diff options
author | Yuli Shlosberg <ys9693@att.com> | 2019-01-07 16:23:36 +0200 |
---|---|---|
committer | Avi Gaffa <avi.gaffa@amdocs.com> | 2019-01-10 10:28:39 +0000 |
commit | a4eeb110b076672b3bb88f5e2f3420ae70c78f38 (patch) | |
tree | 73a205b1afa3ffca8057931cc080ff1b372af23a /openecomp-be/api | |
parent | a1f23ec5e7cd191b76271b5f33c237bad38c61c6 (diff) |
Add restriction filter to onboarding
Change-Id: Ief36760c8d89ac3443c8b12bfdef09c2f83abfc3
Issue-ID: SDC-2039
Signed-off-by: Yuli Shlosberg <ys9693@att.com>
Diffstat (limited to 'openecomp-be/api')
6 files changed, 273 insertions, 0 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/artifactName b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/artifactName new file mode 100644 index 0000000000..e69de29bb2 --- /dev/null +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/artifactName diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml index 354fcbfac6..f0bad66222 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml @@ -35,6 +35,16 @@ <filter-name>cross-origin</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> + + <filter> + <filter-name>RestrictionAccessFilter</filter-name> + <filter-class>org.openecomp.server.filters.RestrictionAccessFilter</filter-class> + <async-supported>true</async-supported> + </filter> + <filter-mapping> + <filter-name>RestrictionAccessFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> <!-- Spring WS Mapping --> <servlet> <servlet-name>spring-mapper</servlet-name> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml index 3b8924594d..18ec957acf 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml @@ -192,6 +192,12 @@ <artifactId>togglz-servlet</artifactId> <version>${togglz.version}</version> </dependency> + <dependency> + <groupId>org.openecomp.sdc</groupId> + <artifactId>openecomp-sdc-security-util</artifactId> + <version>${project.version}</version> + <scope>compile</scope> + </dependency> </dependencies> diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java new file mode 100644 index 0000000000..9b03f638a6 --- /dev/null +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java @@ -0,0 +1,97 @@ +package org.openecomp.server.configuration; + +import java.util.List; + +public class CookieConfig { + + String securityKey = ""; + long maxSessionTimeOut = 600*1000; + long sessionIdleTimeOut = 30*1000; + String cookieName = "AuthenticationCookie"; + String redirectURL = "portal_url"; + List<String> excludedUrls; + List<String> onboardingExcludedUrls; + String domain = ""; + String path = ""; + boolean isHttpOnly = true; + + public String getSecurityKey() { + return securityKey; + } + + public void setSecurityKey(String securityKey) { + this.securityKey = securityKey; + } + + public long getMaxSessionTimeOut() { + return maxSessionTimeOut; + } + + public void setMaxSessionTimeOut(long maxSessionTimeOut) { + this.maxSessionTimeOut = maxSessionTimeOut; + } + + public long getSessionIdleTimeOut() { + return sessionIdleTimeOut; + } + + public void setSessionIdleTimeOut(long sessionIdleTimeOut) { + this.sessionIdleTimeOut = sessionIdleTimeOut; + } + + public String getCookieName() { + return cookieName; + } + + public void setCookieName(String cookieName) { + this.cookieName = cookieName; + } + + public String getRedirectURL() { + return redirectURL; + } + + public void setRedirectURL(String redirectURL) { + this.redirectURL = redirectURL; + } + + public List<String> getExcludedUrls() { + return excludedUrls; + } + + public void setExcludedUrls(List<String> excludedUrls) { + this.excludedUrls = excludedUrls; + } + + public String getDomain() { + return domain; + } + + public void setDomain(String domain) { + this.domain = domain; + } + + public String getPath() { + return path; + } + + public void setPath(String path) { + this.path = path; + } + + public boolean isHttpOnly() { + return isHttpOnly; + } + + public void setIsHttpOnly(boolean isHttpOnly) { + this.isHttpOnly = isHttpOnly; + } + + public List<String> getOnboardingExcludedUrls() { + return onboardingExcludedUrls; + } + + public void setOnboardingExcludedUrls(List<String> onboardingExcludedUrls) { + this.onboardingExcludedUrls = onboardingExcludedUrls; + } +} diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java new file mode 100644 index 0000000000..02ee236ae8 --- /dev/null +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java @@ -0,0 +1,150 @@ +package org.openecomp.server.filters; + +import com.fasterxml.jackson.databind.ObjectMapper; +import