aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be
diff options
context:
space:
mode:
authorxuegao <xue.gao@intl.att.com>2020-12-09 16:01:22 +0100
committerChristophe Closset <christophe.closset@intl.att.com>2021-01-19 13:51:47 +0000
commit27fa75194efcf77c93b645ef7b412668ac3f5d38 (patch)
tree123dbbf734355299ed0643a77781a0542df03888 /catalog-be
parent5b9a4251a7bce56895ca80b867ee7537e7382320 (diff)
Add basic auth
Adding basic auth for SDC apis. Issue-ID: OJSI-90 Signed-off-by: xuegao <xue.gao@intl.att.com> Change-Id: Ie84e6bab8d8526f7f4d21a36bba52d8fe9abebbb Signed-off-by: xuegao <xue.gao@intl.att.com>
Diffstat (limited to 'catalog-be')
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb6
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb3
-rw-r--r--catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb6
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java45
-rw-r--r--catalog-be/src/main/resources/config/configuration.yaml6
-rw-r--r--catalog-be/src/main/webapp/WEB-INF/web.xml18
6 files changed, 63 insertions, 21 deletions
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
index d8c737728d..40411f2041 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/attributes/default.rb
@@ -24,6 +24,12 @@ default['DCAE']['BE'][:http_port] = 8082
default['DCAE']['BE'][:https_port] = 8444
default['DCAE_BE_VIP'] = "dcae-be"
+#BasicAuth
+default['basic_auth']['enabled'] = false
+default['basic_auth'][:user_name] = "testName"
+default['basic_auth'][:user_pass] = "testPass"
+default['basic_auth']['excludedUrls'] = "/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart"
+
#Cassandra
default['cassandra']['cassandra_port'] = 9042
default['cassandra']['datacenter_name'] = "DC-"
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
index 2e66e2da98..cdb9f82729 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/recipes/BE_2_setup_configuration.rb
@@ -46,6 +46,9 @@ template "catalog-be-config" do
:catalog_ip => node['Nodes']['BE'],
:catalog_port => node['BE'][:http_port],
:ssl_port => node['BE'][:https_port],
+ :basic_auth_flag => node['basic_auth']['enabled'],
+ :user_name => node['basic_auth'][:user_name],
+ :user_pass => node['basic_auth'][:user_pass],
:cassandra_ip => node['Nodes']['CS'].join(",").gsub(/[|]/, ''),
:cassandra_port => node['cassandra']['cassandra_port'],
:rep_factor => replication_factor,
diff --git a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
index 8e62c4fbf6..1e1888e95b 100644
--- a/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
+++ b/catalog-be/src/main/docker/backend/chef-repo/cookbooks/sdc-catalog-be/templates/default/BE-configuration.yaml.erb
@@ -95,7 +95,11 @@ authCookie:
excludedUrls: [<%= node['access_restriction']['excluded_urls'] %>]
onboardingExcludedUrls: [<%= node['access_restriction']['excluded_urls_onboarding'] %>]
-
+basicAuth:
+ enabled: <%= @basic_auth_flag %>
+ userName: <%= @user_name %>
+ userPass: <%= @user_pass %>
+ excludedUrls: "/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart,/sdc2/rest/v1/catalog/uploadType/capability,/sdc2/rest/v1/catalog/uploadType/relationship,/sdc2/rest/v1/catalog/uploadType/interfaceLifecycle,/sdc2/rest/v1/catalog/uploadType/categories,/sdc2/rest/v1/catalog/uploadType/grouptypes,/sdc2/rest/v1/catalog/uploadType/policytypes,/sdc2/rest/v1/catalog/uploadType/annotationtypes"
cassandraConfig:
cassandraHosts: [<%= @cassandra_ip %>]
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java
index 8c81464ac5..cc4a11f6d9 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java
@@ -24,9 +24,14 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import fj.data.Either;
import java.nio.charset.StandardCharsets;
+import java.util.Arrays;
+import java.util.List;
import org.apache.commons.codec.binary.Base64;
+import org.glassfish.jersey.server.ContainerRequest;
import org.onap.sdc.security.Passwords;
import org.openecomp.sdc.be.components.impl.ConsumerBusinessLogic;
+import org.openecomp.sdc.be.config.Configuration;
+import org.openecomp.sdc.be.config.ConfigurationManager;
import org.openecomp.sdc.be.dao.api.ActionStatus;
import org.openecomp.sdc.be.impl.ComponentsUtils;
import org.openecomp.sdc.be.impl.WebAppContextWrapper;
@@ -59,6 +64,8 @@ public class BasicAuthenticationFilter implements ContainerRequestFilter {
private static final Logger log = Logger.getLogger(BasicAuthenticationFilter.class);
private static final String COMPONENT_UTILS_FAILED = "Authentication Filter Failed to get component utils.";
private static final String CONSUMER_BL_FAILED = "Authentication Filter Failed to get consumerBL.";
+ private static final ConfigurationManager configurationManager = ConfigurationManager.getConfigurationManager();
+ private static final Configuration.BasicAuthConfig basicAuthConf = configurationManager.getConfiguration().getBasicAuth();
@Context
private HttpServletRequest sr;
@@ -70,8 +77,15 @@ public class BasicAuthenticationFilter implements ContainerRequestFilter {
@Override
