summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SecurityFilters.java41
-rw-r--r--adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SoCadiFilter.java117
-rw-r--r--adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java50
-rw-r--r--adapters/mso-catalog-db-adapter/src/main/resources/application-aaf.yaml0
-rw-r--r--adapters/mso-catalog-db-adapter/src/main/resources/application-basic.yaml0
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SecurityFilters.java41
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SoCadiFilter.java117
-rw-r--r--adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java50
-rw-r--r--adapters/mso-openstack-adapters/src/main/resources/application-aaf.yaml0
-rw-r--r--adapters/mso-openstack-adapters/src/main/resources/application-basic.yaml0
-rw-r--r--adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java50
-rw-r--r--adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SecurityFilters.java41
-rw-r--r--adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SoCadiFilter.java117
-rw-r--r--adapters/mso-requests-db-adapter/src/main/resources/application-aaf.yaml0
-rw-r--r--adapters/mso-requests-db-adapter/src/main/resources/application-basic.yaml0
-rw-r--r--adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SecurityFilters.java41
-rw-r--r--adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SoCadiFilter.java117
-rw-r--r--adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java50
-rw-r--r--adapters/mso-sdnc-adapter/src/main/resources/application-aaf.yaml0
-rw-r--r--adapters/mso-sdnc-adapter/src/main/resources/application-basic.yaml0
-rw-r--r--adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SecurityFilters.java41
-rw-r--r--adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SoCadiFilter.java117
-rw-r--r--adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java50
-rw-r--r--adapters/mso-vfc-adapter/src/main/resources/application-aaf.yaml0
-rw-r--r--adapters/mso-vfc-adapter/src/main/resources/application-basic.yaml0
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java41
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java117
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java73
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml0
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml0
-rw-r--r--asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java41
-rw-r--r--asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java117
-rw-r--r--asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java50
-rw-r--r--asdc-controller/src/main/resources/application-aaf.yaml0
-rw-r--r--asdc-controller/src/main/resources/application-basic.yaml0
-rw-r--r--bpmn/mso-infrastructure-bpmn/pom.xml11
-rw-r--r--bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java41
-rw-r--r--bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java117
-rw-r--r--bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java53
-rw-r--r--bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml0
-rw-r--r--bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml0
-rw-r--r--bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java44
-rw-r--r--common/pom.xml11
-rw-r--r--common/src/main/java/org/onap/so/security/WebSecurityConfig.java8
-rw-r--r--mso-api-handlers/mso-api-handler-infra/pom.xml11
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java41
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java117
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java48
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml0
-rw-r--r--mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml0
-rw-r--r--packages/docker/src/main/docker/docker-files/Dockerfile.so-app1
-rw-r--r--packages/docker/src/main/docker/docker-files/certs/org.onap.so.jksbin0 -> 3582 bytes
-rw-r--r--packages/docker/src/main/docker/docker-files/certs/org.onap.so.keyfile27
-rw-r--r--packages/docker/src/main/docker/docker-files/certs/org.onap.so.trust.jksbin0 -> 1413 bytes
-rw-r--r--packages/docker/src/main/docker/docker-files/scripts/start-app.sh6
55 files changed, 1888 insertions, 127 deletions
diff --git a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SecurityFilters.java b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SecurityFilters.java
new file mode 100644
index 0000000000..040723501b
--- /dev/null
+++ b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.catalogdb;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SoCadiFilter.java b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SoCadiFilter.java
new file mode 100644
index 0000000000..e7e360d444
--- /dev/null
+++ b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.catalogdb;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java
index 1d58975e6b..8cadb00f8f 100644
--- a/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java
+++ b/adapters/mso-catalog-db-adapter/src/main/java/org/onap/so/adapters/catalogdb/WebSecurityConfigImpl.java
@@ -24,27 +24,57 @@ package org.onap.so.adapters.catalogdb;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/adapters/mso-catalog-db-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-catalog-db-adapter/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-catalog-db-adapter/src/main/resources/application-aaf.yaml
diff --git a/adapters/mso-catalog-db-adapter/src/main/resources/application-basic.yaml b/adapters/mso-catalog-db-adapter/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-catalog-db-adapter/src/main/resources/application-basic.yaml
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SecurityFilters.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SecurityFilters.java
new file mode 100644
index 0000000000..cbe619e8a0
--- /dev/null
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.openstack;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SoCadiFilter.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SoCadiFilter.java
