summaryrefslogtreecommitdiffstats
path: root/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src
diff options
context:
space:
mode:
Diffstat (limited to 'adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src')
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java41
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java117
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java73
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml0
-rw-r--r--adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml0
5 files changed, 209 insertions, 22 deletions
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java
new file mode 100644
index 0000000000..3876d77a80
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SecurityFilters.java
@@ -0,0 +1,41 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java
new file mode 100644
index 0000000000..aefb36c6bb
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/SoCadiFilter.java
@@ -0,0 +1,117 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.vnfmadapter;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
index 792002354b..e43efd014a 100644
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/WebSecurityConfigImpl.java
@@ -1,20 +1,22 @@
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2019 Nordix Foundation.
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
@@ -23,37 +25,64 @@ package org.onap.so.adapters.vnfmadapter;
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
-/**
- * Configure the web security for the application.
- */
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
@Value("${server.ssl.client-auth:none}")
private String clientAuth;
- @Override
- protected void configure(final HttpSecurity http) throws Exception {
- if (("need").equalsIgnoreCase(clientAuth)) {
- http.csrf().disable().authorizeRequests().anyRequest().permitAll();
- } else {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
- }
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ if (("need").equalsIgnoreCase(clientAuth)) {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ } else {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ","))
+ .and().httpBasic();
+ }
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(final WebSecurity web) throws Exception {
- super.configure(web);
- final StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-aaf.yaml
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml
new file mode 100644
index 0000000000..e69de29bb2
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/resources/application-basic.yaml