org.onap.sdc.tosca.services.YamlUtil; +import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; +import org.openecomp.sdc.securityutil.filters.SessionValidationFilter; +import org.openecomp.server.configuration.CookieConfig; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; +import org.openecomp.sdcrests.item.rest.services.catalog.notification.EntryNotConfiguredException; + +import javax.servlet.http.Cookie; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +public class RestrictionAccessFilter extends SessionValidationFilter { + + private static final Logger LOGGER = LoggerFactory.getLogger(RestrictionAccessFilter.class); + private static final String CONFIG_FILE_PROPERTY = "configuration.yaml"; + private static final String CONFIG_SECTION = "authCookie"; + + private static class Configuration implements ISessionValidationFilterConfiguration { + private static Configuration instance; + private String securityKey; + private long maxSessionTimeOut; + private long sessionIdleTimeOut; + private String cookieName; + private String redirectURL; + private List<String> excludedUrls; + private String cookieDomain; + private String cookiePath; + private boolean isCookieHttpOnly; + + + private Configuration() { + try { + + String file = Objects.requireNonNull(System.getProperty(CONFIG_FILE_PROPERTY), + "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY); + + Object config = getAuthenticationConfiguration(file); + ObjectMapper mapper = new ObjectMapper(); + CookieConfig cookieConfig = mapper.convertValue(config, CookieConfig.class); + this.securityKey = cookieConfig.getSecurityKey(); + this.maxSessionTimeOut = cookieConfig.getMaxSessionTimeOut(); + this.sessionIdleTimeOut = cookieConfig.getSessionIdleTimeOut(); + this.cookieName = cookieConfig.getCookieName(); + this.redirectURL = cookieConfig.getRedirectURL(); + this.excludedUrls = cookieConfig.getOnboardingExcludedUrls(); + this.cookieDomain = cookieConfig.getDomain(); + this.cookiePath = cookieConfig.getPath(); + this.isCookieHttpOnly = cookieConfig.isHttpOnly(); + + } catch (Exception e) { + LOGGER.warn("Failed to load configuration. ", e); + } + + } + + public static Configuration getInstance() { + if (instance == null) { + instance = new Configuration(); + } + return instance; + } + + private static Object getAuthenticationConfiguration(String file) throws IOException { + + Map<?, ?> configuration = Objects.requireNonNull(readConfigurationFile(file), "Configuration cannot be empty"); + Object authenticationConfig = configuration.get(CONFIG_SECTION); + if (authenticationConfig == null) { + throw new EntryNotConfiguredException(CONFIG_SECTION + " section"); + } + + return authenticationConfig; + } + + private static Map<?, ?> readConfigurationFile(String file) throws IOException { + + try (InputStream fileInput = new FileInputStream(file)) { + YamlUtil yamlUtil = new YamlUtil(); + return yamlUtil.yamlToMap(fileInput); + } + } + + @Override + public String getSecurityKey() { + return securityKey; + } + + @Override + public long getMaxSessionTimeOut() { + return maxSessionTimeOut; + } + + @Override + public long getSessionIdleTimeOut() { + return sessionIdleTimeOut; + } + + @Override + public String getCookieName() { + return cookieName; + } + + @Override + public String getCookieDomain() { + return cookieDomain; + } + + @Override + public String getCookiePath() { + return cookiePath; + } + + @Override + public boolean isCookieHttpOnly() { + return isCookieHttpOnly; + } + + @Override + public String getRedirectURL() { + return redirectURL; + } + + @Override + public List<String> getExcludedUrls() { + return excludedUrls; + } + } + + @Override + public ISessionValidationFilterConfiguration getFilterConfiguration() { + return Configuration.getInstance(); + } + + @Override + protected Cookie addRoleToCookie(Cookie cookie) { + return cookie; + } + + @Override + protected boolean isRoleValid(Cookie cookie) { + return true; + } +} diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml index b98ae4e82d..2b1b9893b3 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml @@ -53,6 +53,16 @@ </filter> <filter> + <filter-name>RestrictionAccessFilter</filter-name> + <filter-class>org.openecomp.server.filters.RestrictionAccessFilter</filter-class> + <async-supported>true</async-supported> + </filter> + <filter-mapping> + <filter-name>RestrictionAccessFilter</filter-name> + <url-pattern>/*</url-pattern> + </filter-mapping> + + <filter> <filter-name>AuthN</filter-name> <filter-class>org.openecomp.server.filters.ActionAuthenticationFilter</filter-class> </filter> |