From 53688429bc4fd48f2965d4004925cee258e4efb3 Mon Sep 17 00:00:00 2001
From: "waqas.ikram" <waqas.ikram@est.tech>
Date: Fri, 10 Dec 2021 10:20:19 +0000
Subject: Fix for livenessProbe failing OOM

Change-Id: I9c5bbaaff6c141f88e55f6bb727e3f1b9d5eca39
Issue-ID: SO-3674
Signed-off-by: waqas.ikram <waqas.ikram@est.tech>
---
 .../so/bpmn/infrastructure/CXFConfiguration.java   | 12 ++--
 .../MSOInfrastructureApplication.java              | 40 +++++-------
 .../SoBpmnInfraBasicHttpSecurityConfigurer.java    | 50 +++++++++++++++
 .../src/main/resources/application.yaml            | 75 +++++++++++-----------
 .../configs/logging/logback-spring.xml             |  1 +
 5 files changed, 115 insertions(+), 63 deletions(-)
 create mode 100644 bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoBpmnInfraBasicHttpSecurityConfigurer.java

diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/CXFConfiguration.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/CXFConfiguration.java
index 6c75bdb58f..4659d77b62 100644
--- a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/CXFConfiguration.java
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/CXFConfiguration.java
@@ -42,9 +42,12 @@ import org.onap.so.logging.cxf.interceptor.SOAPLoggingInInterceptor;
 import org.onap.so.logging.cxf.interceptor.SOAPLoggingOutInterceptor;
 import org.onap.so.logging.jaxrs.filter.SOAuditLogContainerFilter;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.boot.autoconfigure.web.servlet.DispatcherServletAutoConfiguration;
 import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.DispatcherServlet;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider;
 
@@ -66,7 +69,7 @@ public class CXFConfiguration {
 
     @Autowired
     private WorkflowOnboardingSupport workflowOnboardingSupport;
-    
+
     @Autowired
     private SOAuditLogContainerFilter soAuditLogContainerFilter;
 
@@ -80,8 +83,8 @@ public class CXFConfiguration {
     private VnfAdapterNotify vnfAdapterNotifyServiceImpl;
 
     @Bean
-    public ServletRegistrationBean cxfServlet() {
-        return new ServletRegistrationBean(new CXFServlet(), "/*");
+    public ServletRegistrationBean<CXFServlet> cxfServlet() {
+        return new ServletRegistrationBean<CXFServlet>(new CXFServlet(), "/*");
     }
 
     @Bean
@@ -108,7 +111,8 @@ public class CXFConfiguration {
     public Server rsServer() {
         JAXRSServerFactoryBean endpoint = new JAXRSServerFactoryBean();
         endpoint.setBus(bus);
-        endpoint.setServiceBeans(Arrays.<Object>asList(wmr, workflowResource, workflowAsyncResource, workflowOnboardingSupport));
+        endpoint.setServiceBeans(
+                Arrays.<Object>asList(wmr, workflowResource, workflowAsyncResource, workflowOnboardingSupport));
         endpoint.setAddress("/");
         endpoint.setFeatures(Arrays.asList(createSwaggerFeature(), new LoggingFeature()));
         endpoint.setProviders(Arrays.asList(new JacksonJsonProvider(mapper), soAuditLogContainerFilter));
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/MSOInfrastructureApplication.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/MSOInfrastructureApplication.java
index 6900f3099d..c0214a976a 100644
--- a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/MSOInfrastructureApplication.java
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/MSOInfrastructureApplication.java
@@ -25,8 +25,6 @@ package org.onap.so.bpmn.infrastructure;
 import java.util.List;
 import java.util.concurrent.Executor;
 import javax.annotation.PostConstruct;
-import org.camunda.bpm.application.PreUndeploy;
-import org.camunda.bpm.application.ProcessApplicationInfo;
 import org.camunda.bpm.engine.ProcessEngine;
 import org.camunda.bpm.engine.repository.DeploymentBuilder;
 import org.onap.logging.filter.spring.MDCTaskDecorator;
@@ -34,6 +32,7 @@ import org.onap.so.bpmn.common.DefaultToShortClassNameBeanNameGenerator;
 import org.onap.so.db.catalog.beans.Workflow;
 import org.onap.so.db.catalog.client.CatalogDbClient;
 import org.onap.so.logger.LoggingAnchor;
+import org.onap.so.security.SoBasicHttpSecurityConfigurer;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -52,12 +51,6 @@ import org.springframework.context.annotation.Primary;
 import org.springframework.scheduling.annotation.EnableAsync;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
 
