summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java53
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/etsicatalog/EtsiCatalogUrlProvider.java18
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml4
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003PackageManagementControllerTest.java46
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003SubscriptionManagementControllerTest.java3
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml6
-rw-r--r--common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java68
-rw-r--r--common/src/main/java/org/onap/so/security/SoCadiFilter.java3
-rw-r--r--common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java45
-rw-r--r--common/src/main/java/org/onap/so/security/SoUserCredentialConfiguration.java (renamed from common/src/main/java/org/onap/so/security/WebSecurityConfig.java)34
-rw-r--r--common/src/main/java/org/onap/so/security/WebSecurityConfigImpl.java79
-rw-r--r--common/src/main/java/org/onap/so/utils/CryptoUtils.java2
12 files changed, 232 insertions, 129 deletions
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java
new file mode 100644
index 0000000000..4f3bbe6c5b
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java
@@ -0,0 +1,53 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter;
+
+import org.onap.so.security.SoBasicWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@EnableWebSecurity
+@Configuration
+public class VnfmBasicWebSecurityConfigurerAdapter extends SoBasicWebSecurityConfigurerAdapter {
+
+ @Value("${server.ssl.client-auth:none}")
+ private String clientAuth;
+
+ @Override
+ protected void configure(final HttpSecurity http) throws Exception {
+ if (("need").equalsIgnoreCase(clientAuth)) {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ } else {
+ super.configure(http);
+ }
+ }
+
+}
+
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/etsicatalog/EtsiCatalogUrlProvider.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/etsicatalog/EtsiCatalogUrlProvider.java
index 051f60a9c9..8382212d51 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/etsicatalog/EtsiCatalogUrlProvider.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/extclients/etsicatalog/EtsiCatalogUrlProvider.java
@@ -35,12 +35,8 @@ public class EtsiCatalogUrlProvider {
private static final Logger logger = getLogger(EtsiCatalogUrlProvider.class);
- @Value("${msb.endpoint:#{\"http://msb_iag.onap:80\"}}")
- private String msbEndpoint;
- @Value("${msb.catalogServiceUrl:#{null}}")
- private String catalogServiceUrl;
- @Value("${msb.vnfpkgmServiceUrl:#{\"/api/vnfpkgm/v1\"}}")
- private String vnfpkgmServiceUrl;
+ @Value("${etsi-catalog-manager.vnfpkgm.endpoint}")
+ private String etsiCatalogManagerEndpoint;
public EtsiCatalogUrlProvider() {}
@@ -51,7 +47,7 @@ public class EtsiCatalogUrlProvider {
* @return the URL for the GET operation
*/
public String getVnfPackageContentUrl(final String vnfPkgId) {
- final String url = msbEndpoint + vnfpkgmServiceUrl + "/vnf_packages/" + vnfPkgId + "/package_content";
+ final String url = etsiCatalogManagerEndpoint + "/vnf_packages/" + vnfPkgId + "/package_content";
logger.info("getEtsiCatalogVnfPackageContentUrl: {}", url);
return url;
}
@@ -62,7 +58,7 @@ public class EtsiCatalogUrlProvider {
* @return the URL for the GET operation
*/
public String getVnfPackagesUrl() {
- final String url = msbEndpoint + vnfpkgmServiceUrl + "/vnf_packages";
+ final String url = etsiCatalogManagerEndpoint + "/vnf_packages";
logger.info("getEtsiCatalogVnfPackagesEndpoint: {}", url);
return url;
}
@@ -74,7 +70,7 @@ public class EtsiCatalogUrlProvider {
* @return the URL for the GET operation
*/
public String getVnfPackageUrl(final String vnfPkgId) {
- final String url = msbEndpoint + vnfpkgmServiceUrl + "/vnf_packages/" + vnfPkgId;
+ final String url = etsiCatalogManagerEndpoint + "/vnf_packages/" + vnfPkgId;
logger.info("getEtsiCatalogVnfPackageEndpoint: {}", url);
return url;
}
@@ -87,7 +83,7 @@ public class EtsiCatalogUrlProvider {
* @return the URL for the GET operation
*/
public String getVnfPackageArtifactUrl(final String vnfPkgId, final String artifactPath) {
- final String url = msbEndpoint + vnfpkgmServiceUrl + "/vnf_packages/" + vnfPkgId + "/artifacts/" + artifactPath;
+ final String url = etsiCatalogManagerEndpoint + "/vnf_packages/" + vnfPkgId + "/artifacts/" + artifactPath;
logger.info("getVnfPackageArtifactUrl: {}", url);
return url;
}
@@ -99,7 +95,7 @@ public class EtsiCatalogUrlProvider {
* @return the URL for the GET operation
*/
public String getVnfPackageVnfdUrl(final String vnfPkgId) {
- final String url = msbEndpoint + vnfpkgmServiceUrl + "/vnf_packages/" + vnfPkgId + "/vnfd";
+ final String url = etsiCatalogManagerEndpoint + "/vnf_packages/" + vnfPkgId + "/vnfd";
logger.info("getEtsiCatalogVnfPackageVnfd: {}", url);
return url;
}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
index 951d4a3bb9..57dc08f3b5 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application.yaml
@@ -23,7 +23,9 @@ spring:
http:
converters:
preferred-json-mapper: gson
-
+ main:
+ allow-bean-definition-overriding: true
+
server:
port: 9092
tomcat:
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003PackageManagementControllerTest.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003PackageManagementControllerTest.java
index 74ddebed74..c5194cf27e 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003PackageManagementControllerTest.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003PackageManagementControllerTest.java
@@ -20,7 +20,10 @@
package org.onap.so.adapters.vnfmadapter.rest;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
import static org.onap.so.adapters.vnfmadapter.Constants.PACKAGE_MANAGEMENT_BASE_URL;
import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE;
import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
@@ -31,21 +34,28 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.onap.so.adapters.vnfmadapter.VnfmAdapterApplication;
-import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.*;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.Checksum;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.ProblemDetails;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.UriLink;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VNFPKGMLinkSerializer;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VnfPackageArtifactInfo;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VnfPackageSoftwareImageInfo;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VnfPkgInfo;
import org.onap.so.adapters.vnfmadapter.extclients.vnfm.packagemanagement.model.InlineResponse2001;
import org.onap.so.configuration.rest.BasicHttpHeadersProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.http.*;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.client.MockRestServiceServer;
@@ -60,8 +70,6 @@ import com.google.gson.Gson;
@ActiveProfiles("test")
public class Sol003PackageManagementControllerTest {
- private static final Logger logger = LoggerFactory.getLogger(Sol003PackageManagementControllerTest.class);
-
@LocalServerPort
private int port;
@@ -70,14 +78,11 @@ public class Sol003PackageManagementControllerTest {
private RestTemplate testRestTemplate;
@Autowired
- private Sol003PackageManagementController controller;
-
- @Autowired
private TestRestTemplate restTemplate;
private static final String VNF_PACKAGE_ID = "myVnfPackageId";
private static final String ARTIFACT_PATH = "myArtifactPath";
- private static final String MSB_BASE_URL = "http://msb_iag.onap:80/api/vnfpkgm/v1/vnf_packages";
+ private static final String MSB_BASE_URL = "http://msb-iag.onap:80/api/vnfpkgm/v1/vnf_packages";
private static final String VNFPKGM_BASE_URL = PACKAGE_MANAGEMENT_BASE_URL + "/vnf_packages";
private static final String localhostUrl = "http://localhost:";
private static final String GET_VNF_PACKAGES_URL = "";
@@ -148,16 +153,21 @@ public class Sol003PackageManagementControllerTest {
}
@Test
- @Ignore
public void testOnGetPackageContent_UnauthorizedClient_Fail() {
final String testURL = "http://localhost:" + port + PACKAGE_MANAGEMENT_BASE_URL + "/vnf_packages/"
+ VNF_PACKAGE_ID + "/package_content";
+
+ mockRestServer.expect(requestTo(MSB_BASE_URL + "/" + VNF_PACKAGE_ID + "/package_content"))
+ .andExpect(method(HttpMethod.GET)).andRespond(withStatus(HttpStatus.UNAUTHORIZED));
+
final HttpEntity<?> request = new HttpEntity<>(basicHttpHeadersProvider.getHttpHeaders());
+
+
final ResponseEntity<ProblemDetails> responseEntity =
restTemplate.exchange(testURL, HttpMethod.GET, request, ProblemDetails.class);
assertTrue(responseEntity.getBody() instanceof ProblemDetails);
- assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+ assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, responseEntity.getStatusCode());
}
@Test
@@ -183,7 +193,6 @@ public class Sol003PackageManagementControllerTest {
}
@Test
- @Ignore
public void testOnGetPackageContent_UnauthorizedServer_InternalError_Fail() {
mockRestServer.expect(requestTo(MSB_BASE_URL + "/" + VNF_PACKAGE_ID + "/package_content"))
