aboutsummaryrefslogtreecommitdiffstats
path: root/openecomp-be/api
diff options
context:
space:
mode:
authorYuli Shlosberg <ys9693@att.com>2019-01-07 16:23:36 +0200
committerAvi Gaffa <avi.gaffa@amdocs.com>2019-01-10 10:28:39 +0000
commita4eeb110b076672b3bb88f5e2f3420ae70c78f38 (patch)
tree73a205b1afa3ffca8057931cc080ff1b372af23a /openecomp-be/api
parenta1f23ec5e7cd191b76271b5f33c237bad38c61c6 (diff)
Add restriction filter to onboarding
Change-Id: Ief36760c8d89ac3443c8b12bfdef09c2f83abfc3 Issue-ID: SDC-2039 Signed-off-by: Yuli Shlosberg <ys9693@att.com>
Diffstat (limited to 'openecomp-be/api')
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/artifactName0
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml10
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml6
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java97
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java150
-rw-r--r--openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml10
6 files changed, 273 insertions, 0 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/artifactName b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/artifactName
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/action-library-rest/action-library-rest-services/artifactName
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml
index 354fcbfac6..f0bad66222 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/notifications-fe/src/main/webapp/WEB-INF/web.xml
@@ -35,6 +35,16 @@
<filter-name>cross-origin</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
+
+ <filter>
+ <filter-name>RestrictionAccessFilter</filter-name>
+ <filter-class>org.openecomp.server.filters.RestrictionAccessFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+ <filter-mapping>
+ <filter-name>RestrictionAccessFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
<!-- Spring WS Mapping -->
<servlet>
<servlet-name>spring-mapper</servlet-name>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
index 3b8924594d..18ec957acf 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/pom.xml
@@ -192,6 +192,12 @@
<artifactId>togglz-servlet</artifactId>
<version>${togglz.version}</version>
</dependency>
+ <dependency>
+ <groupId>org.openecomp.sdc</groupId>
+ <artifactId>openecomp-sdc-security-util</artifactId>
+ <version>${project.version}</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java
new file mode 100644
index 0000000000..9b03f638a6
--- /dev/null
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java
@@ -0,0 +1,97 @@
+package org.openecomp.server.configuration;
+
+import java.util.List;
+
+public class CookieConfig {
+
+ String securityKey = "";
+ long maxSessionTimeOut = 600*1000;
+ long sessionIdleTimeOut = 30*1000;
+ String cookieName = "AuthenticationCookie";
+ String redirectURL = "portal_url";
+ List<String> excludedUrls;
+ List<String> onboardingExcludedUrls;
+ String domain = "";
+ String path = "";
+ boolean isHttpOnly = true;
+
+ public String getSecurityKey() {
+ return securityKey;
+ }
+
+ public void setSecurityKey(String securityKey) {
+ this.securityKey = securityKey;
+ }
+
+ public long getMaxSessionTimeOut() {
+ return maxSessionTimeOut;
+ }
+
+ public void setMaxSessionTimeOut(long maxSessionTimeOut) {
+ this.maxSessionTimeOut = maxSessionTimeOut;
+ }
+
+ public long getSessionIdleTimeOut() {
+ return sessionIdleTimeOut;
+ }
+
+ public void setSessionIdleTimeOut(long sessionIdleTimeOut) {
+ this.sessionIdleTimeOut = sessionIdleTimeOut;
+ }
+
+ public String getCookieName() {
+ return cookieName;
+ }
+
+ public void setCookieName(String cookieName) {
+ this.cookieName = cookieName;
+ }
+
+ public String getRedirectURL() {
+ return redirectURL;
+ }
+
+ public void setRedirectURL(String redirectURL) {
+ this.redirectURL = redirectURL;
+ }
+
+ public List<String> getExcludedUrls() {
+ return excludedUrls;
+ }
+
+ public void setExcludedUrls(List<String> excludedUrls) {
+ this.excludedUrls = excludedUrls;
+ }
+
+ public String getDomain() {
+ return domain;
+ }
+
+ public void setDomain(String domain) {
+ this.domain = domain;
+ }
+
+ public String getPath() {
+ return path;
+ }
+
+ public void setPath(String path) {
+ this.path = path;
+ }
+
+ public boolean isHttpOnly() {
+ return isHttpOnly;
+ }
+
+ public void setIsHttpOnly(boolean isHttpOnly) {
+ this.isHttpOnly = isHttpOnly;
+ }
+
+ public List<String> getOnboardingExcludedUrls() {
+ return onboardingExcludedUrls;
+ }
+
+ public void setOnboardingExcludedUrls(List<String> onboardingExcludedUrls) {
+ this.onboardingExcludedUrls = onboardingExcludedUrls;
+ }
+}
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java
new file mode 100644
index 0000000000..02ee236ae8
--- /dev/null
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java
@@ -0,0 +1,150 @@
