ++++++++++++++++++ .../SecureServicePermissionDeserializer.java | 46 +++++ .../org/onap/clamp/authorization/UserService.java | 47 +++++ .../java/org/onap/clamp/clds/ClampServlet.java | 2 +- .../clamp/clds/config/CldsUserJsonDecoder.java | 2 +- .../clds/config/DefaultUserConfiguration.java | 2 +- .../onap/clamp/clds/model/ClampInformation.java | 62 ++++++ .../java/org/onap/clamp/clds/model/CldsInfo.java | 110 ---------- .../onap/clamp/clds/service/CldsInfoProvider.java | 52 ----- .../org/onap/clamp/clds/service/CldsService.java | 180 ---------------- .../java/org/onap/clamp/clds/service/CldsUser.java | 97 --------- .../clamp/clds/service/DefaultUserNameHandler.java | 43 ---- .../onap/clamp/clds/service/SecureServiceBase.java | 226 --------------------- .../clds/service/SecureServicePermission.java | 203 ------------------ .../SecureServicePermissionDeserializer.java | 45 ---- .../onap/clamp/clds/service/UserNameHandler.java | 31 --- .../org/onap/clamp/clds/service/UserService.java | 48 ----- .../java/org/onap/clamp/clds/util/JsonUtils.java | 4 +- .../org/onap/clamp/clds/util/LoggingUtils.java | 9 +- .../org/onap/clamp/tosca/DictionaryService.java | 3 +- .../java/org/onap/clamp/util/PrincipalUtils.java | 89 -------- 23 files changed, 518 insertions(+), 1146 deletions(-) create mode 100644 src/main/java/org/onap/clamp/authorization/CldsUser.java create mode 100644 src/main/java/org/onap/clamp/authorization/SecureServicePermission.java create mode 100644 src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java create mode 100644 src/main/java/org/onap/clamp/authorization/UserService.java create mode 100644 src/main/java/org/onap/clamp/clds/model/ClampInformation.java delete mode 100644 src/main/java/org/onap/clamp/clds/model/CldsInfo.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/CldsService.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/CldsUser.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/UserNameHandler.java delete mode 100644 src/main/java/org/onap/clamp/clds/service/UserService.java delete mode 100644 src/main/java/org/onap/clamp/util/PrincipalUtils.java (limited to 'src/main/java/org/onap') diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java index b49be86bb..e4a03fd38 100644 --- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java +++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java @@ -27,19 +27,18 @@ package org.onap.clamp.authorization; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; - import java.util.Date; - import org.apache.camel.Exchange; import org.onap.clamp.clds.config.ClampProperties; import org.onap.clamp.clds.exception.NotAuthorizedException; -import org.onap.clamp.clds.service.SecureServiceBase; -import org.onap.clamp.clds.service.SecureServicePermission; +import org.onap.clamp.clds.model.ClampInformation; import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.util.PrincipalUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; /** @@ -48,7 +47,7 @@ import org.springframework.stereotype.Component; @Component public class AuthorizationController { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SecureServiceBase.class); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(AuthorizationController.class); protected static final EELFLogger auditLogger = EELFManager.getInstance().getMetricsLogger(); protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); @@ -56,9 +55,36 @@ public class AuthorizationController { @Autowired private ClampProperties refProp; + private SecurityContext securityContext = SecurityContextHolder.getContext(); + public static final String PERM_PREFIX = "security.permission.type."; private static final String PERM_INSTANCE = "security.permission.instance"; + private static String retrieveUserName(SecurityContext securityContext) { + if (securityContext == null || securityContext.getAuthentication() == null) { + return null; + } + if ((securityContext.getAuthentication().getPrincipal()) instanceof String) { + // anonymous case + return ((String)securityContext.getAuthentication().getPrincipal()); + } else { + return ((UserDetails) securityContext.getAuthentication().getPrincipal()).getUsername(); + } + } + /** + * Get the principal name. + * + * @return The principal name + */ + public static String getPrincipalName(SecurityContext securityContext) { + String principal = AuthorizationController.retrieveUserName(securityContext); + String name = "Not found"; + if (principal != null) { + name = principal; + } + return name; + } + /** * Insert authorize the api based on the permission. * @@ -78,7 +104,7 @@ public class AuthorizationController { if (null != instanceVar && !instanceVar.isEmpty()) { instance = instanceVar; } - String principalName = PrincipalUtils.getPrincipalName(); + String principalName = AuthorizationController.getPrincipalName(this.securityContext); SecureServicePermission perm = SecureServicePermission.create(type, instance, action); Date startTime = new Date(); LoggingUtils.setTargetContext("Clamp", "authorize"); @@ -101,7 +127,7 @@ public class AuthorizationController { */ public boolean isUserPermitted(SecureServicePermission inPermission) { - String principalName = PrincipalUtils.getPrincipalName(); + String principalName = AuthorizationController.getPrincipalName(this.securityContext); // check if the user has the permission key or the permission key with a // combination of all instance and/or all action. if (hasRole(inPermission.getKey()) || hasRole(inPermission.getKeyAllInstance())) { @@ -124,7 +150,7 @@ public class AuthorizationController { } protected boolean hasRole(String role) { - Authentication authentication = PrincipalUtils.getSecurityContext().getAuthentication(); + Authentication authentication = securityContext.getAuthentication(); if (authentication == null) { return false; } @@ -136,4 +162,23 @@ public class AuthorizationController { return false; } + /** + * Gets clds info. CLDS IFO service will return 3 things 1. User Name 2. CLDS + * code version that is currently installed from pom.xml file 3. User + * permissions + * + * @return the clds info + */ + public ClampInformation getClampInformation() { + ClampInformation clampInfo = new ClampInformation(); + Authentication authentication = securityContext.getAuthentication(); + if (authentication == null) { + return new ClampInformation(); + } + clampInfo.setUserName(AuthorizationController.getPrincipalName(this.securityContext)); + for (GrantedAuthority auth : authentication.getAuthorities()) { + clampInfo.getAllPermissions().add(auth.getAuthority()); + } + return clampInfo; + } } diff --git a/src/main/java/org/onap/clamp/authorization/CldsUser.java b/src/main/java/org/onap/clamp/authorization/CldsUser.java new file mode 100644 index 000000000..b50f50cb2 --- /dev/null +++ b/src/main/java/org/onap/clamp/authorization/CldsUser.java @@ -0,0 +1,97 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.authorization; + +import java.util.Arrays; + +/** + * The class represents the CldsUser that can be extracted from cldsusers.json. + */ +public class CldsUser { + + private String user; + private String password; + private SecureServicePermission[] permissions; + + /** + * Returns the user. + * + * @return the user + */ + public String getUser() { + return user; + } + + /** + * Sets the user. + * + * @param user + * the user to set + */ + public void setUser(String user) { + this.user = user; + } + + /** + * Returns the password. + * + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * Sets the password. + * + * @param password + * the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * Returns the permissions. + * + * @return the permissions + */ + public SecureServicePermission[] getPermissions() { + return Arrays.copyOf(permissions, permissions.length); + } + + public String[] getPermissionsString() { + return Arrays.stream(getPermissions()).map(SecureServicePermission::getKey).toArray(String[]::new); + } + + /** + * Sets the permissions. + * + * @param permissionsArray + * the permissions to set + */ + public void setPermissions(SecureServicePermission[] permissionsArray) { + this.permissions = Arrays.copyOf(permissionsArray, permissionsArray.length); + } +} diff --git a/src/main/java/org/onap/clamp/authorization/SecureServicePermission.java b/src/main/java/org/onap/clamp/authorization/SecureServicePermission.java new file mode 100644 index 000000000..374aab90c --- /dev/null +++ b/src/main/java/org/onap/clamp/authorization/SecureServicePermission.java @@ -0,0 +1,203 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.authorization; + +/** + * Permission class that can be instantiated easily using constructor or factory + * methods. + */ +public class SecureServicePermission { + public static final String ALL = "*"; + + private String type; + private String instance; + private String action; + + /** + * Factory method to create permission given type, instance, and action. + * + * @param type type of the permission + * @param instance instance of the permission + * @param action action of the permission + * @return instance of SecureServicePermission with type, instance and action + */ + public static SecureServicePermission create(String type, String instance, String action) { + return new SecureServicePermission(type, instance, action); + } + + /** + * Factory method to create permission given type and instance. Default + * action to ALL/*. + * + * @param type type of the permission + * @param instance instance of the permission + * @return instance of SecureServicePermission with type, instance and default action + */ + public static SecureServicePermission create(String type, String instance) { + return new SecureServicePermission(type, instance, ALL); + } + + /** + * Factory method to create permission given type. Default instance and + * action to ALL/*. + * + * @param type type of the permission + * @return instance of SecureServicePermission with type and default instance and action + */ + public static SecureServicePermission create(String type) { + return new SecureServicePermission(type, ALL, ALL); + } + + /** + * Instantiate permission given type, instance, and action. + * + * @param type type of the permission + * @param instance instance of the permission + * @param action action of the permission + */ + public SecureServicePermission(String type, String instance, String action) { + this.type = type; + this.instance = instance; + this.action = action; + } + + /** + * Instantiate permission given type from concatenated string + * + * @param concatenatedString + * the string type|instance|action, less than 3 params can be + * provided (e.g. "permission-type-cl", "permission-type-cl|dev", + * "permission-type-cl|dev|update" ) + */ + public SecureServicePermission(String concatenatedString) { + String[] userInfo = concatenatedString.split("[|]"); + // We should have at least 1 string + this.type = userInfo[0]; + this.instance = (userInfo.length > 1 ? userInfo[1] : ALL); + this.action = (userInfo.length > 2 ? userInfo[2] : ALL); + } + + /** + * Override toString - return permission in key format. + */ + @Override + public String toString() { + return getKey(); + } + + /** + * Return Permission in Key format = type, instance, and action separate by + * pipe character. + * + * @return permission in key format + */ + public String getKey() { + return type + "|" + instance + "|" + action; + } + + /** + * Return Permission in Key format = type, all instance, and action separate + * by pipe character. + * + * @return permission in key format + */ + public String getKeyAllInstance() { + return type + "|" + ALL + "|" + action; + } + + /** + * Return