.andExpect(method(HttpMethod.GET)).andRespond(withStatus(HttpStatus.UNAUTHORIZED));
@@ -249,16 +258,19 @@ public class Sol003PackageManagementControllerTest {
}
@Test
- @Ignore
public void testOnGetPackageArtifact_UnauthorizedClient_Fail() {
final String testURL = "http://localhost:" + port + PACKAGE_MANAGEMENT_BASE_URL + "/vnf_packages/"
+ VNF_PACKAGE_ID + "/artifacts/" + ARTIFACT_PATH;
+
+ mockRestServer.expect(requestTo(MSB_BASE_URL + "/" + VNF_PACKAGE_ID + "/artifacts/" + ARTIFACT_PATH))
+ .andExpect(method(HttpMethod.GET)).andRespond(withStatus(HttpStatus.UNAUTHORIZED));
+
final HttpEntity<?> request = new HttpEntity<>(basicHttpHeadersProvider.getHttpHeaders());
final ResponseEntity<ProblemDetails> responseEntity =
restTemplate.exchange(testURL, HttpMethod.GET, request, ProblemDetails.class);
assertNotNull(responseEntity.getBody());
- assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+ assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, responseEntity.getStatusCode());
}
@Test
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003SubscriptionManagementControllerTest.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003SubscriptionManagementControllerTest.java
index 8fc27c5943..ed1880035a 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003SubscriptionManagementControllerTest.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/java/org/onap/so/adapters/vnfmadapter/rest/Sol003SubscriptionManagementControllerTest.java
@@ -34,14 +34,13 @@ public class Sol003SubscriptionManagementControllerTest {
@Autowired
@Qualifier(CONFIGURABLE_REST_TEMPLATE)
private RestTemplate testRestTemplate;
- private MockRestServiceServer mockRestServer;
@Autowired
private Sol003SubscriptionManagementController controller;
@Before
public void setUp() throws Exception {
- mockRestServer = MockRestServiceServer.bindTo(testRestTemplate).build();
+ MockRestServiceServer.bindTo(testRestTemplate).build();
}
@Test
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
index 8cf8b51b9f..ae66464f29 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/test/resources/application.yaml
@@ -20,6 +20,8 @@ spring:
- username: vnfm
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: BPEL-Client
+ main:
+ allow-bean-definition-overriding: true
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
@@ -52,3 +54,7 @@ management:
prometheus:
enabled: true # Whether exporting of metrics to Prometheus is enabled.
step: 1m # Step size (i.e. reporting frequency) to use.
+
+etsi-catalog-manager:
+ vnfpkgm:
+ endpoint: http://msb-iag.onap:80/api/vnfpkgm/v1
diff --git a/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java
new file mode 100644
index 0000000000..c778dde9af
--- /dev/null
+++ b/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java
@@ -0,0 +1,68 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+import org.springframework.util.StringUtils;
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@EnableWebSecurity
+@Configuration
+@Order(1)
+@Profile({"basic"})
+public class SoBasicWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
+ @Autowired
+ private SoUserCredentialConfiguration soUserCredentialConfiguration;
+
+ @Override
+ protected void configure(final HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ","))
+ .and().httpBasic();
+ }
+
+ @Override
+ public void configure(final WebSecurity web) throws Exception {
+ super.configure(web);
+ final StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(soUserCredentialConfiguration.userDetailsService())
+ .passwordEncoder(soUserCredentialConfiguration.passwordEncoder());
+ }
+
+}
diff --git a/common/src/main/java/org/onap/so/security/SoCadiFilter.java b/common/src/main/java/org/onap/so/security/SoCadiFilter.java
index 9849db380f..2763d6ee15 100644
--- a/common/src/main/java/org/onap/so/security/SoCadiFilter.java
+++ b/common/src/main/java/org/onap/so/security/SoCadiFilter.java
@@ -38,9 +38,6 @@ public class SoCadiFilter extends CadiFilter {
protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
- private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
- private static String AAF_API_VERSION = "aaf_api_version";
-
@Value("${mso.config.cadi.cadiLoglevel:#{null}}")
private String cadiLoglevel;
diff --git a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java
new file mode 100644
index 0000000000..b3e4842bbd
--- /dev/null
+++ b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java
@@ -0,0 +1,45 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.security;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@EnableWebSecurity
