summaryrefslogtreecommitdiffstats
path: root/common/src
diff options
context:
space:
mode:
Diffstat (limited to 'common/src')
-rw-r--r--common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java57
-rw-r--r--common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java68
-rw-r--r--common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java47
-rw-r--r--common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java2
4 files changed, 173 insertions, 1 deletions
diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java
new file mode 100644
index 0000000000..6340b1c6fb
--- /dev/null
+++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java
@@ -0,0 +1,57 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Orange. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.security;
+
+import java.util.ArrayList;
+import java.util.List;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.util.CollectionUtils;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/**
+ * @author Sheel Bajpai (sheel.bajpai@orange.com)
+ *
+ */
+@Configuration
+@Profile("serviceMesh")
+class HttpHeaderForwarderConfig implements WebMvcConfigurer {
+ @Bean
+ public RestTemplate restTemplate() {
+ RestTemplate restTemplate = new RestTemplate();
+
+ List<ClientHttpRequestInterceptor> interceptors = restTemplate.getInterceptors();
+ if (CollectionUtils.isEmpty(interceptors))
+ interceptors = new ArrayList<>();
+
+ interceptors.add(new HttpHeaderForwarderRequestInterceptor());
+ restTemplate.setInterceptors(interceptors);
+ return restTemplate;
+ }
+
+ @Override
+ public void addInterceptors(InterceptorRegistry registry) {
+ registry.addInterceptor(new HttpHeaderForwarderHandlerInterceptor());
+ }
+}
diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java
new file mode 100644
index 0000000000..da01e5e1cf
--- /dev/null
+++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java
@@ -0,0 +1,68 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Orange. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.security;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+import com.google.common.collect.ImmutableSet;
+
+/**
+ * @author Sheel Bajpai (sheel.bajpai@orange.com)
+ *
+ */
+
+public class HttpHeaderForwarderHandlerInterceptor extends HandlerInterceptorAdapter {
+
+ private static final ThreadLocal<Map<String, List<String>>> HEADERS_THREAD_LOCAL = new ThreadLocal<>();
+
+ private static final Set<String> FORWARDED_HEADER_NAMES = ImmutableSet.of("authorization", "x-request-id",
+ "x-b3-traceid", "x-b3-spanid", "x-b3-parentspanid", "x-b3-sampled", "x-b3-flags", "x-ot-span-context");
+
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+ throws Exception {
+
+ Map<String, List<String>> headerMap = Collections.list(request.getHeaderNames()).stream()
+ .map(String::toLowerCase).filter(FORWARDED_HEADER_NAMES::contains)
+ .collect(Collectors.toMap(Function.identity(), h -> Collections.list(request.getHeaders(h))));
+
+ HEADERS_THREAD_LOCAL.set(headerMap);
+ return super.preHandle(request, response, handler);
+ }
+
+ @Override
+ public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+ ModelAndView modelAndView) throws Exception {
+ HEADERS_THREAD_LOCAL.remove();
+ }
+
+ static Map<String, List<String>> getHeaders() {
+ return HEADERS_THREAD_LOCAL.get();
+ }
+
+}
diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java
new file mode 100644
index 0000000000..18a3f3deda
--- /dev/null
+++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java
@@ -0,0 +1,47 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2021 Orange. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.security;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import org.springframework.http.HttpRequest;
+import org.springframework.http.client.ClientHttpRequestExecution;
+import org.springframework.http.client.ClientHttpRequestInterceptor;
+import org.springframework.http.client.ClientHttpResponse;
+
+/**
+ * @author Sheel Bajpai (sheel.bajpai@orange.com)
+ *
+ */
+
+public class HttpHeaderForwarderRequestInterceptor implements ClientHttpRequestInterceptor {
+
+ @Override
+ public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution)
+ throws IOException {
+
+ Map<String, List<String>> headerMap = HttpHeaderForwarderHandlerInterceptor.getHeaders();
+ if (headerMap != null && !headerMap.isEmpty())
+ request.getHeaders().putAll(HttpHeaderForwarderHandlerInterceptor.getHeaders());
+ return execution.execute(request, body);
+ }
+
+}
diff --git a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java
index b3e4842bbd..4a112b9687 100644
--- a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java
+++ b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java
@@ -34,7 +34,7 @@ import org.springframework.security.web.firewall.StrictHttpFirewall;
@EnableWebSecurity
@Configuration
@Order(2)
-@Profile({"aaf", "test"})
+@Profile({"aaf", "test", "serviceMesh"})
public class SoNoAuthWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
@Override
public void configure(final WebSecurity web) throws Exception {