Permission in Key format = type, all instance, and all action + * separate by pipe character. + * + * @return permission in key format + */ + public String getKeyAllInstanceAction() { + return type + "|" + ALL + "|" + ALL; + } + + /** + * Return Permission in Key format = type, instance, and all action separate + * by pipe character. + * + * @return permission in key format + */ + public String getKeyAllAction() { + return type + "|" + instance + "|" + ALL; + } + + /** + * Returns the permission type. + * + * @return the type + */ + public String getType() { + return type; + } + + /** + * Sets the type of permission. + * + * @param type the type to set + */ + public void setType(String type) { + this.type = type; + } + + /** + * Returns the instance of permission. + * + * @return the instance + */ + public String getInstance() { + return instance; + } + + /** + * Sets the instance of permission. + * + * @param instance the instance to set + */ + public void setInstance(String instance) { + this.instance = instance; + } + + /** + * Returns the action of permission. + * + * @return the action + */ + public String getAction() { + return action; + } + + /** + * Sets the action of permission. + * + * @param action the action to set + */ + public void setAction(String action) { + this.action = action; + } + +} diff --git a/src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java b/src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java new file mode 100644 index 000000000..026ee802c --- /dev/null +++ b/src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java @@ -0,0 +1,46 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2019 Nokia Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.authorization; + + +import com.google.gson.Gson; +import com.google.gson.JsonDeserializationContext; +import com.google.gson.JsonDeserializer; +import com.google.gson.JsonElement; +import com.google.gson.JsonParseException; +import java.lang.reflect.Type; + +public class SecureServicePermissionDeserializer implements JsonDeserializer { + + @Override + public SecureServicePermission deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) + throws JsonParseException { + if (json.isJsonPrimitive()) { + return new SecureServicePermission(json.getAsString()); + } else { + // if not string try default deserialization + return new Gson().fromJson(json, SecureServicePermission.class); + } + } +} diff --git a/src/main/java/org/onap/clamp/authorization/UserService.java b/src/main/java/org/onap/clamp/authorization/UserService.java new file mode 100644 index 000000000..b4f51c95b --- /dev/null +++ b/src/main/java/org/onap/clamp/authorization/UserService.java @@ -0,0 +1,47 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + */ + +package org.onap.clamp.authorization; + + +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Controller; + +/** + * User service used for authorization verification at the login page. Do not + * remove this class. + */ +@Controller +public class UserService { + + private SecurityContext securityContext = SecurityContextHolder.getContext(); + + /** + * REST service that returns the username. + * + * @return the user name + */ + public String getUser() { + return AuthorizationController.getPrincipalName(securityContext); + } +} \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 54aa95e5d..5908201fd 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -38,7 +38,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.camel.component.servlet.CamelHttpTransportServlet; -import org.onap.clamp.clds.service.SecureServicePermission; +import org.onap.clamp.authorization.SecureServicePermission; import org.springframework.context.ApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java index 876acc83f..626227e20 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java @@ -33,7 +33,7 @@ import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; +import org.onap.clamp.authorization.CldsUser; import org.onap.clamp.clds.util.JsonUtils; public class CldsUserJsonDecoder { diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java index 6a539c7ef..a4515860e 100644 --- a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java @@ -32,7 +32,7 @@ import java.io.IOException; import org.onap.clamp.clds.exception.CldsConfigException; import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; +import org.onap.clamp.authorization.CldsUser; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; diff --git a/src/main/java/org/onap/clamp/clds/model/ClampInformation.java b/src/main/java/org/onap/clamp/clds/model/ClampInformation.java new file mode 100644 index 000000000..d73e94204 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/model/ClampInformation.java @@ -0,0 +1,62 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.clds.model; + +import com.google.gson.annotations.Expose; +import java.util.ArrayList; +import java.util.List; +import org.onap.clamp.clds.util.ClampVersioning; + +public class ClampInformation { + @Expose + private String userName; + @Expose + private String cldsVersion = ClampVersioning.getCldsVersionFromProps(); + @Expose + List allPermissions = new ArrayList<>(); + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getCldsVersion() { + return cldsVersion; + } + + public void setCldsVersion(String cldsVersion) { + this.cldsVersion = cldsVersion; + } + + public List getAllPermissions() { + return allPermissions; + } + + public void setAllPermissions(List allPermissions) { + this.allPermissions = allPermissions; + } +} diff --git a/src/main/java/org/onap/clamp/clds/model/CldsInfo.java b/src/main/java/org/onap/clamp/clds/model/CldsInfo.java deleted file mode 100644 index f3cf6ed19..000000000 --- a/src/main/java/org/onap/clamp/clds/model/CldsInfo.java +++ /dev/null @@ -1,110 