+@Configuration
+@Order(2)
+@Profile({"aaf", "test"})
+public class SoNoAuthWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+ @Override
+ public void configure(final WebSecurity web) throws Exception {
+ web.ignoring().antMatchers("/**");
+ final StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+}
diff --git a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java b/common/src/main/java/org/onap/so/security/SoUserCredentialConfiguration.java
index 2eafc6c9cd..ee680511b9 100644
--- a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java
+++ b/common/src/main/java/org/onap/so/security/SoUserCredentialConfiguration.java
@@ -1,8 +1,6 @@
/*-
* ============LICENSE_START=======================================================
- * ONAP - SO
- * ================================================================================
- * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2020 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -15,9 +13,10 @@
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
-
package org.onap.so.security;
import java.util.ArrayList;
@@ -25,17 +24,20 @@ import java.util.List;
import javax.annotation.PostConstruct;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Component;
-
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@Component
@ConfigurationProperties(prefix = "spring.security")
-public class WebSecurityConfig {
+public class SoUserCredentialConfiguration {
- private List<UserCredentials> credentials;
- private List<String> roles = new ArrayList<>();
+ private List<UserCredentials> credentials = new ArrayList<>();
+ private final List<String> roles = new ArrayList<>();
public List<String> getRoles() {
return roles;
@@ -43,10 +45,8 @@ public class WebSecurityConfig {
@PostConstruct
private void addRoles() {
- if (credentials != null) {
- for (int i = 0; i < credentials.size(); i++) {
- roles.add(credentials.get(i).getRole());
- }
+ for (int i = 0; i < credentials.size(); i++) {
+ roles.add(credentials.get(i).getRole());
}
}
@@ -54,8 +54,10 @@ public class WebSecurityConfig {
return credentials;
}
- public void setUsercredentials(List<UserCredentials> usercredentials) {
- this.credentials = usercredentials;
+ public void setUsercredentials(final List<UserCredentials> usercredentials) {
+ if (usercredentials != null) {
+ this.credentials = usercredentials;
+ }
}
@Bean
diff --git a/common/src/main/java/org/onap/so/security/WebSecurityConfigImpl.java b/common/src/main/java/org/onap/so/security/WebSecurityConfigImpl.java
deleted file mode 100644
index c84c7e8603..0000000000
--- a/common/src/main/java/org/onap/so/security/WebSecurityConfigImpl.java
+++ /dev/null
@@ -1,79 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ONAP - SO
- * ================================================================================
- * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Modifications Copyright (c) 2019 Samsung
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.so.security;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.firewall.StrictHttpFirewall;
-import org.springframework.util.StringUtils;
-
-@EnableWebSecurity
-@Configuration()
-public class WebSecurityConfigImpl extends WebSecurityConfig {
-
- @Profile({"basic"})
- @Bean
- public WebSecurityConfigurerAdapter basicAuth() {
- return new WebSecurityConfigurerAdapter() {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
- }
-
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
- }
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
- .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
- }
- };
- }
-
- @Profile({"aaf", "test"})
- @Bean
- public WebSecurityConfigurerAdapter noAuth() {
- return new WebSecurityConfigurerAdapter() {
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/**");
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
- }
- };
- }
-
-}
diff --git a/common/src/main/java/org/onap/so/utils/CryptoUtils.java b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
index ff69e3e4b1..1c38dfb774 100644
--- a/common/src/main/java/org/onap/so/utils/CryptoUtils.java
+++ b/common/src/main/java/org/onap/so/utils/CryptoUtils.java
@@ -76,6 +76,8 @@ public final class CryptoUtils {
* @throws GeneralSecurityException
*/
public static String decrypt(String message, String keyString) throws GeneralSecurityException {
+ if (message.equals(System.getenv("PLAINTEXTPASSWORD")))
+ return message;
SecretKeySpec sks = getSecretKeySpec(keyString);
byte[] cipherText = hexStringToByteArray(message);
Cipher cipher = Cipher.getInstance(AES_GCM_NO_PADDING);