Added AAF Integration related changes

Created two profiles for the application to run. Basic profile will allow the application to run in the current spring security authentication. AAF profile will authenticate and authorize requests with AAF. if no profile is given, it will fallback to basic. Change-Id: I2576f02e7afca3c10e02aaffef66a60fa1c4dd1a Issue-ID: SO-2451 Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
author: Ramesh Parthasarathy <ramesh.parthasarathy@att.com> 2019-11-21 02:04:03 +0000
committer: Ramesh Parthasarathy <ramesh.parthasarathy@att.com> 2019-11-21 04:47:42 +0000
commit: 837beb73d7aa6e8f7e4e932ac71e59663b868992 (patch)
tree: a0cc058f5dd9a6df9a0bab9f1d4ec28c7f99700e /asdc-controller
parent: 70c24f9edcb8351ca8f184294c0815db5eba1904 (diff)
5 files changed, 198 insertions, 10 deletions
diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java b/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java
new file mode 100644
index 0000000000..29c9d8f952
--- /dev/null
+++ b/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.asdc;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("!test & aaf")
+public class SecurityFilters {
+
+    @Bean
+    public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+        FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+        filterRegistrationBean.setFilter(new SoCadiFilter());
+        filterRegistrationBean.setName("cadiFilter");
+        filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return filterRegistrationBean;
+    }
+}
diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java b/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java
new file mode 100644
index 0000000000..52144e264e
--- /dev/null
+++ b/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.asdc;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("!test & aaf")
+public class SoCadiFilter extends CadiFilter {
+
+    protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+    private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+    private static String AAF_API_VERSION = "aaf_api_version";
+
+    @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+    private String cadiLoglevel;
+
+    @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+    private String cadiKeyFile;
+
+    @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+    private String cadiTrustStorePassword;
+
+    @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+    private String cadiTrustStore;
+
+    @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+    private String cadiLatitude;
+
+    @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+    private String cadiLongitude;
+
+    @Value("${mso.config.cadi.aafEnv:#{null}}")
+    private String aafEnv;
+
+    @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+    private String aafApiVersion;
+
+    @Value("${mso.config.cadi.aafRootNs:#{null}}")
+    private String aafRootNs;
+
+    @Value("${mso.config.cadi.aafId:#{null}}")
+    private String aafMechId;
+
+    @Value("${mso.config.cadi.aafPassword:#{null}}")
+    private String aafMechIdPassword;
+
+    @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+    private String aafLocateUrl;
+
+    @Value("${mso.config.cadi.aafUrl:#{null}}")
+    private String aafUrl;
+
+    @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+    private String apiEnforcement;
+
+    private void checkIfNullProperty(String key, String value) {
+        /*
+         * When value is null, it is not defined in application.yaml set nothing in System properties
+         */
+        if (value != null) {
+            System.setProperty(key, value);
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+        checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+        checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+        checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+        checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+        checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+        checkIfNullProperty(Config.AAF_ENV, aafEnv);
+        checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+        checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+        checkIfNullProperty(Config.AAF_APPID, aafMechId);
+        checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+        checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+        checkIfNullProperty(Config.AAF_URL, aafUrl);
+        checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+        // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+        logger.debug(" *** init Filter Config *** ");
+        super.init(filterConfig);
+    }
+
+
+}
diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java b/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java
index b45b4f0749..8722d193fe 100644
--- a/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java
+++ b/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java
@@ -22,27 +22,57 @@ package org.onap.so.asdc;
 
 import org.onap.so.security.MSOSpringFirewall;
 import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.util.StringUtils;
 
+@Configuration
 @EnableWebSecurity
 public class WebSecurityConfigImpl extends WebSecurityConfig {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
-                .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
-                .httpBasic();
+    @Profile({"basic", "test"})
+    @Bean
+    public WebSecurityConfigurerAdapter basicAuth() {
+        return new WebSecurityConfigurerAdapter() {
+            @Override
+            protected void configure(HttpSecurity http) throws Exception {
+                http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+                        .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+                        .httpBasic();
+            }
+
+            @Override
+            public void configure(WebSecurity web) throws Exception {
+                super.configure(web);
+                StrictHttpFirewall firewall = new MSOSpringFirewall();
+                web.httpFirewall(firewall);
+            }
+
+            @Override
+            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+                auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+                        .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+            }
+
+        };
     }
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        super.configure(web);
-        StrictHttpFirewall firewall = new MSOSpringFirewall();
-        web.httpFirewall(firewall);
+    @Profile("aaf")
+    @Bean
+    public WebSecurityConfigurerAdapter noAuth() {
+        return new WebSecurityConfigurerAdapter() {
+            @Override
+            protected void configure(HttpSecurity http) throws Exception {
+                http.authorizeRequests().anyRequest().permitAll();
+            }
+        };
     }
 
 }
diff --git a/asdc-controller/src/main/resources/application-aaf.yaml b/asdc-controller/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/asdc-controller/src/main/resources/application-aaf.yaml
diff --git a/asdc-controller/src/main/resources/application-basic.yaml b/asdc-controller/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/asdc-controller/src/main/resources/application-basic.yaml
author	Ramesh Parthasarathy <ramesh.parthasarathy@att.com>	2019-11-21 02:04:03 +0000
committer	Ramesh Parthasarathy <ramesh.parthasarathy@att.com>	2019-11-21 04:47:42 +0000
commit	837beb73d7aa6e8f7e4e932ac71e59663b868992 (patch)
tree	a0cc058f5dd9a6df9a0bab9f1d4ec28c7f99700e /asdc-controller
parent	70c24f9edcb8351ca8f184294c0815db5eba1904 (diff)