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.model; - -import com.google.gson.annotations.Expose; - -public class CldsInfo { - @Expose - private String userName; - @Expose - private String cldsVersion; - @Expose - private boolean permissionReadCl; - @Expose - private boolean permissionUpdateCl; - @Expose - private boolean permissionReadTemplate; - @Expose - private boolean permissionUpdateTemplate; - @Expose - private boolean permissionReadTosca; - @Expose - private boolean permissionUpdateTosca; - - public String getUserName() { - return userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - public String getCldsVersion() { - return cldsVersion; - } - - public void setCldsVersion(String cldsVersion) { - this.cldsVersion = cldsVersion; - } - - public boolean isPermissionReadCl() { - return permissionReadCl; - } - - public void setPermissionReadCl(boolean permissionReadCl) { - this.permissionReadCl = permissionReadCl; - } - - public boolean isPermissionUpdateCl() { - return permissionUpdateCl; - } - - public void setPermissionUpdateCl(boolean permissionUpdateCl) { - this.permissionUpdateCl = permissionUpdateCl; - } - - public boolean isPermissionReadTemplate() { - return permissionReadTemplate; - } - - public void setPermissionReadTemplate(boolean permissionReadTemplate) { - this.permissionReadTemplate = permissionReadTemplate; - } - - public boolean isPermissionUpdateTemplate() { - return permissionUpdateTemplate; - } - - public void setPermissionUpdateTemplate(boolean permissionUpdateTemplate) { - this.permissionUpdateTemplate = permissionUpdateTemplate; - } - - public boolean isPermissionReadTosca() { - return permissionReadTosca; - } - - public void setPermissionReadTosca(boolean permissionReadTosca) { - this.permissionReadTosca = permissionReadTosca; - } - - public boolean isPermissionUpdateTosca() { - return permissionUpdateTosca; - } - - public void setPermissionUpdateTosca(boolean permissionUpdateTosca) { - this.permissionUpdateTosca = permissionUpdateTosca; - } - -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java b/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java deleted file mode 100644 index 7027cf1b5..000000000 --- a/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java +++ /dev/null @@ -1,52 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import org.onap.clamp.clds.model.CldsInfo; -import org.onap.clamp.clds.util.ClampVersioning; - -class CldsInfoProvider { - - - private final CldsService cldsService; - - public CldsInfoProvider(CldsService cldsService) { - this.cldsService = cldsService; - } - - public CldsInfo getCldsInfo() { - CldsInfo cldsInfo = new CldsInfo(); - cldsInfo.setUserName(cldsService.getUserName()); - cldsInfo.setCldsVersion(ClampVersioning.getCldsVersionFromProps()); - - cldsInfo.setPermissionReadCl(cldsService.isAuthorizedNoException(cldsService.permissionReadCl)); - cldsInfo.setPermissionUpdateCl(cldsService.isAuthorizedNoException(cldsService.permissionUpdateCl)); - cldsInfo.setPermissionReadTemplate(cldsService.isAuthorizedNoException(cldsService.permissionReadTemplate)); - cldsInfo.setPermissionUpdateTemplate(cldsService.isAuthorizedNoException(cldsService.permissionUpdateTemplate)); - cldsInfo.setPermissionReadTosca(cldsService.isAuthorizedNoException(cldsService.permissionReadTosca)); - cldsInfo.setPermissionUpdateTosca(cldsService.isAuthorizedNoException(cldsService.permissionUpdateTosca)); - return cldsInfo; - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java deleted file mode 100644 index 3b84e360c..000000000 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ /dev/null @@ -1,180 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Modifications Copyright (c) 2019 Samsung - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.util.Date; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.clamp.clds.model.CldsInfo; -import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.clds.util.OnapLogConstants; -import org.slf4j.event.Level; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.stereotype.Component; - -/** - * Service to save and retrieve the CLDS model attributes. - */ -@Component -public class CldsService extends SecureServiceBase { - - /** - * The constant securityLogger. - */ - protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); - /** - * The constant logger. - */ - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsService.class); - - private final String cldsPermissionTypeFilterVf; - private final String cldsPermissionInstance; - /** - * The Permission read cl. - */ - final SecureServicePermission permissionReadCl; - /** - * The Permission update cl. - */ - final SecureServicePermission permissionUpdateCl; - /** - * The Permission read template. - */ - final SecureServicePermission permissionReadTemplate; - /** - * The Permission update template. - */ - final SecureServicePermission permissionUpdateTemplate; - /** - * The Permission read tosca. - */ - final SecureServicePermission permissionReadTosca; - /** - * The Permission update tosca. - */ - final SecureServicePermission permissionUpdateTosca; - - private LoggingUtils util = new LoggingUtils(logger); - - @Autowired - private HttpServletRequest request; - - /** - * Instantiates a new Clds service. - * - * @param cldsPersmissionTypeCl the clds persmission type cl - * @param cldsPermissionTypeClManage the clds permission type cl manage - * @param cldsPermissionTypeClEvent the clds permission type cl event - * @param cldsPermissionTypeFilterVf the clds permission type filter vf - * @param cldsPermissionTypeTemplate the clds permission type template - * @param cldsPermissionTypeTosca the clds permission type tosca - * @param cldsPermissionInstance the clds permission instance - */ - @Autowired - public CldsService( - @Value("${clamp.config.security.permission.type.cl:permission-type-cl}") String cldsPersmissionTypeCl, - @Value("${clamp.config.security.permission.type.cl.manage:permission-type-cl-manage}") - String cldsPermissionTypeClManage, - @Value("${clamp.config.security.permission.type.cl.event:permission-type-cl-event}") - String cldsPermissionTypeClEvent, - @Value("${clamp.config.security.permission.type.filter.vf:permission-type-filter-vf}") - String cldsPermissionTypeFilterVf, - @Value("${clamp.config.security.permission.type.template:permission-type-template}") - String cldsPermissionTypeTemplate, - @Value("${clamp.config.security.permission.type.tosca:permission-type-tosca}") - String cldsPermissionTypeTosca, - @Value("${clamp.config.security.permission.instance:dev}") String cldsPermissionInstance) { - this.cldsPermissionTypeFilterVf = cldsPermissionTypeFilterVf; - this.cldsPermissionInstance = cldsPermissionInstance; - permissionReadCl = SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read"); - permissionUpdateCl = SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update"); - permissionReadTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "read"); - permissionUpdateTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "update"); - permissionReadTosca = SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "read"); - permissionUpdateTosca = SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, - "update"); - } - - /** - * Gets clds info. CLDS IFO service will return 3 things 1. User Name 2. CLDS - * code version that is currently installed from pom.xml file 3. User - * permissions - * - * @return the clds info - */ - public CldsInfo getCldsInfo() { - util.entering(request, "CldsService: GET cldsInfo"); - final Date startTime = new Date(); - LoggingUtils.setTimeContext(startTime, new Date()); - - CldsInfoProvider cldsInfoProvider = new CldsInfoProvider(this); - final CldsInfo cldsInfo = cldsInfoProvider.getCldsInfo(); - - // audit log - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.info("GET cldsInfo completed"); - util.exiting("200", "Get cldsInfo success", Level.INFO, OnapLogConstants.ResponseStatus.COMPLETED); - return cldsInfo; - } - - /** - * Determine if the user is authorized for a particular VF by its invariant - * UUID. - * - * @param vfInvariantUuid the vf invariant uuid - * @return boolean or throws NotAuthorizedException - */ - public boolean isAuthorizedForVf(String vfInvariantUuid) { - if (cldsPermissionTypeFilterVf != null && !cldsPermissionTypeFilterVf.isEmpty()) { - SecureServicePermission permission = SecureServicePermission.create(cldsPermissionTypeFilterVf, - cldsPermissionInstance, vfInvariantUuid); - return isAuthorized(permission); - } else { - // if CLDS_PERMISSION_TYPE_FILTER_VF property is not provided, then - // VF filtering is turned off - logger.warn("VF filtering turned off"); - return true; - } - } - - /** - * Sets logging util. - * - * @param utilP the util p - */ - // Created for the integration test - public void setLoggingUtil(LoggingUtils utilP) { - util = utilP; - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsUser.java b/src/main/java/org/onap/clamp/clds/service/CldsUser.java deleted file mode 100644 index 82b7727bd..000000000 --- a/src/main/java/org/onap/clamp/clds/service/CldsUser.java +++ /dev/null @@ -1,97 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import java.util.Arrays; - -/** - * The class represents the CldsUser that can be extracted from cldsusers.json. - */ -public class CldsUser { - - private String user; - private String password; - private SecureServicePermission[] permissions; - - /** - * Returns the user. - * - * @return the user - */ - public String getUser() { - return user; - } - - /** - * Sets the user. - * - * @param user - * the user to set - */ - public void setUser(String user) { - this.user = user; - } - - /** - * Returns the password. - * - * @return the password - */ - public String getPassword() { - return password; - } - - /** - * Sets the password. - * - * @param password - * the password to set - */ - public void setPassword(String password) { - this.password = password; - } - - /** - * Returns the permissions. - * - * @return the permissions - */ - public SecureServicePermission[] getPermissions() { - return Arrays.copyOf(permissions, permissions.length); - } - - public String[] getPermissionsString() { - return Arrays.stream(getPermissions()).map(SecureServicePermission::getKey).toArray(String[]::new); - } - - /** - * Sets the permissions. - * - * @param permissionsArray - * the permissions to set - */ - public void setPermissions(SecureServicePermission[] permissionsArray) { - this.permissions = Arrays.copyOf(permissionsArray, permissionsArray.length); - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java deleted file mode 100644 index 543dd4a92..000000000 --- a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java +++ /dev/null @@ -1,43 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.userdetails.UserDetails; - - - -public class DefaultUserNameHandler implements UserNameHandler { - - /* - * (non-Javadoc) - * - * @see - * org.onap.clamp.clds.service.PrincipalNameHandler#handleName(SecurityContext) - */ - @Override - public String retrieveUserName(SecurityContext securityContext) { - return ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java b/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java deleted file mode 100644 index debd687c5..000000000 --- a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java +++ /dev/null @@ -1,226 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.util.Date; -import javax.ws.rs.NotAuthorizedException; - -import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.clds.util.OnapLogConstants; -import org.slf4j.event.Level; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; - -/** - * Base/abstract