-import javax.annotation.PostConstruct;
-import java.util.List;
-import java.util.concurrent.Executor;
-
-import static java.util.Collections.singletonMap;
-import static org.springframework.boot.context.config.ConfigFileApplicationListener.*;
 /**
  * @since Version 1.0
  *
@@ -66,17 +59,18 @@ import static org.springframework.boot.context.config.ConfigFileApplicationListe
 @SpringBootApplication
 @EnableAsync
 @ComponentScan(basePackages = {"org.onap"}, nameGenerator = DefaultToShortClassNameBeanNameGenerator.class,
-        excludeFilters = {@Filter(type = FilterType.ANNOTATION, classes = SpringBootApplication.class)})
-@EnableAutoConfiguration(exclude= FreeMarkerAutoConfiguration.class)
+        excludeFilters = {@Filter(type = FilterType.ANNOTATION, classes = SpringBootApplication.class),
+                @Filter(type = FilterType.ASSIGNABLE_TYPE, value = SoBasicHttpSecurityConfigurer.class)})
+@EnableAutoConfiguration(exclude = FreeMarkerAutoConfiguration.class)
 public class MSOInfrastructureApplication extends SpringBootServletInitializer {
 
     private static final Logger logger = LoggerFactory.getLogger(MSOInfrastructureApplication.class);
-    
+
     @Override
     protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
-        return application
-                .sources(MSOInfrastructureApplication.class);
+        return application.sources(MSOInfrastructureApplication.class);
     }
+
     @Autowired
     private ProcessEngine processEngine;
 
@@ -118,17 +112,17 @@ public class MSOInfrastructureApplication extends SpringBootServletInitializer {
     @PostConstruct
     public void postConstruct() {
         DeploymentBuilder deploymentBuilder = processEngine.getRepositoryService().createDeployment();
-//        try {
-//            DeploymentBuilder deploymentBuilder = processEngine.getRepositoryService().createDeployment();
-//            deployCustomWorkflows(deploymentBuilder);
-//        } catch (Exception e) {
-//            logger.warn("Unable to invoke deploymentBuilder: " + e.getMessage());
-//        }
+        // try {
+        // DeploymentBuilder deploymentBuilder = processEngine.getRepositoryService().createDeployment();
+        // deployCustomWorkflows(deploymentBuilder);
+        // } catch (Exception e) {
+        // logger.warn("Unable to invoke deploymentBuilder: " + e.getMessage());
+        // }
     }
 
-//    @PreUndeploy
-//    public void cleanup(ProcessEngine processEngine, ProcessApplicationInfo processApplicationInfo,
-//            List<ProcessEngine> processEngines) {}
+    // @PreUndeploy
+    // public void cleanup(ProcessEngine processEngine, ProcessApplicationInfo processApplicationInfo,
+    // List<ProcessEngine> processEngines) {}
 
