From e640955cbe2c2c39aaa897476ceaac156072133f Mon Sep 17 00:00:00 2001 From: xg353y Date: Tue, 8 May 2018 16:21:39 +0200 Subject: Integrate AAF Integrate AAF framework into Clamp. Issue-ID: CLAMP-103 Change-Id: I2ceeb2a85b8b5674e712b3924a96a2bd6fb71d68 Signed-off-by: xg353y --- .../onap/clamp/clds/config/AAFConfiguration.java | 190 ++++++++++++++++++ .../org/onap/clamp/clds/config/ClampUserWrap.java | 75 +++++++ .../clds/config/DefaultUserConfiguration.java | 62 ++++++ .../onap/clamp/clds/config/SSLConfiguration.java | 56 ++++++ .../config/spring/CldsSecurityConfigUsers.java | 140 ------------- .../onap/clamp/clds/filter/ClampCadiFilter.java | 91 +++++++++ .../clamp/clds/filter/ClampDefaultUserFilter.java | 70 +++++++ .../org/onap/clamp/clds/service/UserService.java | 11 +- .../META-INF/resources/designer/authenticate.html | 12 +- .../META-INF/resources/designer/invalid_login.html | 7 +- .../resources/designer/scripts/authcontroller.js | 40 +--- src/main/resources/application-noaaf.properties | 219 +++++++++++++++++++++ src/main/resources/application.properties | 44 +++-- .../resources/clds/aaf/clamp@clamp.onap.org.p12 | Bin 0 -> 3950 bytes src/main/resources/clds/aaf/org.onap.clamp.keyfile | 27 +++ src/main/resources/clds/aaf/truststoreONAP.p12 | Bin 0 -> 4180 bytes src/main/resources/clds/clds-users.json | 23 +-- src/main/resources/logback.xml | 8 +- 18 files changed, 862 insertions(+), 213 deletions(-) create mode 100644 src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java create mode 100644 src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java create mode 100644 src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java create mode 100644 src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java create mode 100644 src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java create mode 100644 src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java create mode 100644 src/main/resources/application-noaaf.properties create mode 100644 src/main/resources/clds/aaf/clamp@clamp.onap.org.p12 create mode 100644 src/main/resources/clds/aaf/org.onap.clamp.keyfile create mode 100644 src/main/resources/clds/aaf/truststoreONAP.p12 (limited to 'src/main') diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java new file mode 100644 index 000000000..93432c9f2 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java @@ -0,0 +1,190 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.clamp.clds.config; + +import java.util.Properties; + +import javax.servlet.Filter; + +import org.onap.clamp.clds.filter.ClampCadiFilter; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.boot.context.properties.ConfigurationProperties; +import org.springframework.stereotype.Component; + +@Component +@Configuration +@Profile("clamp-aaf-authentication") +@ConfigurationProperties(prefix = "clamp.config.cadi") +public class AAFConfiguration { + private static final String CADI_KEY_FILE = "cadi_keyfile"; + private static final String CADI_LOG_LEVEL = "cadi_loglevel"; + private static final String LATITUDE = "cadi_latitude"; + private static final String LONGITUDE = "cadi_longitude"; + private static final String LOCATE_URL = "aaf_locate_url"; + private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url"; + private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url"; + private static final String AAF_ENV = "aaf_env"; + private static final String AAF_URL = "aaf_url"; + private static final String X509_ISSUERS = "cadi_x509_issuers"; + + private String keyFile; + private String cadiLoglevel; + private String cadiLatitude; + private String cadiLongitude; + private String aafLocateUrl; + private String oauthTokenUrl; + private String oauthIntrospectUrl; + private String aafEnv; + private String aafUrl; + private String cadiX509Issuers; + + /** + * Method to return clamp cadi filter. + * + * @return Filter + */ + @Bean(name = "cadiFilter") + public Filter cadiFilter() { + return new ClampCadiFilter(); + } + + /** + * Method to register cadi filter. + * + * @return FilterRegistrationBean + */ + @Bean + public FilterRegistrationBean cadiFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + registration.setFilter(cadiFilter()); + registration.addUrlPatterns("/restservices/*"); + //registration.addUrlPatterns("*"); + registration.setName("cadiFilter"); + registration.setOrder(0); + return registration; + } + + public String getKeyFile() { + return keyFile; + } + + public void setKeyFile(String keyFile) { + this.keyFile = keyFile; + } + + public String getCadiLoglevel() { + return cadiLoglevel; + } + + public void setCadiLoglevel(String cadiLoglevel) { + this.cadiLoglevel = cadiLoglevel; + } + + public String getCadiLatitude() { + return cadiLatitude; + } + + public void setCadiLatitude(String cadiLatitude) { + this.cadiLatitude = cadiLatitude; + } + + public String getCadiLongitude() { + return cadiLongitude; + } + + public void