blob: 51bd69540f1c277b5c3dd8cf6b5f7189067553c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
/*-
* ============LICENSE_START=======================================================
* ONAP CLAMP
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
* ECOMP is a trademark and service mark of AT&T Intellectual Property.
*/
package org.onap.clamp.clds.config.spring;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import java.io.IOException;
import org.onap.clamp.clds.config.CldsUserJsonDecoder;
import org.onap.clamp.clds.exception.CldsUsersException;
import org.onap.clamp.clds.service.CldsUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* This class is used to enable the HTTP authentication to login. It requires a
* specific JSON file containing the user definition
* (classpath:etc/config/clds/clds-users.json).
*/
@Configuration
@EnableWebSecurity
@Profile("clamp-spring-authentication")
public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter {
protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsSecurityConfigUsers.class);
protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
@Autowired
private ApplicationContext appContext;
@Value("${org.onap.clamp.config.files.cldsUsers:'classpath:etc/config/clds/clds-users.json'}")
private String cldsUsersFile;
@Value("${clamp.config.security.permission.type.cl:permission-type-cl}")
private String cldsPersmissionTypeCl;
@Value("${CLDS_PERMISSION_INSTANCE:dev}")
private String cldsPermissionInstance;
/**
* This method configures on which URL the authorization will be enabled.
*/
@Override
protected void configure(HttpSecurity http) {
try {
http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
.authenticated().anyRequest().permitAll().and().logout();
} catch (Exception e) {
logger.error("Exception occurred during the setup of the Web users in memory", e);
throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
}
}
/**
* This method is called by the framework and is used to load all the users
* defined in cldsUsersFile variable (this file path can be configured in
* the application.properties).
*
* @param auth
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
try {
CldsUser[] usersList = loadUsers();
// no users defined
if (null == usersList) {
logger.warn("No users defined. Users should be defined under " + cldsUsersFile);
return;
}
for (CldsUser user : usersList) {
auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
.roles(user.getPermissionsString());
}
} catch (Exception e) {
logger.error("Exception occurred during the setup of the Web users in memory", e);
throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
}
}
/**
* This method loads physically the JSON file and convert it to an Array of
* CldsUser.
*
* @return The array of CldsUser
*/
private CldsUser[] loadUsers() {
try {
logger.info("Load from clds-users.properties");
return CldsUserJsonDecoder.decodeJson(appContext.getResource(cldsUsersFile).getInputStream());
} catch (IOException e) {
logger.error("Unable to decode the User Json file", e);
throw new CldsUsersException("Load from clds-users.properties", e);
}
}
}
|