+package org.openecomp.server.filters;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import org.onap.sdc.tosca.services.YamlUtil;
+import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration;
+import org.openecomp.sdc.securityutil.filters.SessionValidationFilter;
+import org.openecomp.server.configuration.CookieConfig;
+import org.openecomp.sdc.logging.api.Logger;
+import org.openecomp.sdc.logging.api.LoggerFactory;
+import org.openecomp.sdcrests.item.rest.services.catalog.notification.EntryNotConfiguredException;
+
+import javax.servlet.http.Cookie;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.List;
+import java.util.Map;
+import java.util.Objects;
+
+public class RestrictionAccessFilter extends SessionValidationFilter {
+
+ private static final Logger LOGGER = LoggerFactory.getLogger(RestrictionAccessFilter.class);
+ private static final String CONFIG_FILE_PROPERTY = "configuration.yaml";
+ private static final String CONFIG_SECTION = "authCookie";
+
+ private static class Configuration implements ISessionValidationFilterConfiguration {
+ private static Configuration instance;
+ private String securityKey;
+ private long maxSessionTimeOut;
+ private long sessionIdleTimeOut;
+ private String cookieName;
+ private String redirectURL;
+ private List<String> excludedUrls;
+ private String cookieDomain;
+ private String cookiePath;
+ private boolean isCookieHttpOnly;
+
+
+ private Configuration() {
+ try {
+
+ String file = Objects.requireNonNull(System.getProperty(CONFIG_FILE_PROPERTY),
+ "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY);
+
+ Object config = getAuthenticationConfiguration(file);
+ ObjectMapper mapper = new ObjectMapper();
+ CookieConfig cookieConfig = mapper.convertValue(config, CookieConfig.class);
+ this.securityKey = cookieConfig.getSecurityKey();
+ this.maxSessionTimeOut = cookieConfig.getMaxSessionTimeOut();
+ this.sessionIdleTimeOut = cookieConfig.getSessionIdleTimeOut();
+ this.cookieName = cookieConfig.getCookieName();
+ this.redirectURL = cookieConfig.getRedirectURL();
+ this.excludedUrls = cookieConfig.getOnboardingExcludedUrls();
+ this.cookieDomain = cookieConfig.getDomain();
+ this.cookiePath = cookieConfig.getPath();
+ this.isCookieHttpOnly = cookieConfig.isHttpOnly();
+
+ } catch (Exception e) {
+ LOGGER.warn("Failed to load configuration. ", e);
+ }
+
+ }
+
+ public static Configuration getInstance() {
+ if (instance == null) {
+ instance = new Configuration();
+ }
+ return instance;
+ }
+
+ private static Object getAuthenticationConfiguration(String file) throws IOException {
+
+ Map<?, ?> configuration = Objects.requireNonNull(readConfigurationFile(file), "Configuration cannot be empty");
+ Object authenticationConfig = configuration.get(CONFIG_SECTION);
+ if (authenticationConfig == null) {
+ throw new EntryNotConfiguredException(CONFIG_SECTION + " section");
+ }
+
+ return authenticationConfig;
+ }
+
+ private static Map<?, ?> readConfigurationFile(String file) throws IOException {
+
+ try (InputStream fileInput = new FileInputStream(file)) {
+ YamlUtil yamlUtil = new YamlUtil();
+ return yamlUtil.yamlToMap(fileInput);
+ }
+ }
+
+ @Override
+ public String getSecurityKey() {
+ return securityKey;
+ }
+
+ @Override
+ public long getMaxSessionTimeOut() {
+ return maxSessionTimeOut;
+ }
+
+ @Override
+ public long getSessionIdleTimeOut() {
+ return sessionIdleTimeOut;
+ }
+
+ @Override
+ public String getCookieName() {
+ return cookieName;
+ }
+
+ @Override
+ public String getCookieDomain() {
+ return cookieDomain;
+ }
+
+ @Override
+ public String getCookiePath() {
+ return cookiePath;
+ }
+
+ @Override
+ public boolean isCookieHttpOnly() {
+ return isCookieHttpOnly;
+ }
+
+ @Override
+ public String getRedirectURL() {
+ return redirectURL;
+ }
+
+ @Override
+ public List<String> getExcludedUrls() {
+ return excludedUrls;
+ }
+ }
+
+ @Override
+ public ISessionValidationFilterConfiguration getFilterConfiguration() {
+ return Configuration.getInstance();
+ }
+
+ @Override
+ protected Cookie addRoleToCookie(Cookie cookie) {
+ return cookie;
+ }
+
+ @Override
+ protected boolean isRoleValid(Cookie cookie) {
+ return true;
+ }
+}
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
index b98ae4e82d..2b1b9893b3 100644
--- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
+++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml
@@ -53,6 +53,16 @@
</filter>
<filter>
+ <filter-name>RestrictionAccessFilter</filter-name>
+ <filter-class>org.openecomp.server.filters.RestrictionAccessFilter</filter-class>
+ <async-supported>true</async-supported>
+ </filter>
+ <filter-mapping>
+ <filter-name>RestrictionAccessFilter</filter-name>
+ <url-pattern>/*</url-pattern>
+ </filter-mapping>
+
+ <filter>
<filter-name>AuthN</filter-name>
<filter-class>org.openecomp.server.filters.ActionAuthenticationFilter</filter-class>
</filter>