setCadiLongitude(String cadiLongitude) { + this.cadiLongitude = cadiLongitude; + } + + public String getAafLocateUrl() { + return aafLocateUrl; + } + + public void setAafLocateUrl(String aafLocateUrl) { + this.aafLocateUrl = aafLocateUrl; + } + + public String getOauthTokenUrl() { + return oauthTokenUrl; + } + + public void setOauthTokenUrl(String oauthTokenUrl) { + this.oauthTokenUrl = oauthTokenUrl; + } + + public String getOauthIntrospectUrl() { + return oauthIntrospectUrl; + } + + public void setOauthIntrospectUrl(String oauthIntrospectUrl) { + this.oauthIntrospectUrl = oauthIntrospectUrl; + } + + public String getAafEnv() { + return aafEnv; + } + + public void setAafEnv(String aafEnv) { + this.aafEnv = aafEnv; + } + + public String getAafUrl() { + return aafUrl; + } + + public void setAafUrl(String aafUrl) { + this.aafUrl = aafUrl; + } + + public String getCadiX509Issuers() { + return cadiX509Issuers; + } + + public void setCadiX509Issuers(String cadiX509Issuers) { + this.cadiX509Issuers = cadiX509Issuers; + } + + public Properties getProperties() { + Properties prop = System.getProperties(); + //prop.put("cadi_prop_files", ""); + prop.put(CADI_KEY_FILE, keyFile); + prop.put(CADI_LOG_LEVEL, cadiLoglevel); + prop.put(LATITUDE, cadiLatitude); + prop.put(LONGITUDE, cadiLongitude); + prop.put(LOCATE_URL, aafLocateUrl); + if (oauthTokenUrl != null) { + prop.put(OAUTH_TOKEN_URL, oauthTokenUrl); + } + if (oauthIntrospectUrl != null) { + prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl); + } + prop.put(AAF_ENV, aafEnv); + prop.put(AAF_URL, aafUrl); + prop.put(X509_ISSUERS, cadiX509Issuers); + return prop; + } +} \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java new file mode 100644 index 000000000..a2b6c07d0 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java @@ -0,0 +1,75 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.config; + +import java.security.Principal; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; + +/** + * Overwrite the key method isUserInRole and getUserPrincipal, to adapt to the Clamp default user verification + */ +public class ClampUserWrap extends HttpServletRequestWrapper { + + private String user; + private List roles = null; + private HttpServletRequest realRequest; + + /** + * Standard Wrapper constructor for Delegate pattern + * @param request + */ + public ClampUserWrap(HttpServletRequest request, String userName, List roles){ + super(request); + + this.user = userName; + this.roles = roles; + this.realRequest = request; + } + + @Override + public boolean isUserInRole(String role) { + if (roles == null) { + return this.realRequest.isUserInRole(role); + } + return roles.contains(role); + } + + @Override + public Principal getUserPrincipal() { + if (this.user == null) { + return realRequest.getUserPrincipal(); + } + + // make an anonymous implementation to just return our user + return new Principal() { + @Override + public String getName() { + return user; + } + }; + } +} diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java new file mode 100644 index 000000000..e43aa114d --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java @@ -0,0 +1,62 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.clamp.clds.config; + +import javax.servlet.Filter; + +import org.onap.clamp.clds.filter.ClampDefaultUserFilter; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; + +@Configuration +@Profile("clamp-default-user") +public class DefaultUserConfiguration { + + /** + * Method to return clamp default user filter. + * + * @return Filter + */ + @Bean(name = "defaultUserFilter") + public Filter defaultUserFilter() { + return new ClampDefaultUserFilter(); + } + + /** + * Method to register defaultUserFilter. + * + * @return FilterRegistrationBean + */ + @Bean + public FilterRegistrationBean defaultUserFilterRegistration() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + registration.setFilter(defaultUserFilter()); + registration.addUrlPatterns("/restservices/*"); + registration.setName("defaultUserFilter"); + registration.setOrder(0); + return registration; + } + +} \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java new file mode 100644 index 000000000..f1d50c777 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java @@ -0,0 +1,56 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.clamp.clds.config; + +import org.springframework.context.annotation.Configuration; + +import javax.annotation.PostConstruct; + +import org.springframework.beans.factory.annotation.Value; + +@Configuration +public class SSLConfiguration { + private static final String TRUST_STORE = "javax.net.ssl.trustStore"; + private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword"; + private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType"; + + @Value("${server.ssl.trust:/opt/app/osaaf/client/local/truststoreONAP.p12}") + private String sslTruststoreFile; + @Value("${server.ssl.trust-password:changeit}") + private