public void filter(ContainerRequestContext requestContext) throws IOException {
+ audit.startLog(requestContext);
- audit.startLog(requestContext);
+ if (!basicAuthConf.getEnabled()) {
+ return;
+ }
+ List<String> excludedUrls = Arrays.asList(basicAuthConf.getExcludedUrls().split(","));
+ if (excludedUrls.contains(((ContainerRequest) requestContext).getRequestUri().getPath())) {
+ return;
+ }
String authHeader = requestContext.getHeaderString(Constants.AUTHORIZATION_HEADER);
if (authHeader != null) {
@@ -79,24 +93,23 @@ public class BasicAuthenticationFilter implements ContainerRequestFilter {
String failedToRetrieveAuthErrorMsg = "Authentication Filter Failed Couldn't retrieve authentication, no basic authentication.";
if (st.hasMoreTokens()) {
String basic = st.nextToken();
-
if ("Basic".equalsIgnoreCase(basic)) {
String credentials = new String(Base64.decodeBase64(st.nextToken()), StandardCharsets.UTF_8);
log.debug("Credentials: {}", credentials);
checkUserCredentials(requestContext, credentials);
} else {
- log.error(failedToRetrieveAuthErrorMsg);
+ log.error(failedToRetrieveAuthErrorMsg);
authInvalidHeaderError(requestContext);
}
} else {
- log.error(failedToRetrieveAuthErrorMsg);
+ log.error(failedToRetrieveAuthErrorMsg);
authInvalidHeaderError(requestContext);
}
-
} else {
- log.error("Authentication Filter Failed no authorization header");
+ log.error("Authentication Filter Failed no authorization header");
authRequiredError(requestContext);
}
+
}
private void checkUserCredentials(ContainerRequestContext requestContext, String credentials) {
@@ -105,17 +118,14 @@ public class BasicAuthenticationFilter implements ContainerRequestFilter {
String userName = credentials.substring(0, p).trim();
String password = credentials.substring(p + 1).trim();
- ConsumerBusinessLogic consumerBL = getConsumerBusinessLogic();
- if (consumerBL == null) {
- abortWith(requestContext, CONSUMER_BL_FAILED, Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build());
- } else {
- Either<ConsumerDefinition, ResponseFormat> result = consumerBL.getConsumer(userName);
- validatePassword(requestContext, userName, password, result);
+ if (!userName.equals(basicAuthConf.getUserName()) || !password.equals(basicAuthConf.getUserPass())) {
+ log.error("Authentication Failed. Invalid userName or password");
+ authInvalidPasswordError(requestContext, userName);
}
+ authSuccessful(requestContext, userName);
} else {
- log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic authentication.");
+ log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic authentication.");
authInvalidHeaderError(requestContext);
-
}
}
@@ -130,12 +140,7 @@ public class BasicAuthenticationFilter implements ContainerRequestFilter {
}
} else {
ConsumerDefinition consumerCredentials = result.left().value();
- if (!Passwords.isExpectedPassword(password, consumerCredentials.getConsumerSalt(), consumerCredentials.getConsumerPassword())) {
- log.error("Authentication Filter Failed invalid password");
- authInvalidPasswordError(requestContext, userName);
- } else {
- authSuccessful(requestContext, userName);
- }
+
}
}
diff --git a/catalog-be/src/main/resources/config/configuration.yaml b/catalog-be/src/main/resources/config/configuration.yaml
index 298862e79f..4042b0192b 100644
--- a/catalog-be/src/main/resources/config/configuration.yaml
+++ b/catalog-be/src/main/resources/config/configuration.yaml
@@ -114,6 +114,12 @@ neo4j:
user: neo4j
password: "12345"
+basicAuth:
+ enabled: false
+ userName: "testName"
+ userPass: "testPass"
+ excludedUrls: ""
+
cassandraConfig:
cassandraHosts: [192.168.33.10]
cassandraPort: 9042
diff --git a/catalog-be/src/main/webapp/WEB-INF/web.xml b/catalog-be/src/main/webapp/WEB-INF/web.xml
index 23a08319ff..ca71eee221 100644
--- a/catalog-be/src/main/webapp/WEB-INF/web.xml
+++ b/catalog-be/src/main/webapp/WEB-INF/web.xml
@@ -17,6 +17,7 @@
<param-name>jersey.config.server.provider.classnames</param-name>
<param-value>
org.glassfish.jersey.media.multipart.MultiPartFeature,
+ org.openecomp.sdc.be.filters.BasicAuthenticationFilter,
org.openecomp.sdc.be.filters.BeServletFilter,
org.openecomp.sdc.be.filters.ComponentsAvailabilityFilter,
org.glassfish.jersey.server.filter.RolesAllowedDynamicFeature,
@@ -173,6 +174,23 @@
<url-pattern>/sdc/*</url-pattern>
</filter-mapping>
+<!--
+ <filter>
+ <filter-name>basicAuthFilter</filter-name>
+ <filter-class>
+ org.openecomp.sdc.be.filters.BasicAuthenticationFilter
+ </filter-class>
+ <init-param>
+ <param-name>excludedUrls</param-name>
+ <param-value>/sdc2/rest/healthCheck,/sdc2/rest/v1/user,/sdc2/rest/v1/user/jh0003,/sdc2/rest/v1/screen,/sdc2/rest/v1/consumers,/sdc2/rest/v1/catalog/uploadType/datatypes,/sdc2/rest/v1/catalog/upload/multipart</param-value>
+ </init-param>
+ </filter>
+
+ <filter-mapping>
+ <filter-name>basicAuthFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>-->
+
<!-- <filter>-->
<!-- <filter-name>beRestrictionAccessFilter</filter-name>-->
<!-- <filter-class>-->