From a4eeb110b076672b3bb88f5e2f3420ae70c78f38 Mon Sep 17 00:00:00 2001 From: Yuli Shlosberg Date: Mon, 7 Jan 2019 16:23:36 +0200 Subject: Add restriction filter to onboarding Change-Id: Ief36760c8d89ac3443c8b12bfdef09c2f83abfc3 Issue-ID: SDC-2039 Signed-off-by: Yuli Shlosberg --- .../server/configuration/CookieConfig.java | 97 +++++++++++++ .../server/filters/RestrictionAccessFilter.java | 150 +++++++++++++++++++++ .../src/main/webapp/WEB-INF/web.xml | 10 ++ 3 files changed, 257 insertions(+) create mode 100644 openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java create mode 100644 openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java (limited to 'openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main') diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java new file mode 100644 index 0000000000..9b03f638a6 --- /dev/null +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/configuration/CookieConfig.java @@ -0,0 +1,97 @@ +package org.openecomp.server.configuration; + +import java.util.List; + +public class CookieConfig { + + String securityKey = ""; + long maxSessionTimeOut = 600*1000; + long sessionIdleTimeOut = 30*1000; + String cookieName = "AuthenticationCookie"; + String redirectURL = "portal_url"; + List excludedUrls; + List onboardingExcludedUrls; + String domain = ""; + String path = ""; + boolean isHttpOnly = true; + + public String getSecurityKey() { + return securityKey; + } + + public void setSecurityKey(String securityKey) { + this.securityKey = securityKey; + } + + public long getMaxSessionTimeOut() { + return maxSessionTimeOut; + } + + public void setMaxSessionTimeOut(long maxSessionTimeOut) { + this.maxSessionTimeOut = maxSessionTimeOut; + } + + public long getSessionIdleTimeOut() { + return sessionIdleTimeOut; + } + + public void setSessionIdleTimeOut(long sessionIdleTimeOut) { + this.sessionIdleTimeOut = sessionIdleTimeOut; + } + + public String getCookieName() { + return cookieName; + } + + public void setCookieName(String cookieName) { + this.cookieName = cookieName; + } + + public String getRedirectURL() { + return redirectURL; + } + + public void setRedirectURL(String redirectURL) { + this.redirectURL = redirectURL; + } + + public List getExcludedUrls() { + return excludedUrls; + } + + public void setExcludedUrls(List excludedUrls) { + this.excludedUrls = excludedUrls; + } + + public String getDomain() { + return domain; + } + + public void setDomain(String domain) { + this.domain = domain; + } + + public String getPath() { + return path; + } + + public void setPath(String path) { + this.path = path; + } + + public boolean isHttpOnly() { + return isHttpOnly; + } + + public void setIsHttpOnly(boolean isHttpOnly) { + this.isHttpOnly = isHttpOnly; + } + + public List getOnboardingExcludedUrls() { + return onboardingExcludedUrls; + } + + public void setOnboardingExcludedUrls(List onboardingExcludedUrls) { + this.onboardingExcludedUrls = onboardingExcludedUrls; + } +} diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java new file mode 100644 index 0000000000..02ee236ae8 --- /dev/null +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java @@ -0,0 +1,150 @@ +package org.openecomp.server.filters; + +import com.fasterxml.jackson.databind.ObjectMapper; +import org.onap.sdc.tosca.services.YamlUtil; +import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; +import org.openecomp.sdc.securityutil.filters.SessionValidationFilter; +import org.openecomp.server.configuration.CookieConfig; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; +import org.openecomp.sdcrests.item.rest.services.catalog.notification.EntryNotConfiguredException; + +import javax.servlet.http.Cookie; +import java.io.FileInputStream; +import java.io.IOException; +import java.io.InputStream; +import java.util.List; +import java.util.Map; +import java.util.Objects; + +public class RestrictionAccessFilter extends SessionValidationFilter { + + private static final Logger LOGGER = LoggerFactory.getLogger(RestrictionAccessFilter.class); + private static final String CONFIG_FILE_PROPERTY = "configuration.yaml"; + private static final String CONFIG_SECTION = "authCookie"; + + private static class Configuration implements ISessionValidationFilterConfiguration { + private static Configuration instance; + private String securityKey; + private long maxSessionTimeOut; + private long sessionIdleTimeOut; + private String cookieName; + private String redirectURL; + private List excludedUrls; + private String cookieDomain; + private String cookiePath; + private boolean isCookieHttpOnly; + + + private Configuration() { + try { + + String file = Objects.requireNonNull(System.getProperty(CONFIG_FILE_PROPERTY), + "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY); + + Object config = getAuthenticationConfiguration(file); + ObjectMapper mapper = new ObjectMapper(); + CookieConfig cookieConfig = mapper.convertValue(config, CookieConfig.class); + this.securityKey = cookieConfig.getSecurityKey(); + this.maxSessionTimeOut = cookieConfig.getMaxSessionTimeOut(); + this.sessionIdleTimeOut = cookieConfig.getSessionIdleTimeOut(); + this.cookieName = cookieConfig.getCookieName(); + this.redirectURL = cookieConfig.getRedirectURL(); + this.excludedUrls = cookieConfig.getOnboardingExcludedUrls(); + this.cookieDomain = cookieConfig.getDomain(); + this.cookiePath = cookieConfig.getPath(); + this.isCookieHttpOnly = cookieConfig.isHttpOnly(); + + } catch (Exception e) { + LOGGER.warn("Failed to load configuration. ", e); + } + + } + + public static Configuration getInstance() { + if (instance == null) { + instance = new Configuration(); + } + return instance; + } + + private static Object getAuthenticationConfiguration(String file) throws IOException { + + Map configuration = Objects.requireNonNull(readConfigurationFile(file), "Configuration cannot be empty"); + Object authenticationConfig = configuration.get(CONFIG_SECTION); + if (authenticationConfig == null) { + throw new EntryNotConfiguredException(CONFIG_SECTION + " section"); + } + + return authenticationConfig; + } + + private static Map readConfigurationFile(String file) throws IOException { + + try (InputStream fileInput = new FileInputStream(file)) { + YamlUtil yamlUtil = new YamlUtil(); + return yamlUtil.yamlToMap(fileInput); + } + } + + @Override + public String getSecurityKey() { + return securityKey; + } + + @Override + public long getMaxSessionTimeOut() { + return maxSessionTimeOut; + } + + @Override + public long getSessionIdleTimeOut() { + return sessionIdleTimeOut; + } + + @Override + public String getCookieName() { + return cookieName; + } + + @Override + public String getCookieDomain() { + return cookieDomain; + } + + @Override + public String getCookiePath() { + return cookiePath; + } + + @Override + public boolean isCookieHttpOnly() { + return isCookieHttpOnly; + } + + @Override + public String getRedirectURL() { + return redirectURL; + } + + @Override + public List getExcludedUrls() { + return excludedUrls; + } + } + + @Override + public ISessionValidationFilterConfiguration getFilterConfiguration() { + return Configuration.getInstance(); + } + + @Override + protected Cookie addRoleToCookie(Cookie cookie) { + return cookie; + } + + @Override + protected boolean isRoleValid(Cookie cookie) { + return true; + } +} diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml index b98ae4e82d..2b1b9893b3 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/webapp/WEB-INF/web.xml @@ -52,6 +52,16 @@ + + RestrictionAccessFilter + org.openecomp.server.filters.RestrictionAccessFilter + true + + + RestrictionAccessFilter + /* + + AuthN org.openecomp.server.filters.ActionAuthenticationFilter -- cgit 1.2.3-korg