String sslTruststorePw; + @Value("${server.ssl.trust-type:PKCS12}") + private String sslTruststoreType; + + @PostConstruct + private void configureSSL() { + if (!sslTruststoreFile.equals("none")) { + System.setProperty(TRUST_STORE, sslTruststoreFile); + } + if (!sslTruststoreType.equals("none")) { + System.setProperty(TRUST_STORE_TYPE, sslTruststoreType); + } + if (!sslTruststorePw.equals("none")) { + System.setProperty(TRUST_STORE_PW, sslTruststorePw); + } + } +} diff --git a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java index 961cc6b35..e69de29bb 100644 --- a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java +++ b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java @@ -1,140 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.config.spring; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.io.IOException; - -import org.onap.clamp.clds.config.ClampProperties; -import org.onap.clamp.clds.config.CldsUserJsonDecoder; -import org.onap.clamp.clds.exception.CldsConfigException; -import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.crypto.password.PasswordEncoder; - -/** - * This class is used to enable the HTTP authentication to login. It requires a - * specific JSON file containing the user definition - * (classpath:clds/clds-users.json). - */ -@Configuration -@EnableWebSecurity -@Profile("clamp-spring-authentication") -public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter { - - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsSecurityConfigUsers.class); - protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); - @Autowired - private ClampProperties refProp; - @Value("${clamp.config.security.permission.type.cl:permission-type-cl}") - private String cldsPersmissionTypeCl; - @Value("${CLDS_PERMISSION_INSTANCE:dev}") - private String cldsPermissionInstance; - @Value("${clamp.config.security.encoder:bcrypt}") - private String cldsEncoderMethod; - @Value("${clamp.config.security.encoder.bcrypt.strength:10}") - private Integer cldsBcryptEncoderStrength; - - /** - * This method configures on which URL the authorization will be enabled. - */ - @Override - protected void configure(HttpSecurity http) { - try { - http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**") - .authenticated().anyRequest().permitAll().and().logout() - .and().sessionManagement() - .maximumSessions(1) - .and().invalidSessionUrl("/designer/timeout.html"); - - } catch (Exception e) { - logger.error("Exception occurred during the setup of the Web users in memory", e); - throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e); - } - } - - /** - * This method is called by the framework and is used to load all the users - * defined in cldsUsersFile variable (this file path can be configured in - * the application.properties). - * - * @param auth - */ - @Autowired - public void configureGlobal(AuthenticationManagerBuilder auth) { - // configure algorithm used for password hashing - final PasswordEncoder passwordEncoder = getPasswordEncoder(); - - try { - CldsUser[] usersList = loadUsers(); - // no users defined - if (null == usersList) { - logger.warn("No users defined. Users should be defined under clds-users.json"); - return; - } - for (CldsUser user : usersList) { - auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword()) - .roles(user.getPermissionsString()).and().passwordEncoder(passwordEncoder); - } - } catch (Exception e) { - logger.error("Exception occurred during the setup of the Web users in memory", e); - throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e); - } - } - - /** - * This method loads physically the JSON file and convert it to an Array of - * CldsUser. - * - * @return The array of CldsUser - * @throws IOException - * In case of the file is not found - */ - private CldsUser[] loadUsers() throws IOException { - logger.info("Load from clds-users.properties"); - return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers")); - } - - /** - * This methods returns the chosen encoder for password hashing. - */ - private PasswordEncoder getPasswordEncoder() { - if ("bcrypt".equals(cldsEncoderMethod)) { - return new BCryptPasswordEncoder(cldsBcryptEncoderStrength); - } else { - throw new CldsConfigException("Invalid clamp.config.security.encoder value. 