Service class. Implements shared security methods. - */ -public abstract class SecureServiceBase { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SecureServiceBase.class); - protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); - protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); - - // By default we'll set it to a default handler - private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); - - - private SecurityContext securityContext = SecurityContextHolder.getContext(); - - /** - * Get the userId from AAF/CSP. - * - * @return user ID - */ - public String getUserId() { - return getUserName(); - } - - /** - * Get the Full name. - * - * @return user name - */ - public String getUserName() { - String name = userNameHandler.retrieveUserName(securityContext); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "getUserName"); - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.debug("User logged into the CLDS system={}", name); - return name; - } - - /** - * Get the principal name. - * - * @return the principal name - */ - public String getPrincipalName() { - String principal = ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - String name = "Not found"; - if (principal != null) { - name = principal; - } - logger.debug("userPrincipal.getName()={}", name); - return name; - } - - /** - * Check if user is authorized for the given the permission. Allow matches - * if user has a permission with an "*" in permission instance or permission - * action even if the permission to check has a specific value in those - * fields. For example: if the user has this permission: app-perm-type|*|* - * it will be authorized if the inPermission to check is: - * app-perm-type|dev|read - * - * @param inPermission - * The permission to validate - * @return A boolean to indicate if the user has the permission to do - * execute the inPermission - * @throws NotAuthorizedException - * In case of issues with the permission test, error is returned - * in this exception - */ - public boolean isAuthorized(SecureServicePermission inPermission) throws NotAuthorizedException { - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorized"); - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - throw new NotAuthorizedException(msg); - } - } - - /** - * Check if user is authorized for the given aaf permission. Allow matches - * if user has a permission with an "*" in permission instance or permission - * action even if the permission to check has a specific value in those - * fields. For example: if the user has this permission: app-perm-type|*|* - * it will be authorized if the inPermission to check is: - * app-perm-type|dev|read - * - * @param inPermission - * The permission to validate - * @return A boolean to indicate if the user has the permission to do - * execute the inPermission - */ - public boolean isAuthorizedNoException(SecureServicePermission inPermission) { - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorizedNoException"); - LoggingUtils.setTimeContext(startTime, new Date()); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - } - return false; - } - - /** - * This method can be used by the Application.class to set the - * UserNameHandler that must be used in this class. The UserNameHandler - * where to get the User name - * - * @param handler - * The Handler impl to use - */ - public static final void setUserNameHandler(UserNameHandler handler) { - if (handler != null) { - userNameHandler = handler; - } - } - - public void setSecurityContext(SecurityContext securityContext) { - this.securityContext = securityContext; - } - - private boolean isUserPermitted(SecureServicePermission inPermission) { - boolean authorized = false; - // check if the user has the permission key or the permission key with a - // combination of all instance and/or all action. - if (hasRole(inPermission.getKey())) { - securityLogger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); - authorized = true; - // the rest of these don't seem to be required - isUserInRole method - // appears to take * as a wildcard - } else if (hasRole(inPermission.getKeyAllInstance())) { - securityLogger.info("{} authorized because user has permission with * for instance: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else if (hasRole(inPermission.getKeyAllInstanceAction())) { - securityLogger.info("{} authorized because user has permission with * for instance and * for action: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else if (hasRole(inPermission.getKeyAllAction())) { - securityLogger.info("{} authorized because user has permission with * for action: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else { - throw new NotAuthorizedException(""); - } - return authorized; - } - - protected boolean hasRole(String role) { - Authentication authentication = securityContext.getAuthentication(); - if (authentication == null) { - return false; - } - - for (GrantedAuthority auth : authentication.getAuthorities()) { - if (role.equals(auth.getAuthority())) { - return true; - } - } - - return false; - } - - protected void auditLogInfo(LoggingUtils util, String actionDescription, Date startTime) { - LoggingUtils.setTimeContext(startTime, new Date()); - auditLogger.info(actionDescription + " completed"); - util.exiting("200", actionDescription + " success", Level.INFO, - OnapLogConstants.ResponseStatus.COMPLETED); - } - - protected void auditLogInfo(String actionDescription, Date startTime) { - - LoggingUtils.setTimeContext(startTime, new Date()); - LoggingUtils.setResponseContext("0", actionDescription + " success", - this.getClass().getName()); - auditLogger.info(actionDescription + " completed"); - } -} \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java b/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java deleted