new file mode 100644
index 0000000000..d9901b75ed
--- /dev/null
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.openstack;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java
index 97e43d9828..ddae887103 100644
--- a/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java
+++ b/adapters/mso-openstack-adapters/src/main/java/org/onap/so/adapters/openstack/WebSecurityConfigImpl.java
@@ -24,27 +24,57 @@ package org.onap.so.adapters.openstack;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/adapters/mso-openstack-adapters/src/main/resources/application-aaf.yaml b/adapters/mso-openstack-adapters/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-openstack-adapters/src/main/resources/application-aaf.yaml
diff --git a/adapters/mso-openstack-adapters/src/main/resources/application-basic.yaml b/adapters/mso-openstack-adapters/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-openstack-adapters/src/main/resources/application-basic.yaml
diff --git a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java
index b8bada298e..6cd7462299 100644
--- a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java
+++ b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/WebSecurityConfigImpl.java
@@ -24,27 +24,57 @@ package org.onap.so.adapters.requestsdb;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services")
+ .permitAll().antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SecurityFilters.java b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SecurityFilters.java
new file mode 100644
index 0000000000..a422e6a60d
--- /dev/null
+++ b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.requestsdb.application;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SoCadiFilter.java b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SoCadiFilter.java
new file mode 100644
index 0000000000..5e6ced077b
--- /dev/null
+++ b/adapters/mso-requests-db-adapter/src/main/java/org/onap/so/adapters/requestsdb/application/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.requestsdb.application;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/adapters/mso-requests-db-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-requests-db-adapter/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-requests-db-adapter/src/main/resources/application-aaf.yaml
diff --git a/adapters/mso-requests-db-adapter/src/main/resources/application-basic.yaml b/adapters/mso-requests-db-adapter/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-requests-db-adapter/src/main/resources/application-basic.yaml
diff --git a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SecurityFilters.java b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SecurityFilters.java
new file mode 100644
index 0000000000..c615440ff6
--- /dev/null
+++ b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.sdnc;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SoCadiFilter.java b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SoCadiFilter.java
new file mode 100644
index 0000000000..1e5647097c
--- /dev/null
+++ b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.sdnc;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java
index 232381385f..4d922a4cd0 100644
--- a/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java
+++ b/adapters/mso-sdnc-adapter/src/main/java/org/onap/so/adapters/sdnc/WebSecurityConfigImpl.java
@@ -24,27 +24,57 @@ package org.onap.so.adapters.sdnc;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services")
+ .permitAll().antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/adapters/mso-sdnc-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-sdnc-adapter/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-sdnc-adapter/src/main/resources/application-aaf.yaml
diff --git a/adapters/mso-sdnc-adapter/src/main/resources/application-basic.yaml b/adapters/mso-sdnc-adapter/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-sdnc-adapter/src/main/resources/application-basic.yaml
diff --git a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SecurityFilters.java b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SecurityFilters.java
new file mode 100644
index 0000000000..319d79e0fb
--- /dev/null
+++ b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vfc;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SoCadiFilter.java b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SoCadiFilter.java
new file mode 100644
index 0000000000..89526d4cda
--- /dev/null
+++ b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.vfc;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java
index e94e34d87c..28ac311b4e 100644
--- a/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java
+++ b/adapters/mso-vfc-adapter/src/main/java/org/onap/so/adapters/vfc/WebSecurityConfigImpl.java
@@ -24,27 +24,57 @@ package org.onap.so.adapters.vfc;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services")
+ .permitAll().antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/adapters/mso-vfc-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-vfc-adapter/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-vfc-adapter/src/main/resources/application-aaf.yaml
diff --git a/adapters/mso-vfc-adapter/src/main/resources/application-basic.yaml b/adapters/mso-vfc-adapter/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-vfc-adapter/src/main/resources/application-basic.yaml
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java
new file mode 100644
index 0000000000..3876d77a80
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java
new file mode 100644
index 0000000000..aefb36c6bb
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.vnfmadapter;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
index 792002354b..e43efd014a 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
@@ -1,20 +1,22 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2019 Nordix Foundation.
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
@@ -23,37 +25,64 @@ package org.onap.so.adapters.vnfmadapter;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
-/**
- * Configure the web security for the application.
- */
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
@Value("${server.ssl.client-auth:none}")
private String clientAuth;
- @Override
- protected void configure(final HttpSecurity http) throws Exception {
- if (("need").equalsIgnoreCase(clientAuth)) {
- http.csrf().disable().authorizeRequests().anyRequest().permitAll();
- } else {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
- }
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ if (("need").equalsIgnoreCase(clientAuth)) {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ } else {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ","))
+ .and().httpBasic();
+ }
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(final WebSecurity web) throws Exception {
- super.configure(web);
- final StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml
diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java b/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java
new file mode 100644
index 0000000000..29c9d8f952
--- /dev/null
+++ b/asdc-controller/src/main/java/org/onap/so/asdc/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.asdc;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("!test & aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java b/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java
new file mode 100644
index 0000000000..52144e264e
--- /dev/null
+++ b/asdc-controller/src/main/java/org/onap/so/asdc/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.asdc;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("!test & aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java b/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java
index b45b4f0749..8722d193fe 100644
--- a/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java
+++ b/asdc-controller/src/main/java/org/onap/so/asdc/WebSecurityConfigImpl.java
@@ -22,27 +22,57 @@ package org.onap.so.asdc;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/asdc-controller/src/main/resources/application-aaf.yaml b/asdc-controller/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/asdc-controller/src/main/resources/application-aaf.yaml
diff --git a/asdc-controller/src/main/resources/application-basic.yaml b/asdc-controller/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/asdc-controller/src/main/resources/application-basic.yaml
diff --git a/bpmn/mso-infrastructure-bpmn/pom.xml b/bpmn/mso-infrastructure-bpmn/pom.xml
index 1ae0dd48f7..c3c26ef5e7 100644
--- a/bpmn/mso-infrastructure-bpmn/pom.xml
+++ b/bpmn/mso-infrastructure-bpmn/pom.xml
@@ -304,5 +304,16 @@
<version>1.7.0</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.9</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
</project>
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java
new file mode 100644
index 0000000000..bdc1c504f0
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.bpmn.infrastructure;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java
new file mode 100644
index 0000000000..cb60d5d219
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.bpmn.infrastructure;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
index 1ed3214214..bcc38ec9e0 100644
--- a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
@@ -24,28 +24,57 @@ package org.onap.so.bpmn.infrastructure;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
- "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
- .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
- }
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
+ "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
+ }
}
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-aaf.yaml
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/resources/application-basic.yaml
diff --git a/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java b/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
index 1ed3214214..58e58464e1 100644
--- a/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
+++ b/bpmn/so-bpmn-infrastructure-common/src/test/java/org/onap/so/bpmn/infrastructure/WebSecurityConfigImpl.java
@@ -24,28 +24,46 @@ package org.onap.so.bpmn.infrastructure;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
- "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
- .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
- }
+ @Bean
+ @Profile("test")
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
+ "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
- }
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
+ }
}
diff --git a/common/pom.xml b/common/pom.xml
index aa1ac654da..94b28e91bd 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -131,6 +131,17 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.9</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
<version>0.9.11</version>
diff --git a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java b/common/src/main/java/org/onap/so/security/WebSecurityConfig.java
index 635784c642..44ac62d14f 100644
--- a/common/src/main/java/org/onap/so/security/WebSecurityConfig.java
+++ b/common/src/main/java/org/onap/so/security/WebSecurityConfig.java
@@ -32,7 +32,7 @@ import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@ConfigurationProperties(prefix = "spring.security")
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
private List<UserCredentials> credentials;
private List<String> roles = new ArrayList<>();
@@ -65,10 +65,4 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
- }
-
}
diff --git a/mso-api-handlers/mso-api-handler-infra/pom.xml b/mso-api-handlers/mso-api-handler-infra/pom.xml
index 82b86f89cc..84a80e6617 100644
--- a/mso-api-handlers/mso-api-handler-infra/pom.xml
+++ b/mso-api-handlers/mso-api-handler-infra/pom.xml
@@ -225,6 +225,17 @@
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.9</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
<build>
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java
new file mode 100644
index 0000000000..0cf63b9605
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.apihandlerinfra;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java
new file mode 100644
index 0000000000..6510440991
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.apihandlerinfra;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
index 632f371af5..a0f4615f87 100644
--- a/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/java/org/onap/so/apihandlerinfra/WebSecurityConfigImpl.java
@@ -24,33 +24,57 @@ package org.onap.so.apihandlerinfra;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
@EnableWebSecurity
@Configuration("att-security-config")
-@Order(2)
+// @Order(2)
public class WebSecurityConfigImpl extends WebSecurityConfig {
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().antMatchers("/**").permitAll();
+ }
+ };
}
}
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-aaf.yaml
diff --git a/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/mso-api-handlers/mso-api-handler-infra/src/main/resources/application-basic.yaml
diff --git a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app
index e8f02f12c6..90f0a6627d 100644
--- a/packages/docker/src/main/docker/docker-files/Dockerfile.so-app
+++ b/packages/docker/src/main/docker/docker-files/Dockerfile.so-app
@@ -14,6 +14,7 @@ COPY configs/logging/logback-spring.xml /app
COPY scripts/start-app.sh /app
COPY scripts/wait-for.sh /app
COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt
+COPY certs/* /app/
RUN chown -R so:so /app && chmod 700 /app/*.sh
diff --git a/packages/docker/src/main/docker/docker-files/certs/org.onap.so.jks b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.jks
new file mode 100644
index 0000000000..1e849afb5e
--- /dev/null
+++ b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.jks
Binary files differ
diff --git a/packages/docker/src/main/docker/docker-files/certs/org.onap.so.keyfile b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.keyfile
new file mode 100644
index 0000000000..9000ed29fb
--- /dev/null
+++ b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.keyfile
@@ -0,0 +1,27 @@
+xVdhDotWIx2RB3f8RxAFQb9mkHVVdIzv8eiij9cDjg_5ea5HWPS7OzLR5lv4NA0vStrAMfSAaS2e
+j4rzvrlserM9bTRco3JHb-i6ZGYMoTL6kuFJ9JMveSqg-fkwvrm7VcYQJBs1FIE3hRLNqiGJ34ud
+hDRp-cGUvNRLIImksKT2fmUyEawLLuE0Lo5aX46y0ibjIMe7clMxLHIS5-WggvkgIOPkVDcxqLT2
+OteGptqW1cjrm1ydbTkLYN6dd7ZmRsT3ULPYLEtPTlZ2vCh7bFBBvP_tjp2cZf4uSPM6EClYAikn
+dnTqivOfCZn25r0xeXuectoXbq12fws_jaCH05ZK1wJwAF_cQNfpvaiM457rE672YV3Ev4yhXCyM
+1jVL2P9Chl1sSBkZujCftvaj1rlippP9P_eohcLv84mtApEyV49rBFRMtkX9ZVdPyb8shFSoXJxk
+M6DentRzY1g37mVJ1B1YMKPNQj95nOD4gLvjbUZ7dATuroENsG7oUWkfaV6dokfTmh504ZbyeqGh
+xa7yfr3326fMQBhQMpsyqD2o_Obe5wN57p-vb469w65pUmK7iJDa0Fgxaxy8XNNnw6gCurbbsvyU
+nB8UdfhTvL5mJew_tKUvtq_KH9ajnA8giSxuFd9KM6YHJWiFMXIROEQT7hKjTJka1ghERBjcH_pY
+hbKtHdvbrS7T2hGwY_MQEUXYQBirtjaEwAvI960hXQt1K-MC8PNLRYtdLKE2Aq3amMt7ZKtrHSeN
+33I1MjXc3wRUeOi5A6qImge1Q_Wmn1SURAn9KbEv9eoMUbQUkN1z2iyw4x94BZpBk5GjDypKKOyg
+guec0UY3y9wqm5gGW7XvT3v1lZqo5180VgK49iFgA4IhWZ7dnDFQmq6IHTr1pM4kuvJ9dka9saIh
+9xCk_KINPp5_dqJ2Lhak2IeRg_Zm3belm1jvYGCyRRqfoi9WGrDh3LLZeK8MHrrfzLI4Toy_n6DG
+UNXPrXqrZPREfW2lhYLRfrivOBYWPq9JidQXn1UctSmWdNoMH7XuikBpAwmlInNA_5j9J-L-gf9D
+cw2zoby3_wvcm5vxndnocEdhqVVdo7uMmXasQqphuyJP8rgCJf_I1v0Qe5F-JXsj6xDvarOUPOTj
+Z93a64EO0KI0OznolRyBqHpIXffbGh7e1EpAE0LMESKJC3Mjmsgz1ld3s7WfdeDK-IxUEHJLHlhY
+IjBlY6q3OJDrgvPLkwoWPbI48tmRUJX1BCafvDU6W8crl4VQKhL_l5ANAX5oaKwh-0ZJAZ15tna5
+6fjWcWrtQSdNQxj0jXV7uEcBtRtyPyOk2uw4HJDBLQyyOglUUxcQZJFCFp2fCHmNyttmUJQ5U9cu
+yw9lKhsyBJ5TB4psbp64_0EalITeAGrpuH1I1N2m1O5ZY8pmrpPtA1Mb5rQ4IJqiVbZgHTcvSiN5
+Z2SilurhI1vq4_aN_UZJQvEnw9U5WU3ysphsQk8RZKbFH4W9GDtmEGbAkRkTy17KrDIuMpe--XJF
+SQHUd4tzxbiYVYHKdF6Ce1kfQ-DEFXEf7RddwuKbc7tw2pSjy1MVH4HSRoTOQQpewZRTfG-4d3MX
+B99-QgufEk1OBkfemuDhdnPty5qkOLUEG_uQKPpD0QDVf-t4OxZqk_8G_dCJcXbmY4VT3V7pdN_I
+qp2xP98wGcIPuLGlEB8px94jKdUolkqeV_UTmmkTGz-szLzgK_YhnnVJn8VeyNsPTwAFUlqiPTyT
+n_7rCb_6nNKlriadaHu6IuJWehv03ZR9jS0P1Y3YLM286deCLFu93lN3nY4yf-SEguASdHJNCBFJ
+RQViYm8Tfuim5F0KQGafheGcdZxTvBFihnDduQWNBR_bDB9zfD6OtvvkseyyWHt3gHkJm5QeCjWK
+RzRvbjLpUnA31cJeEXmnmhB5qMAvjn8yORKcotn3u4MXdHEk-s8vR_SKykS6IcaYE1xxbowtg-UG
+d1iaky1NFYa2VZ4pGx9lD93GDTDynmOSfzVeVsxhTu_5rAanpDkUYVuxOzajmRh55I8a6dRk \ No newline at end of file
diff --git a/packages/docker/src/main/docker/docker-files/certs/org.onap.so.trust.jks b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.trust.jks
new file mode 100644
index 0000000000..71c6e776a3
--- /dev/null
+++ b/packages/docker/src/main/docker/docker-files/certs/org.onap.so.trust.jks
Binary files differ
diff --git a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh
index cb5586d61d..cea680c682 100644
--- a/packages/docker/src/main/docker/docker-files/scripts/start-app.sh
+++ b/packages/docker/src/main/docker/docker-files/scripts/start-app.sh
@@ -77,7 +77,11 @@ if [ ! -z "${TRUSTSTORE}" ]; then
jksargs="$jksargs -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD}"
fi
-jvmargs="${JVM_ARGS} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}"
+if [ -z "${ACTIVE_PROFILE}" ]; then
+ export ACTIVE_PROFILE="basic"
+fi
+
+jvmargs="${JVM_ARGS} -Dspring.profiles.active=${ACTIVE_PROFILE} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}"
echo "JVM Arguments: ${jvmargs}"