'bcrypt' is the only option at this time."); - } - } -} diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java new file mode 100644 index 000000000..1c3ba1cf6 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java @@ -0,0 +1,91 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ +package org.onap.clamp.clds.filter; + +import javax.servlet.FilterConfig; + +import java.io.IOException; +import java.security.Principal; +import java.security.cert.X509Certificate; +import java.util.Properties; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.context.SecurityContextImpl; +import org.springframework.security.core.userdetails.UserDetails; + +import org.springframework.beans.factory.annotation.Value; + +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.clamp.clds.config.AAFConfiguration; + +public class ClampCadiFilter extends CadiFilter { + private static final String CADI_TRUST_STORE = "cadi_truststore"; + private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password"; + private static final String CADI_KEY_STORE = "cadi_keystore"; + private static final String CADI_KEY_STORE_PW = "cadi_keystore_password"; + private static final String ALIAS = "cadi_alias"; + + @Value("${server.ssl.key-store:none}") + private String keyStore; + + @Value("${clamp.config.cadi.cadiKeystorePassword:none}") + private String keyStorePass; + + @Value("${server.ssl.trust:none}") + private String trustStore; + + @Value("${clamp.config.cadi.cadiTruststorePassword:none}") + private String trustStorePass; + + @Value("${server.ssl.key-alias:clamp@clamp.onap.org}") + private String alias; + + @Autowired + private AAFConfiguration aafConfiguration; + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + Properties props = aafConfiguration.getProperties(); + props.setProperty(CADI_KEY_STORE, trimFileName(keyStore)); + props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore)); + props.setProperty(ALIAS, alias); + props.setProperty(CADI_KEY_STORE_PW, keyStorePass); + props.setProperty(CADI_TRUST_STORE_PW, trustStorePass); + + super.init(filterConfig); + } + + private String trimFileName (String fileName) { + int index= fileName.indexOf("file:"); + if (index == -1) { + return fileName; + } else { + return fileName.substring(index+5); + } + } +} diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java new file mode 100644 index 000000000..539e3c6a5 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java @@ -0,0 +1,70 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.clamp.clds.filter; + +import java.io.IOException; +import java.util.Arrays; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.onap.clamp.clds.config.ClampProperties; +import org.onap.clamp.clds.config.ClampUserWrap; +import org.onap.clamp.clds.config.CldsUserJsonDecoder; +import org.onap.clamp.clds.exception.CldsUsersException; +import org.onap.clamp.clds.service.CldsUser; + + +public class ClampDefaultUserFilter implements Filter { + private CldsUser defaultUser; + @Autowired + private ClampProperties refProp; + + // Load the default user + public void init(FilterConfig cfg) throws ServletException { + try { + CldsUser[] users = CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers")); + defaultUser = users[0]; + } catch (IOException e) { + // not able to load default user + throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e); + } + } + + // Call the ClampUserWrapper + @Override + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException { + HttpServletRequest hreq = (HttpServletRequest)req; + chain.doFilter(new ClampUserWrap(hreq, defaultUser.getUser(), Arrays.asList(defaultUser.getPermissionsString())), res); + } + + public void destroy() { + } +} diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java index d438a4715..996116090 100644 --- a/src/main/java/org/onap/clamp/clds/service/UserService.java +++ b/src/main/java/org/onap/clamp/clds/service/UserService.java @@ -18,7 +18,6 @@ * limitations under the License. * ============LICENSE_END============================================ * =================================================================== - * */ package org.onap.clamp.clds.service; @@ -28,6 +27,8 @@ import javax.ws.rs.Path; import javax.ws.rs.PathParam; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.Context; +import javax.ws.rs.core.SecurityContext; import org.springframework.stereotype.Component; @@ -41,6 +42,8 @@ import org.springframework.stereotype.Component; MediaType.TEXT_PLAIN }) public class UserService { + @Context + private SecurityContext securityContext; /** * REST service that returns the username. @@ -49,9 +52,11 @@ public class UserService { * @return the user name */ @GET - @Path("/{userName}") + @Path("/getUser") @Produces(MediaType.TEXT_PLAIN) - public String getUser(@PathParam("userName") String userName) { + public String getUser() { + UserNameHandler userNameHandler = new DefaultUserNameHandler(); + String userName = userNameHandler.retrieveUserName(securityContext); return userName; } } \ No newline at end of file diff --git a/src/main/resources/META-INF/resources/designer/authenticate.html b/src/main/resources/META-INF/resources/designer/authenticate.html index a6c2cb8da..5429dced8 100644 --- a/src/main/resources/META-INF/resources/designer/authenticate.html +++ b/src/main/resources/META-INF/resources/designer/authenticate.html @@ -18,7 +18,6 @@ limitations under the License. ============LICENSE_END============================================ =================================================================== - -->