file mode 100644 index a93732c3b..000000000 --- a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java +++ /dev/null @@ -1,203 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -/** - * Permission class that can be instantiated easily using constructor or factory - * methods. - */ -public class SecureServicePermission { - public static final String ALL = "*"; - - private String type; - private String instance; - private String action; - - /** - * Factory method to create permission given type, instance, and action. - * - * @param type type of the permission - * @param instance instance of the permission - * @param action action of the permission - * @return instance of SecureServicePermission with type, instance and action - */ - public static SecureServicePermission create(String type, String instance, String action) { - return new SecureServicePermission(type, instance, action); - } - - /** - * Factory method to create permission given type and instance. Default - * action to ALL/*. - * - * @param type type of the permission - * @param instance instance of the permission - * @return instance of SecureServicePermission with type, instance and default action - */ - public static SecureServicePermission create(String type, String instance) { - return new SecureServicePermission(type, instance, ALL); - } - - /** - * Factory method to create permission given type. Default instance and - * action to ALL/*. - * - * @param type type of the permission - * @return instance of SecureServicePermission with type and default instance and action - */ - public static SecureServicePermission create(String type) { - return new SecureServicePermission(type, ALL, ALL); - } - - /** - * Instantiate permission given type, instance, and action. - * - * @param type type of the permission - * @param instance instance of the permission - * @param action action of the permission - */ - public SecureServicePermission(String type, String instance, String action) { - this.type = type; - this.instance = instance; - this.action = action; - } - - /** - * Instantiate permission given type from concatenated string - * - * @param concatenatedString - * the string type|instance|action, less than 3 params can be - * provided (e.g. "permission-type-cl", "permission-type-cl|dev", - * "permission-type-cl|dev|update" ) - */ - public SecureServicePermission(String concatenatedString) { - String[] userInfo = concatenatedString.split("[|]"); - // We should have at least 1 string - this.type = userInfo[0]; - this.instance = (userInfo.length > 1 ? userInfo[1] : ALL); - this.action = (userInfo.length > 2 ? userInfo[2] : ALL); - } - - /** - * Override toString - return permission in key format. - */ - @Override - public String toString() { - return getKey(); - } - - /** - * Return Permission in Key format = type, instance, and action separate by - * pipe character. - * - * @return permission in key format - */ - public String getKey() { - return type + "|" + instance + "|" + action; - } - - /** - * Return Permission in Key format = type, all instance, and action separate - * by pipe character. - * - * @return permission in key format - */ - public String getKeyAllInstance() { - return type + "|" + ALL + "|" + action; - } - - /** - * Return Permission in Key format = type, all instance, and all action - * separate by pipe character. - * - * @return permission in key format - */ - public String getKeyAllInstanceAction() { - return type + "|" + ALL + "|" + ALL; - } - - /** - * Return Permission in Key format = type, instance, and all action separate - * by pipe character. - * - * @return permission in key format - */ - public String getKeyAllAction() { - return type + "|" + instance + "|" + ALL; - } - - /** - * Returns the permission type. - * - * @return the type - */ - public String getType() { - return type; - } - - /** - * Sets the type of permission. - * - * @param type the type to set - */ - public void setType(String type) { - this.type = type; - } - - /** - * Returns the instance of permission. - * - * @return the instance - */ - public String getInstance() { - return instance; - } - - /** - * Sets the instance of permission. - * - * @param instance the instance to set - */ - public void setInstance(String instance) { - this.instance = instance; - } - - /** - * Returns the action of permission. - * - * @return the action - */ - public String getAction() { - return action; - } - - /** - * Sets the action of permission. - * - * @param action the action to set - */ - public void setAction(String action) { - this.action = action; - } - -} diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java b/src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java deleted file mode 100644 index 9cbf711c9..000000000 --- a/src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java +++ /dev/null @@ -1,45 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2019 Nokia Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import com.google.gson.Gson; -import com.google.gson.JsonDeserializationContext; -import com.google.gson.JsonDeserializer; -import com.google.gson.JsonElement; -import com.google.gson.JsonParseException; -import java.lang.reflect.Type; - -public class SecureServicePermissionDeserializer implements JsonDeserializer { - - @Override - public SecureServicePermission deserialize(JsonElement json, Type typeOfT, JsonDeserializationContext context) - throws JsonParseException { - if (json.isJsonPrimitive()) { - return new SecureServicePermission(json.getAsString()); - } else { - // if not string try default deserialization - return new Gson().fromJson(json, SecureServicePermission.class); - } - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java deleted file mode 100644 index d48700f6a..000000000 --- a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java +++ /dev/null @@ -1,31 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import org.springframework.security.core.context.SecurityContext; - -public interface UserNameHandler { - - public String retrieveUserName(SecurityContext securityContext); -} diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java deleted file mode 100644 index cf8f66309..000000000 --- a/src/main/java/org/onap/clamp/clds/service/UserService.java +++ /dev/null @@ -1,48 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - */ - -package org.onap.clamp.clds.service; - - - -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Controller; - -/** - * User service used for authorization verification at the login page. Do not - * remove this class. - */ -@Controller -public class UserService { - - private SecurityContext securityContext = SecurityContextHolder.getContext(); - - /** - * REST service that returns the username. - * - * @return the user name - */ - public String getUser() { - return new DefaultUserNameHandler().retrieveUserName(securityContext); - } -} \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/util/JsonUtils.java b/src/main/java/org/onap/clamp/clds/util/JsonUtils.java index 704d3ac37..8024331f2 100644 --- a/src/main/java/org/onap/clamp/clds/util/JsonUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/JsonUtils.java @@ -30,8 +30,8 @@ import com.google.gson.GsonBuilder; import java.time.Instant; -import org.onap.clamp.clds.service.SecureServicePermission; -import org.onap.clamp.clds.service.SecureServicePermissionDeserializer; +import org.onap.clamp.authorization.SecureServicePermission; +import org.onap.clamp.authorization.SecureServicePermissionDeserializer; import org.onap.clamp.dao.model.gson.converter.InstantDeserializer; import org.onap.clamp.dao.model.gson.converter.InstantSerializer; diff --git a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java index 1a6cca6b8..a471b411b 100644 --- a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java @@ -25,7 +25,6 @@ package org.onap.clamp.clds.util; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; - import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.URLConnection; @@ -39,12 +38,10 @@ import java.time.temporal.ChronoUnit; import java.util.Date; import java.util.TimeZone; import java.util.UUID; - import javax.net.ssl.HttpsURLConnection; import javax.servlet.http.HttpServletRequest; import javax.validation.constraints.NotNull; - -import org.onap.clamp.clds.service.DefaultUserNameHandler; +import org.onap.clamp.authorization.AuthorizationController; import org.slf4j.MDC; import org.slf4j.event.Level; import org.springframework.security.core.context.SecurityContextHolder; @@ -188,8 +185,8 @@ public class LoggingUtils { // Default the partner name to the user name used to login to clamp if (partnerName.equalsIgnoreCase(EMPTY_MESSAGE)) { - MDC.put(OnapLogConstants.Mdcs.PARTNER_NAME, new DefaultUserNameHandler() - .retrieveUserName(SecurityContextHolder.getContext())); + MDC.put(OnapLogConstants.Mdcs.PARTNER_NAME, + AuthorizationController.getPrincipalName(SecurityContextHolder.getContext())); } // Set standard MDCs. Override this entire method if you want to set diff --git a/src/main/java/org/onap/clamp/tosca/DictionaryService.java b/src/main/java/org/onap/clamp/tosca/DictionaryService.java index 21ca1f7f7..5b24def98 100644 --- a/src/main/java/org/onap/clamp/tosca/DictionaryService.java +++ b/src/main/java/org/onap/clamp/tosca/DictionaryService.java @@ -27,12 +27,11 @@ import com.google.common.collect.Sets; import java.util.List; import java.util.Set; import javax.persistence.EntityNotFoundException; -import org.onap.clamp.clds.service.SecureServiceBase; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @Service -public class DictionaryService extends SecureServiceBase { +public class DictionaryService { private final DictionaryRepository dictionaryRepository; private final DictionaryElementsRepository dictionaryElementsRepository; diff --git a/src/main/java/org/onap/clamp/util/PrincipalUtils.java b/src/main/java/org/onap/clamp/util/PrincipalUtils.java deleted file mode 100644 index d6dfacbdb..000000000 --- a/src/main/java/org/onap/clamp/util/PrincipalUtils.java +++ /dev/null @@ -1,89 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.util; - -import java.util.Date; - -import org.onap.clamp.clds.service.DefaultUserNameHandler; -import org.onap.clamp.clds.service.UserNameHandler; -import org.onap.clamp.clds.util.LoggingUtils; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; - -public class PrincipalUtils { - private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); - private static SecurityContext securityContext = SecurityContextHolder.getContext(); - - /** - * Private constructor to avoid creating instances of util class. - */ - private PrincipalUtils(){ - } - - /** - * Get the Full name. - * - * @return The user name - */ - public static String getUserName() { - String name = userNameHandler.retrieveUserName(securityContext); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "getUserName"); - LoggingUtils.setTimeContext(startTime, new Date()); - return name; - } - - /** - * Get the userId from AAF/CSP. - * - * @return The user ID - */ - public static String getUserId() { - return getUserName(); - } - - /** - * Get the principal name. - * - * @return The principal name - */ - public static String getPrincipalName() { - String principal = ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - String name = "Not found"; - if (principal != null) { - name = principal; - } - return name; - } - - public static void setSecurityContext(SecurityContext securityContext) { - PrincipalUtils.securityContext = securityContext; - } - - public static SecurityContext getSecurityContext() { - return securityContext; - } -} -- cgit 1.2.3-korg