diff options
| author |   Dan Timoney <dtimoney@att.com> | 2021-04-15 09:58:19 -0400 |
|---|---|---|
| committer | Dan Timoney <dtimoney@att.com> | 2021-04-20 14:32:59 -0400 |
| commit | 5c4184f9312d00166dea77b5a16ae400c669f473 (patch) | |
| tree | b954e9ab612aa58bcee2aa364990934ebbc9ed9f | |
| parent | d91aa64b55dbb561b103d40c7e8c16a3023b2717 (diff) | |
Update gra ms to use CadiFilter instead of shiro
Update code to use CadiFilter to integrate with AAF instead of
shiro plugin, which is no longer supported (also, shiro has known,
unresolved security vulnerabilities)
Change-Id: Icaa922ac833f0a44c310847740f6745624242a2b
Issue-ID: SDNC-1523
Signed-off-by: Dan Timoney <dtimoney@att.com>
5 files changed, 54 insertions, 100 deletions
diff --git a/ms/generic-resource-api/pom.xml b/ms/generic-resource-api/pom.xml index a851a14..416eaca 100644 --- a/ms/generic-resource-api/pom.xml +++ b/ms/generic-resource-api/pom.xml @@ -19,8 +19,7 @@ <properties> <start-class>org.onap.sdnc.apps.ms.gra.GenericResourceMsApp</start-class> - <shiro.version>1.5.0</shiro.version> - <aaf-shiro-bundle.version>2.1.13</aaf-shiro-bundle.version> + <aaf.cadi.version>2.1.21</aaf.cadi.version> <ccsdk.apps.version>1.2.0-SNAPSHOT</ccsdk.apps.version> <ccsdk.docker.version>1.1-STAGING-latest</ccsdk.docker.version> <sdnc.northbound.version>2.2.0-SNAPSHOT</sdnc.northbound.version> @@ -50,17 +49,16 @@ <groupId>io.swagger</groupId> <artifactId>swagger-annotations</artifactId> </dependency> - <dependency> - <groupId>org.apache.shiro</groupId> - <artifactId>shiro-spring-boot-web-starter</artifactId> - <version>${shiro.version}</version> + <dependency> + <groupId>org.springframework.boot</groupId> + <artifactId>spring-boot-starter-web</artifactId> <exclusions> <exclusion> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-logging</artifactId> </exclusion> </exclusions> - </dependency> + </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-log4j2</artifactId> @@ -70,11 +68,20 @@ <artifactId>jackson-dataformat-xml</artifactId> </dependency> <dependency> - <groupId>org.onap.aaf.cadi</groupId> - <artifactId>aaf-cadi-shiro</artifactId> - <version>${aaf-shiro-bundle.version}</version> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-auth-client</artifactId> + <version>${aaf.cadi.version}</version> + </dependency> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-misc-env</artifactId> + <version>${aaf.cadi.version}</version> + </dependency> + <dependency> + <groupId>org.onap.aaf.authz</groupId> + <artifactId>aaf-misc-rosetta</artifactId> + <version>${aaf.cadi.version}</version> </dependency> - <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> @@ -321,7 +328,6 @@ <artifactId>maven-surefire-plugin</artifactId> <version>2.19.1</version> <configuration> - <forkMode>always</forkMode> <environmentVariables> <SDNC_CONFIG_DIR>${basedir}/src/test/resources</SDNC_CONFIG_DIR> <SVCLOGIC_PROPERTIES>${basedir}/src/test/resources/svclogic.properties</SVCLOGIC_PROPERTIES> diff --git a/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/FilterConfiguration.java b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/FilterConfiguration.java new file mode 100644 index 0000000..6b96541 --- /dev/null +++ b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/FilterConfiguration.java @@ -0,0 +1,35 @@ +package org.onap.sdnc.apps.ms.gra;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.ccsdk.apps.filters.ContentTypeFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+
+@Configuration
+public class FilterConfiguration {
+
+ private static final Logger log = LoggerFactory.getLogger(FilterConfiguration.class);
+
+ @Bean
+ @Order(1)
+ public FilterRegistrationBean<CadiFilter> cadiFilter() {
+ CadiFilter filter = new CadiFilter();
+
+ FilterRegistrationBean<CadiFilter> registrationBean = new FilterRegistrationBean<>();
+ registrationBean.setFilter(filter);
+ if ("none".equals(System.getProperty("cadi_prop_files", "none"))) {
+ log.info("cadi_prop_files undefined, AAF CADI disabled");
+ registrationBean.addUrlPatterns("/xxxx/*");
+ } else {
+ registrationBean.addUrlPatterns("/*");
+ registrationBean.addInitParameter("cadi_prop_files", System.getProperty("cadi_prop_files"));
+ }
+
+ return registrationBean;
+ }
+
+}