     @Bean
     @Primary
@@ -147,7 +141,7 @@ public class MSOInfrastructureApplication extends SpringBootServletInitializer {
         logger.info("Attempting to deploy custom workflows");
         try {
             List<Workflow> workflows = catalogDbClient.findWorkflowBySource(SDC_SOURCE);
-			logger.info("SDC workflows: {}", workflows );
+            logger.info("SDC workflows: {}", workflows);
             if (workflows != null && !workflows.isEmpty()) {
                 for (Workflow workflow : workflows) {
                     String workflowName = workflow.getName();
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoBpmnInfraBasicHttpSecurityConfigurer.java b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoBpmnInfraBasicHttpSecurityConfigurer.java
new file mode 100644
index 0000000000..15347f1dc5
--- /dev/null
+++ b/bpmn/mso-infrastructure-bpmn/src/main/java/org/onap/so/bpmn/infrastructure/SoBpmnInfraBasicHttpSecurityConfigurer.java
@@ -0,0 +1,50 @@
+/*-
+ * ============LICENSE_START=======================================================
+ *  Copyright (C) 2021 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * 
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.bpmn.infrastructure;
+
+import org.onap.so.security.HttpSecurityConfigurer;
+import org.onap.so.security.SoUserCredentialConfiguration;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Primary;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@Primary
+@Component("basic")
+public class SoBpmnInfraBasicHttpSecurityConfigurer implements HttpSecurityConfigurer {
+
+    @Autowired
+    private SoUserCredentialConfiguration soUserCredentialConfiguration;
+
+    @Override
+    public void configure(final HttpSecurity http) throws Exception {
+        http.csrf().disable().authorizeRequests()
+                .antMatchers("/app-api/manage", "/app-api/manage/health", "/app-api/manage/info").permitAll()
+                .antMatchers("/**")
+                .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ","))
+                .and().httpBasic();
+    }
+
+}
diff --git a/bpmn/mso-infrastructure-bpmn/src/main/resources/application.yaml b/bpmn/mso-infrastructure-bpmn/src/main/resources/application.yaml
index e68d1bad80..3a0060ff79 100644
--- a/bpmn/mso-infrastructure-bpmn/src/main/resources/application.yaml
+++ b/bpmn/mso-infrastructure-bpmn/src/main/resources/application.yaml
@@ -1,41 +1,44 @@
-server: 
-  port: 8080  
-  tomcat:
-    max-threads: 50
+server:
+   port: 8080
+   tomcat:
+      max-threads: 50
 mso:
-  infra:
-    auditInventory: false
-  camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
-spring: 
-  http:
-    multipart:
-      enabled: false
-  main:
-    allow-bean-definition-overriding: true
+   infra:
+      auditInventory: false
+   camundaAuth: AE2E9BE6EF9249085AF98689C4EE087736A5500629A72F35068FFB88813A023581DD6E765071F1C04075B36EA4213A
+spring:
+   http:
+      multipart:
+         enabled: false
+   main:
+      allow-bean-definition-overriding: true
+   mvc:
+      servlet:
+         path: /app-api
 camunda:
-  bpm:
-    application:
-      delete-upon-undeploy: false
-      scan-for-process-definitions: true
-      deploy-changed-only: true
-    job-execution:
-      deployment-aware: true
+   bpm:
+      application:
+         delete-upon-undeploy: false
+         scan-for-process-definitions: true
+         deploy-changed-only: true
+      job-execution:
+         deployment-aware: true
 #Actuator
 management:
-  endpoints:
-    web:
-      base-path: /manage
-      exposure:
-        include: "*"
-  metrics:
-    se-global-registry: false
-    export:
-      prometheus:
-        enabled: true # Whether exporting of metrics to Prometheus is enabled.
-        step: 1m # Step size (i.e. reporting frequency) to use.
+   endpoints:
+      web:
+         base-path: /manage
+         exposure:
+            include: '*'
+   metrics:
+      se-global-registry: false
+      export:
+         prometheus:
+            enabled: true # Whether exporting of metrics to Prometheus is enabled.
+            step: 1m # Step size (i.e. reporting frequency) to use.
 org:
-  onap:
-    so:
-      adapters:
-        network:
-          encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
+   onap:
+      so:
+         adapters:
+            network:
+               encryptionKey: 07a7159d3bf51a0e53be7a8f89699be7
\ No newline at end of file
diff --git a/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml b/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml
index 06bfa4a90c..423b3a03ce 100644
--- a/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml
+++ b/packages/docker/src/main/docker/docker-files/configs/logging/logback-spring.xml
@@ -184,6 +184,7 @@
     <logger name="com.att.commons" level="DEBUG" />
     <logger name="org.reflections" level="ERROR" />
     <logger name="org.springframework.boot.actuate" level="DEBUG" />
+    <logger name="org.springframework.boot.web.servlet" level="DEBUG" />
 
     <logger name="AUDIT" level="INFO" additivity="false">
         <appender-ref ref="asyncAudit" />
-- 
cgit 1.2.3-korg