Merge "Added AAF Integration related changes"

6 files changed, 210 insertions, 12 deletions

diff --git a/bpmn/mso-infrastructure-bpmn/pom.xml b/bpmn/mso-infrastructure-bpmn/pom.xml
index 1ae0dd48f7..c3c26ef5e7 100644
--- a/bpmn/mso-infrastructure-bpmn/pom.xml
+++ b/bpmn/mso-infrastructure-bpmn/pom.xml
@@ -304,5 +304,16 @@
       <version>1.7.0</version>
       <scope>test</scope>
     </dependency>
+    <dependency>
+      <groupId>org.onap.aaf.authz</groupId>
+      <artifactId>aaf-cadi-aaf</artifactId>
+      <version>2.1.9</version>
+      <exclusions>
+        <exclusion>
+          <groupId>javax.servlet</groupId>
+          <artifactId>servlet-api</artifactId>
+        </exclusion>
+      </exclusions>
+    </dependency>
   </dependencies>
 </project>
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java
new file mode 100644
index 0000000000..bdc1c504f0
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.bpmn.infrastructure;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+    @Bean
+    public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+        FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+        filterRegistrationBean.setFilter(new SoCadiFilter());
+        filterRegistrationBean.setName("cadiFilter");
+        filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return filterRegistrationBean;
+    }
+}
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java
new file mode 100644
index 0000000000..cb60d5d219
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.bpmn.infrastructure;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+    protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+    private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+    private static String AAF_API_VERSION = "aaf_api_version";
+
+    @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+    private String cadiLoglevel;
+
+    @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+    private String cadiKeyFile;
+
+    @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+    private String cadiTrustStorePassword;
+
+    @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+    private String cadiTrustStore;
+
+    @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+    private String cadiLatitude;
+
+    @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+    private String cadiLongitude;
+
+    @Value("${mso.config.cadi.aafEnv:#{null}}")
+    private String aafEnv;
+
+    @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+    private String aafApiVersion;
+
+    @Value("${mso.config.cadi.aafRootNs:#{null}}")
+    private String aafRootNs;
+
+    @Value("${mso.config.cadi.aafId:#{null}}")
+    private String aafMechId;
+
+    @Value("${mso.config.cadi.aafPassword:#{null}}")
+    private String aafMechIdPassword;
+
+    @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+    private String aafLocateUrl;
+
+    @Value("${mso.config.cadi.aafUrl:#{null}}")
+    private String aafUrl;
+
+    @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+    private String apiEnforcement;
+
+    private void checkIfNullProperty(String key, String value) {
+        /*
+         * When value is null, it is not defined in application.yaml set nothing in System properties
+         */
+        if (value != null) {
+            System.setProperty(key, value);
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+        checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+        checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+        checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+        checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+        checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+        checkIfNullProperty(Config.AAF_ENV, aafEnv);
+        checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+        checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+        checkIfNullProperty(Config.AAF_APPID, aafMechId);
+        checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+        checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+        checkIfNullProperty(Config.AAF_URL, aafUrl);
+        checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+        // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+        logger.debug(" *** init Filter Config *** ");
+        super.init(filterConfig);
+    }
+
+
+}
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
index 1ed3214214..bcc38ec9e0 100644
--- a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
@@ -24,28 +24,57 @@ package org.onap.so.bpmn.infrastructure;
 
 import org.onap.so.security.MSOSpringFirewall;
 import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.util.StringUtils;
 
+@Configuration
 @EnableWebSecurity
 public class WebSecurityConfigImpl extends WebSecurityConfig {
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
-                .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
-                        "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
-                .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
-    }
+    @Profile({"basic", "test"})
+    @Bean
+    public WebSecurityConfigurerAdapter basicAuth() {
+        return new WebSecurityConfigurerAdapter() {
+            @Override
+            protected void configure(HttpSecurity http) throws Exception {
+                http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+                        .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
+                                "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
+                        .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+            }
+
+            @Override
+            public void configure(WebSecurity web) throws Exception {
+                super.configure(web);
+                StrictHttpFirewall firewall = new MSOSpringFirewall();
+                web.httpFirewall(firewall);
+            }
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        super.configure(web);
-        StrictHttpFirewall firewall = new MSOSpringFirewall();
-        web.httpFirewall(firewall);
+            @Override
+            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+                auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+                        .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+            }
+
+        };
     }
 
+    @Profile("aaf")
+    @Bean
+    public WebSecurityConfigurerAdapter noAuth() {
+        return new WebSecurityConfigurerAdapter() {
+            @Override
+            protected void configure(HttpSecurity http) throws Exception {
+                http.authorizeRequests().anyRequest().permitAll();
+            }
+        };
+    }
 }
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml