From 5c4184f9312d00166dea77b5a16ae400c669f473 Mon Sep 17 00:00:00 2001
From: Dan Timoney <dtimoney@att.com>
Date: Thu, 15 Apr 2021 09:58:19 -0400
Subject: Update gra ms to use CadiFilter instead of shiro

Update code to use CadiFilter to integrate with AAF instead of
shiro plugin, which is no longer supported (also, shiro has known,
unresolved security vulnerabilities)

Change-Id: Icaa922ac833f0a44c310847740f6745624242a2b
Issue-ID: SDNC-1523
Signed-off-by: Dan Timoney <dtimoney@att.com>
---
 ms/generic-resource-api/pom.xml                    | 30 ++++++++------
 .../onap/sdnc/apps/ms/gra/FilterConfiguration.java | 35 ++++++++++++++++
 .../sdnc/apps/ms/gra/GenericResourceMsApp.java     | 40 +------------------
 .../src/main/resources/shiro-users.properties      |  3 --
 .../gra/controllers/GenericResourceMsAppTest.java  | 46 ----------------------
 5 files changed, 54 insertions(+), 100 deletions(-)
 create mode 100644 ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/FilterConfiguration.java
 delete mode 100644 ms/generic-resource-api/src/main/resources/shiro-users.properties
 delete mode 100644 ms/generic-resource-api/src/test/java/org/onap/sdnc/apps/ms/gra/controllers/GenericResourceMsAppTest.java

(limited to 'ms')

diff --git a/ms/generic-resource-api/pom.xml b/ms/generic-resource-api/pom.xml
index a851a14..416eaca 100644
--- a/ms/generic-resource-api/pom.xml
+++ b/ms/generic-resource-api/pom.xml
@@ -19,8 +19,7 @@
 
     <properties>
         <start-class>org.onap.sdnc.apps.ms.gra.GenericResourceMsApp</start-class>
-        <shiro.version>1.5.0</shiro.version>
-        <aaf-shiro-bundle.version>2.1.13</aaf-shiro-bundle.version>
+        <aaf.cadi.version>2.1.21</aaf.cadi.version>
         <ccsdk.apps.version>1.2.0-SNAPSHOT</ccsdk.apps.version>
         <ccsdk.docker.version>1.1-STAGING-latest</ccsdk.docker.version>
         <sdnc.northbound.version>2.2.0-SNAPSHOT</sdnc.northbound.version>
@@ -50,17 +49,16 @@
             <groupId>io.swagger</groupId>
             <artifactId>swagger-annotations</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.apache.shiro</groupId>
-            <artifactId>shiro-spring-boot-web-starter</artifactId>
-            <version>${shiro.version}</version>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
             <exclusions>
                 <exclusion>
                     <groupId>org.springframework.boot</groupId>
                     <artifactId>spring-boot-starter-logging</artifactId>
                 </exclusion>
             </exclusions>
-        </dependency>
+		</dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-log4j2</artifactId>
@@ -70,11 +68,20 @@
             <artifactId>jackson-dataformat-xml</artifactId>
         </dependency>
         <dependency>
-            <groupId>org.onap.aaf.cadi</groupId>
-            <artifactId>aaf-cadi-shiro</artifactId>
-            <version>${aaf-shiro-bundle.version}</version>
+            <groupId>org.onap.aaf.authz</groupId>
+            <artifactId>aaf-auth-client</artifactId>
+            <version>${aaf.cadi.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.onap.aaf.authz</groupId>
+            <artifactId>aaf-misc-env</artifactId>
+            <version>${aaf.cadi.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.onap.aaf.authz</groupId>
+            <artifactId>aaf-misc-rosetta</artifactId>
+            <version>${aaf.cadi.version}</version>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
@@ -321,7 +328,6 @@
                 <artifactId>maven-surefire-plugin</artifactId>
                 <version>2.19.1</version>
                 <configuration>
-                    <forkMode>always</forkMode>
                     <environmentVariables>
                         <SDNC_CONFIG_DIR>${basedir}/src/test/resources</SDNC_CONFIG_DIR>
                         <SVCLOGIC_PROPERTIES>${basedir}/src/test/resources/svclogic.properties</SVCLOGIC_PROPERTIES>
diff --git a/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/FilterConfiguration.java b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/FilterConfiguration.java
new file mode 100644
index 0000000..6b96541
--- /dev/null
+++ b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/FilterConfiguration.java
@@ -0,0 +1,35 @@
+package org.onap.sdnc.apps.ms.gra;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.ccsdk.apps.filters.ContentTypeFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.annotation.Order;
+
+@Configuration
+public class FilterConfiguration {
+
+    private static final Logger log = LoggerFactory.getLogger(FilterConfiguration.class);
+
+	@Bean
+	@Order(1)
+	public FilterRegistrationBean<CadiFilter> cadiFilter() {
+		CadiFilter filter = new CadiFilter();
+
+		FilterRegistrationBean<CadiFilter> registrationBean = new FilterRegistrationBean<>();
+		registrationBean.setFilter(filter);
+		if ("none".equals(System.getProperty("cadi_prop_files", "none"))) {
+            log.info("cadi_prop_files undefined, AAF CADI disabled");
+			registrationBean.addUrlPatterns("/xxxx/*");
+		} else {
+			registrationBean.addUrlPatterns("/*");
+			registrationBean.addInitParameter("cadi_prop_files", System.getProperty("cadi_prop_files"));
+		}
+
+		return registrationBean;
+	}
+
+}
diff --git a/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java
index a0e9595..d436d21 100644
--- a/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java
+++ b/ms/generic-resource-api/src/main/java/org/onap/sdnc/apps/ms/gra/GenericResourceMsApp.java
@@ -20,25 +20,19 @@
 
 package org.onap.sdnc.apps.ms.gra;
 
