From 505b82d23d4340e67f619675bad4580fc3ae050a Mon Sep 17 00:00:00 2001 From: "waqas.ikram" Date: Fri, 7 Feb 2020 16:10:14 +0000 Subject: Fix for SO-2598 Change-Id: If2086de6cb635f39a03927be35fed9c177919211 Issue-ID: SO-2598 Signed-off-by: waqas.ikram Making WebSecurityConfigurerAdapter configurable so that other components can configure it per there requirement Change-Id: I8f7674710ff41195946a710b86c7c8d7b52815f8 Signed-off-by: waqas.ikram --- .../VnfmBasicHttpSecurityConfigurer.java | 63 ++++++++++++++++++ .../VnfmBasicWebSecurityConfigurerAdapter.java | 56 ---------------- .../onap/so/security/HttpSecurityConfigurer.java | 32 +++++++++ .../so/security/SoBasicHttpSecurityConfigurer.java | 45 +++++++++++++ .../SoBasicWebSecurityConfigurerAdapter.java | 74 --------------------- .../security/SoWebSecurityConfigurerAdapter.java | 75 ++++++++++++++++++++++ 6 files changed, 215 insertions(+), 130 deletions(-) create mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java delete mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java create mode 100644 common/src/main/java/org/onap/so/security/HttpSecurityConfigurer.java create mode 100644 common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java delete mode 100644 common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java create mode 100644 common/src/main/java/org/onap/so/security/SoWebSecurityConfigurerAdapter.java diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java new file mode 100644 index 0000000000..1e0a18a339 --- /dev/null +++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java @@ -0,0 +1,63 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP - SO + * ================================================================================ + * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.so.adapters.vnfmadapter; + +import org.onap.so.security.HttpSecurityConfigurer; +import org.onap.so.security.SoUserCredentialConfiguration; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.context.annotation.Primary; +import org.springframework.http.HttpMethod; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * @author Gareth Roper (gareth.roper@est.tech) + * + */ +@Primary +@Component +public class VnfmBasicHttpSecurityConfigurer implements HttpSecurityConfigurer { + + @Autowired + private SoUserCredentialConfiguration soUserCredentialConfiguration; + + @Value("${server.ssl.client-auth:none}") + private String clientAuth; + + @Override + public void configure(final HttpSecurity http) throws Exception { + if (("need").equalsIgnoreCase(clientAuth)) { + http.csrf().disable().authorizeRequests().anyRequest().permitAll(); + } else { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers(HttpMethod.GET, "/etsi/subscription/notification").permitAll().antMatchers("/**") + .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ",")) + .and().httpBasic(); + + } + } +} + diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java deleted file mode 100644 index a5404607b4..0000000000 --- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java +++ /dev/null @@ -1,56 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - SO - * ================================================================================ - * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Modifications Copyright (c) 2019 Samsung - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.so.adapters.vnfmadapter; - -import org.onap.so.security.SoBasicWebSecurityConfigurerAdapter; -import org.onap.so.security.SoUserCredentialConfiguration; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.http.HttpMethod; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; - -/** - * @author Waqas Ikram (waqas.ikram@est.tech) - * @author Gareth Roper (gareth.roper@est.tech) - * - */ -@EnableWebSecurity -@Configuration -public class VnfmBasicWebSecurityConfigurerAdapter extends SoBasicWebSecurityConfigurerAdapter { - - @Value("${server.ssl.client-auth:none}") - private String clientAuth; - SoUserCredentialConfiguration soUserCredentialConfiguration; - - @Override - protected void configure(final HttpSecurity http) throws Exception { - if (("need").equalsIgnoreCase(clientAuth)) { - http.csrf().disable().authorizeRequests().anyRequest().permitAll(); - } else { - super.configure(http); - http.authorizeRequests().antMatchers(HttpMethod.GET, "/etsi/subscription/notification").permitAll(); - } - } -} - diff --git a/common/src/main/java/org/onap/so/security/HttpSecurityConfigurer.java b/common/src/main/java/org/onap/so/security/HttpSecurityConfigurer.java new file mode 100644 index 0000000000..ffd5931c92 --- /dev/null +++ b/common/src/main/java/org/onap/so/security/HttpSecurityConfigurer.java @@ -0,0 +1,32 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2020 Ericsson. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import org.springframework.security.config.annotation.web.builders.HttpSecurity; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +public interface HttpSecurityConfigurer { + + void configure(final HttpSecurity http) throws Exception; + +} diff --git a/common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java b/common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java new file mode 100644 index 0000000000..9aceb03519 --- /dev/null +++ b/common/src/main/java/org/onap/so/security/SoBasicHttpSecurityConfigurer.java @@ -0,0 +1,45 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2020 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +@Component +public class SoBasicHttpSecurityConfigurer implements HttpSecurityConfigurer { + + @Autowired + private SoUserCredentialConfiguration soUserCredentialConfiguration; + + @Override + public void configure(final HttpSecurity http) throws Exception { + http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() + .antMatchers("/**") + .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ",")) + .and().httpBasic(); + } + +} diff --git a/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java deleted file mode 100644 index 21176e0d5d..0000000000 --- a/common/src/main/java/org/onap/so/security/SoBasicWebSecurityConfigurerAdapter.java +++ /dev/null @@ -1,74 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * Copyright (C) 2020 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - * SPDX-License-Identifier: Apache-2.0 - * ============LICENSE_END========================================================= - */ -package org.onap.so.security; - -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; -import org.springframework.core.annotation.Order; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.core.userdetails.UserDetailsService; -import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; -import org.springframework.security.web.firewall.StrictHttpFirewall; -import org.springframework.util.StringUtils; - -/** - * @author Waqas Ikram (waqas.ikram@est.tech) - * - */ -@EnableWebSecurity -@Configuration -@Order(1) -@Profile({"basic"}) -public class SoBasicWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { - - @Autowired - private SoUserCredentialConfiguration soUserCredentialConfiguration; - - @Autowired - private UserDetailsService userDetailsService; - - @Autowired - private BCryptPasswordEncoder passwordEncoder; - - @Override - protected void configure(final HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll() - .antMatchers("/**") - .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ",")) - .and().httpBasic(); - } - - @Override - public void configure(final WebSecurity web) throws Exception { - super.configure(web); - final StrictHttpFirewall firewall = new MSOSpringFirewall(); - web.httpFirewall(firewall); - } - - @Override - protected void configure(final AuthenticationManagerBuilder auth) throws Exception { - auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); - } -} diff --git a/common/src/main/java/org/onap/so/security/SoWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoWebSecurityConfigurerAdapter.java new file mode 100644 index 0000000000..903d586ab1 --- /dev/null +++ b/common/src/main/java/org/onap/so/security/SoWebSecurityConfigurerAdapter.java @@ -0,0 +1,75 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2020 Ericsson. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.builders.WebSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.core.userdetails.UserDetailsService; +import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; +import org.springframework.security.web.firewall.StrictHttpFirewall; + +/** + * @author Waqas Ikram (waqas.ikram@est.tech) + * + */ +@EnableWebSecurity +@Configuration +@Order(1) +@Profile({"basic", "test"}) +public class SoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { + private static final Logger LOGGER = LoggerFactory.getLogger(SoWebSecurityConfigurerAdapter.class); + + @Autowired + private HttpSecurityConfigurer httpSecurityConfigurer; + + @Autowired + private UserDetailsService userDetailsService; + + @Autowired + private BCryptPasswordEncoder passwordEncoder; + + @Override + protected void configure(final HttpSecurity http) throws Exception { + LOGGER.debug("Injecting {} configuration ...", httpSecurityConfigurer.getClass()); + + httpSecurityConfigurer.configure(http); + } + + @Override + public void configure(final WebSecurity web) throws Exception { + super.configure(web); + final StrictHttpFirewall firewall = new MSOSpringFirewall(); + web.httpFirewall(firewall); + } + + @Override + protected void configure(final AuthenticationManagerBuilder auth) throws Exception { + auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder); + } +} -- cgit 1.2.3-korg