Merge "Added AAF Integration related changes"

author: Seshu Kumar M <seshu.kumar.m@huawei.com> 2019-12-20 08:20:26 +0000
committer: Gerrit Code Review <gerrit@onap.org> 2019-12-20 08:20:26 +0000
commit: 77cc65a64dabb180062d5cb20827e68428033bf1 (patch)
tree: 3281e09dd3c6b61a27692858176c13e236456fc5 /mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap
parent: 07fc1b52da6485e0ec8774f79d506b696aed218a (diff)
parent: 837beb73d7aa6e8f7e4e932ac71e59663b868992 (diff)
3 files changed, 194 insertions, 12 deletions
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java
new file mode 100644
index 0000000000..0cf63b9605
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.apihandlerinfra;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+    @Bean
+    public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+        FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+        filterRegistrationBean.setFilter(new SoCadiFilter());
+        filterRegistrationBean.setName("cadiFilter");
+        filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+        return filterRegistrationBean;
+    }
+}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java
new file mode 100644
index 0000000000..6510440991
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.apihandlerinfra;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+    protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+    private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+    private static String AAF_API_VERSION = "aaf_api_version";
+
+    @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+    private String cadiLoglevel;
+
+    @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+    private String cadiKeyFile;
+
+    @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+    private String cadiTrustStorePassword;
+
+    @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+    private String cadiTrustStore;
+
+    @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+    private String cadiLatitude;
+
+    @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+    private String cadiLongitude;
+
+    @Value("${mso.config.cadi.aafEnv:#{null}}")
+    private String aafEnv;
+
+    @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+    private String aafApiVersion;
+
+    @Value("${mso.config.cadi.aafRootNs:#{null}}")
+    private String aafRootNs;
+
+    @Value("${mso.config.cadi.aafId:#{null}}")
+    private String aafMechId;
+
+    @Value("${mso.config.cadi.aafPassword:#{null}}")
+    private String aafMechIdPassword;
+
+    @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+    private String aafLocateUrl;
+
+    @Value("${mso.config.cadi.aafUrl:#{null}}")
+    private String aafUrl;
+
+    @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+    private String apiEnforcement;
+
+    private void checkIfNullProperty(String key, String value) {
+        /*
+         * When value is null, it is not defined in application.yaml set nothing in System properties
+         */
+        if (value != null) {
+            System.setProperty(key, value);
+        }
+    }
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+        checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+        checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+        checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+        checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+        checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+        checkIfNullProperty(Config.AAF_ENV, aafEnv);
+        checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+        checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+        checkIfNullProperty(Config.AAF_APPID, aafMechId);
+        checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+        checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+        checkIfNullProperty(Config.AAF_URL, aafUrl);
+        checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+        // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+        logger.debug(" *** init Filter Config *** ");
+        super.init(filterConfig);
+    }
+
+
+}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
index 632f371af5..a0f4615f87 100644
--- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
@@ -24,33 +24,57 @@ package org.onap.so.apihandlerinfra;
 
 import org.onap.so.security.MSOSpringFirewall;
 import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.firewall.StrictHttpFirewall;
 import org.springframework.util.StringUtils;
 
 @EnableWebSecurity
 @Configuration("att-security-config")
-@Order(2)
+// @Order(2)
 public class WebSecurityConfigImpl extends WebSecurityConfig {
 
+    @Profile({"basic", "test"})
+    @Bean
+    public WebSecurityConfigurerAdapter basicAuth() {
+        return new WebSecurityConfigurerAdapter() {
+            @Override
+            protected void configure(HttpSecurity http) throws Exception {
+                http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+                        .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+                        .httpBasic();
+            }
 
-    @Override
-    protected void configure(HttpSecurity http) throws Exception {
-        http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
-                .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
-                .httpBasic();
+            @Override
+            public void configure(WebSecurity web) throws Exception {
+                super.configure(web);
+                StrictHttpFirewall firewall = new MSOSpringFirewall();
+                web.httpFirewall(firewall);
+            }
 
+            @Override
+            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+                auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+                        .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+            }
+        };
     }
 
-    @Override
-    public void configure(WebSecurity web) throws Exception {
-        super.configure(web);
-        StrictHttpFirewall firewall = new MSOSpringFirewall();
-        web.httpFirewall(firewall);
+    @Profile("aaf")
+    @Bean
+    public WebSecurityConfigurerAdapter noAuth() {
+        return new WebSecurityConfigurerAdapter() {
+            @Override
+            protected void configure(HttpSecurity http) throws Exception {
+                http.authorizeRequests().antMatchers("/**").permitAll();
+            }
+        };
     }
 
 }
author	Seshu Kumar M <seshu.kumar.m@huawei.com>	2019-12-20 08:20:26 +0000
committer	Gerrit Code Review <gerrit@onap.org>	2019-12-20 08:20:26 +0000
commit	77cc65a64dabb180062d5cb20827e68428033bf1 (patch)
tree	3281e09dd3c6b61a27692858176c13e236456fc5 /mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap
parent	07fc1b52da6485e0ec8774f79d506b696aed218a (diff)
parent	837beb73d7aa6e8f7e4e932ac71e59663b868992 (diff)