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.realm.text.PropertiesRealm;
-import org.apache.shiro.spring.web.config.DefaultShiroFilterChainDefinition;
-import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
-import org.onap.aaf.cadi.shiro.AAFRealm;
 import org.onap.ccsdk.apps.ms.sliboot.controllers.RestconfApiController;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 
 import springfox.documentation.swagger2.annotations.EnableSwagger2;
 
-@SpringBootApplication(scanBasePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.services", "org.onap.ccsdk.apps.filters" })
+@SpringBootApplication(scanBasePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.services" })
 @EnableJpaRepositories(basePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.ms.sliboot" })
 @EntityScan(basePackages = { "org.onap.sdnc.apps.ms.gra", "org.onap.ccsdk.apps.ms.sliboot" })
 @EnableTransactionManagement
@@ -52,36 +46,4 @@ public class GenericResourceMsApp {
     public static void main(String[] args) throws Exception {
         SpringApplication.run(GenericResourceMsApp.class, args);
     }
-
-    @Bean
-    public Realm realm() {
-
-        // If cadi prop files is not defined use local properties realm
-        // src/main/resources/shiro-users.properties
-        if ("none".equals(System.getProperty("cadi_prop_files", "none"))) {
-            log.info("cadi_prop_files undefined, AAF Realm will not be set");
-            PropertiesRealm realm = new PropertiesRealm();
-            return realm;
-        } else {
-            AAFRealm realm = new AAFRealm();
-            return realm;
-        }
-
-    }
-
-    @Bean
-    public ShiroFilterChainDefinition shiroFilterChainDefinition() {
-        DefaultShiroFilterChainDefinition chainDefinition = new DefaultShiroFilterChainDefinition();
-
-        // if cadi prop files is not set disable authentication
-        if ("none".equals(System.getProperty("cadi_prop_files", "none"))) {
-            chainDefinition.addPathDefinition("/**", "anon");
-        } else {
-            log.info("Loaded property cadi_prop_files, AAF REALM set");
-            chainDefinition.addPathDefinition("/**", "authcBasic, rest[org.onap.sdnc.odl:odl-api]");
-        }
-
-        return chainDefinition;
-    }
-
 }
diff --git a/ms/generic-resource-api/src/main/resources/shiro-users.properties b/ms/generic-resource-api/src/main/resources/shiro-users.properties
deleted file mode 100644
index df4b1ae..0000000
--- a/ms/generic-resource-api/src/main/resources/shiro-users.properties
+++ /dev/null
@@ -1,3 +0,0 @@
-user.admin = Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U,service
-role.service = odl-api:*
-
diff --git a/ms/generic-resource-api/src/test/java/org/onap/sdnc/apps/ms/gra/controllers/GenericResourceMsAppTest.java b/ms/generic-resource-api/src/test/java/org/onap/sdnc/apps/ms/gra/controllers/GenericResourceMsAppTest.java
deleted file mode 100644
index 166278a..0000000
--- a/ms/generic-resource-api/src/test/java/org/onap/sdnc/apps/ms/gra/controllers/GenericResourceMsAppTest.java
+++ /dev/null
@@ -1,46 +0,0 @@
-package org.onap.sdnc.apps.ms.gra.controllers;
-
-import org.apache.shiro.realm.Realm;
-import org.apache.shiro.realm.text.PropertiesRealm;
-import org.apache.shiro.spring.web.config.ShiroFilterChainDefinition;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.onap.sdnc.apps.ms.gra.GenericResourceMsApp;
-
-import java.util.Map;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertTrue;
-
-public class GenericResourceMsAppTest {
-
-    GenericResourceMsApp app;
-
-    @Before
-    public  void setUp() throws Exception {
-        app = new GenericResourceMsApp();
-        System.out.println("GenericResourceMsAppTest: Setting serviceLogicProperties, serviceLogicDirectory and sdnc.config.dir");
-        System.setProperty("serviceLogicProperties", "src/test/resources/svclogic.properties");
-        System.setProperty("serviceLogicDirectory", "src/test/resources/svclogic");
-        System.setProperty("sdnc.config.dir", "src/test/resources");
-   
-    }
-
-    @Test
-    public void realm() {
-        Realm realm = app.realm();
-        assertTrue(realm instanceof PropertiesRealm);
-
-
-    }
-
-    @Test
-    public void shiroFilterChainDefinition() {
-        ShiroFilterChainDefinition chainDefinition = app.shiroFilterChainDefinition();
-        Map<String, String> chainMap = chainDefinition.getFilterChainMap();
-        assertEquals("anon", chainMap.get("/**"));
-
-
-    }
-}
\ No newline at end of file
-- 
cgit 1.2.3-korg