diff --git a/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java index a0e9595..d436d21 100644 --- a/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java +++ b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java @@ -20,25 +20,19 @@ package org.onap.sdnc.apps.ms.gra; -import org.apache.shiro.realm.Realm; -import org.apache.shiro.realm.text.PropertiesRealm; -import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition; -import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition; -import org.onap.aaf.cadi.shiro.AAFRealm; import org.onap.ccsdk.apps.ms.sliboot.controllers.RestconfApiController; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.domain.EntityScan; -import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Import; import org.springframework.data.jpa.repository.config.EnableJpaRepositories; import org.springframework.transaction.annotation.EnableTransactionManagement; import springfox.documentation.swagger2.annotations.EnableSwagger2; -@SpringBootApplication(scanBasePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.services", "org.onap.ccsdk.apps.filters" }) +@SpringBootApplication(scanBasePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.services" }) @EnableJpaRepositories(basePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.ms.sliboot" }) @EntityScan(basePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.ms.sliboot" }) @EnableTransactionManagement @@ -52,36 +46,4 @@ public class GenericResourceMsApp { public static void main(String[] args) throws Exception { SpringApplication.run(GenericResourceMsApp.class, args); } - - @Bean - public Realm realm() { - - // If cadi prop files is not defined use local properties realm - // src/main/resources/shiro-users.properties - if ("none".equals(System.getProperty("cadi_prop_files", "none"))) { - log.info("cadi_prop_files undefined, AAF Realm will not be set"); - PropertiesRealm realm = new PropertiesRealm(); - return realm; - } else { - AAFRealm realm = new AAFRealm(); - return realm; - } - - } - - @Bean - public ShiroFilterChainDefinition shiroFilterChainDefinition() { - DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition(); - - // if cadi prop files is not set disable authentication - if ("none".equals(System.getProperty("cadi_prop_files", "none"))) { - chainDefinition.addPathDefinition("/**", "anon"); - } else { - log.info("Loaded property cadi_prop_files, AAF REALM set"); - chainDefinition.addPathDefinition("/**", "authcBasic, rest[org.onap.sdnc.odl:odl-api]"); - } - - return chainDefinition; - } - } diff --git a/ms/generic-resource-api/src/main/resources/shiro-users.properties b/ms/generic-resource-api/src/main/resources/shiro-users.properties deleted file mode 100644 index df4b1ae..0000000 --- a/ms/generic-resource-api/src/main/resources/shiro-users.properties +++ /dev/null @@ -1,3 +0,0 @@ -user.admin = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U,service -role.service = odl-api:* - diff --git a/ms/generic-resource-api/src/test/java/org/onap/sdnc/apps/ms/gra/controllers/GenericResourceMsAppTest.java b/ms/generic-resource-api/src/test/java/org/onap/sdnc/apps/ms/gra/controllers/GenericResourceMsAppTest.java deleted file mode 100644 index 166278a..0000000 --- a/ms/generic-resource-api/src/test/java/org/onap/sdnc/apps/ms/gra/controllers/GenericResourceMsAppTest.java +++ /dev/null @@ -1,46 +0,0 @@ -package org.onap.sdnc.apps.ms.gra.controllers; - -import org.apache.shiro.realm.Realm; -import org.apache.shiro.realm.text.PropertiesRealm; -import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.onap.sdnc.apps.ms.gra.GenericResourceMsApp; - -import java.util.Map; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -public class GenericResourceMsAppTest { - - GenericResourceMsApp app; - - @Before - public void setUp() throws Exception { - app = new GenericResourceMsApp(); - System.out.println("GenericResourceMsAppTest: Setting serviceLogicProperties, serviceLogicDirectory and sdnc.config.dir"); - System.setProperty("serviceLogicProperties", "src/test/resources/svclogic.properties"); - System.setProperty("serviceLogicDirectory", "src/test/resources/svclogic"); - System.setProperty("sdnc.config.dir", "src/test/resources"); - - } - - @Test - public void realm() { - Realm realm = app.realm(); - assertTrue(realm instanceof PropertiesRealm); - - - } - - @Test - public void shiroFilterChainDefinition() { - ShiroFilterChainDefinition chainDefinition = app.shiroFilterChainDefinition(); - Map<String, String> chainMap = chainDefinition.getFilterChainMap(); - assertEquals("anon", chainMap.get("/**")); - - - } -}
\ No newline at end of file |