summaryrefslogtreecommitdiffstats
path: root/mso-api-handlers
diff options
context:
space:
mode:
authorRamesh Parthasarathy <ramesh.parthasarathy@att.com>2019-11-21 02:04:03 +0000
committerRamesh Parthasarathy <ramesh.parthasarathy@att.com>2019-11-21 04:47:42 +0000
commit837beb73d7aa6e8f7e4e932ac71e59663b868992 (patch)
treea0cc058f5dd9a6df9a0bab9f1d4ec28c7f99700e /mso-api-handlers
parent70c24f9edcb8351ca8f184294c0815db5eba1904 (diff)
Added AAF Integration related changes
Created two profiles for the application to run. Basic profile will allow the application to run in the current spring security authentication. AAF profile will authenticate and authorize requests with AAF. if no profile is given, it will fallback to basic. Change-Id: I2576f02e7afca3c10e02aaffef66a60fa1c4dd1a Issue-ID: SO-2451 Signed-off-by: Ramesh Parthasarathy(rp6768)<ramesh.parthasarathy@att.com>
Diffstat (limited to 'mso-api-handlers')
-rw-r--r--mso-api-handlers/mso-api-handler-infra/pom.xml11
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java41
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java117
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java48
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml0
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml0
6 files changed, 205 insertions, 12 deletions
diff --git a/mso-api-handlers/mso-api-handler-infra/pom.xml b/mso-api-handlers/mso-api-handler-infra/pom.xml
index 82b86f89cc..84a80e6617 100644
--- a/mso-api-handlers/mso-api-handler-infra/pom.xml
+++ b/mso-api-handlers/mso-api-handler-infra/pom.xml
@@ -225,6 +225,17 @@
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.9</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
<build>
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java
new file mode 100644
index 0000000000..0cf63b9605
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.apihandlerinfra;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java
new file mode 100644
index 0000000000..6510440991
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.apihandlerinfra;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
index 632f371af5..a0f4615f87 100644
--- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
@@ -24,33 +24,57 @@ package org.onap.so.apihandlerinfra;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
@EnableWebSecurity
@Configuration("att-security-config")
-@Order(2)
+// @Order(2)
public class WebSecurityConfigImpl extends WebSecurityConfig {
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().antMatchers("/**").permitAll();
+ }
+ };
}
}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml