diff options
5 files changed, 185 insertions, 1 deletions
diff --git a/common/pom.xml b/common/pom.xml index f42033b152..a6e8a79f56 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -15,6 +15,7 @@ <protobuf.version>3.10.0</protobuf.version> <grpc.netty.version>4.1.30.Final</grpc.netty.version> <ccsdk.version>1.1.2</ccsdk.version> + <spring-cloud-sleuth.version>2.0.2.RELEASE</spring-cloud-sleuth.version> </properties> <dependencies> <dependency> @@ -300,6 +301,10 @@ <groupId>org.ehcache</groupId> <artifactId>ehcache</artifactId> </dependency> + <dependency> + <groupId>org.springframework.cloud</groupId> + <artifactId>spring-cloud-starter-sleuth</artifactId> + </dependency> </dependencies> <dependencyManagement> <dependencies> @@ -310,6 +315,13 @@ <type>pom</type> <scope>import</scope> </dependency> + <dependency> + <groupId>org.springframework.cloud</groupId> + <artifactId>spring-cloud-sleuth</artifactId> + <version>${spring-cloud-sleuth.version}</version> + <type>pom</type> + <scope>import</scope> + </dependency> </dependencies> </dependencyManagement> <build> diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java new file mode 100644 index 0000000000..6340b1c6fb --- /dev/null +++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java @@ -0,0 +1,57 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Orange. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import java.util.ArrayList; +import java.util.List; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.http.client.ClientHttpRequestInterceptor; +import org.springframework.util.CollectionUtils; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +/** + * @author Sheel Bajpai (sheel.bajpai@orange.com) + * + */ +@Configuration +@Profile("serviceMesh") +class HttpHeaderForwarderConfig implements WebMvcConfigurer { + @Bean + public RestTemplate restTemplate() { + RestTemplate restTemplate = new RestTemplate(); + + List<ClientHttpRequestInterceptor> interceptors = restTemplate.getInterceptors(); + if (CollectionUtils.isEmpty(interceptors)) + interceptors = new ArrayList<>(); + + interceptors.add(new HttpHeaderForwarderRequestInterceptor()); + restTemplate.setInterceptors(interceptors); + return restTemplate; + } + + @Override + public void addInterceptors(InterceptorRegistry registry) { + registry.addInterceptor(new HttpHeaderForwarderHandlerInterceptor()); + } +} diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java new file mode 100644 index 0000000000..da01e5e1cf --- /dev/null +++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java @@ -0,0 +1,68 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Orange. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.function.Function; +import java.util.stream.Collectors; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.springframework.web.servlet.ModelAndView; +import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; +import com.google.common.collect.ImmutableSet; + +/** + * @author Sheel Bajpai (sheel.bajpai@orange.com) + * + */ + +public class HttpHeaderForwarderHandlerInterceptor extends HandlerInterceptorAdapter { + + private static final ThreadLocal<Map<String, List<String>>> HEADERS_THREAD_LOCAL = new ThreadLocal<>(); + + private static final Set<String> FORWARDED_HEADER_NAMES = ImmutableSet.of("authorization", "x-request-id", + "x-b3-traceid", "x-b3-spanid", "x-b3-parentspanid", "x-b3-sampled", "x-b3-flags", "x-ot-span-context"); + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { + + Map<String, List<String>> headerMap = Collections.list(request.getHeaderNames()).stream() + .map(String::toLowerCase).filter(FORWARDED_HEADER_NAMES::contains) + .collect(Collectors.toMap(Function.identity(), h -> Collections.list(request.getHeaders(h)))); + + HEADERS_THREAD_LOCAL.set(headerMap); + return super.preHandle(request, response, handler); + } + + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + HEADERS_THREAD_LOCAL.remove(); + } + + static Map<String, List<String>> getHeaders() { + return HEADERS_THREAD_LOCAL.get(); + } + +} diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java new file mode 100644 index 0000000000..18a3f3deda --- /dev/null +++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java @@ -0,0 +1,47 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Orange. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import java.io.IOException; +import java.util.List; +import java.util.Map; +import org.springframework.http.HttpRequest; +import org.springframework.http.client.ClientHttpRequestExecution; +import org.springframework.http.client.ClientHttpRequestInterceptor; +import org.springframework.http.client.ClientHttpResponse; + +/** + * @author Sheel Bajpai (sheel.bajpai@orange.com) + * + */ + +public class HttpHeaderForwarderRequestInterceptor implements ClientHttpRequestInterceptor { + + @Override + public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) + throws IOException { + + Map<String, List<String>> headerMap = HttpHeaderForwarderHandlerInterceptor.getHeaders(); + if (headerMap != null && !headerMap.isEmpty()) + request.getHeaders().putAll(HttpHeaderForwarderHandlerInterceptor.getHeaders()); + return execution.execute(request, body); + } + +} diff --git a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java index b3e4842bbd..4a112b9687 100644 --- a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java +++ b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java @@ -34,7 +34,7 @@ import org.springframework.security.web.firewall.StrictHttpFirewall; @EnableWebSecurity @Configuration @Order(2) -@Profile({"aaf", "test"}) +@Profile({"aaf", "test", "serviceMesh"}) public class SoNoAuthWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override public void configure(final WebSecurity web) throws Exception { |