From 58dbebc1deb18b9df2d0685c7dcda36f289d9656 Mon Sep 17 00:00:00 2001 From: "sheel.bajpai" Date: Mon, 28 Jun 2021 08:58:55 +0000 Subject: ONAP Service Mesh compliant modification Issue-ID: OOM-2232 Signed-off-by: sheel.bajpai Change-Id: Ie7416143179b27b64f17088f1983f4477c259cc4 --- common/pom.xml | 12 ++++ .../so/security/HttpHeaderForwarderConfig.java | 57 ++++++++++++++++++ .../HttpHeaderForwarderHandlerInterceptor.java | 68 ++++++++++++++++++++++ .../HttpHeaderForwarderRequestInterceptor.java | 47 +++++++++++++++ .../SoNoAuthWebSecurityConfigurerAdapter.java | 2 +- 5 files changed, 185 insertions(+), 1 deletion(-) create mode 100644 common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java create mode 100644 common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java create mode 100644 common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java diff --git a/common/pom.xml b/common/pom.xml index f42033b152..a6e8a79f56 100644 --- a/common/pom.xml +++ b/common/pom.xml @@ -15,6 +15,7 @@ 3.10.0 4.1.30.Final 1.1.2 + 2.0.2.RELEASE @@ -300,6 +301,10 @@ org.ehcache ehcache + + org.springframework.cloud + spring-cloud-starter-sleuth + @@ -310,6 +315,13 @@ pom import + + org.springframework.cloud + spring-cloud-sleuth + ${spring-cloud-sleuth.version} + pom + import + diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java new file mode 100644 index 0000000000..6340b1c6fb --- /dev/null +++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderConfig.java @@ -0,0 +1,57 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Orange. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import java.util.ArrayList; +import java.util.List; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.http.client.ClientHttpRequestInterceptor; +import org.springframework.util.CollectionUtils; +import org.springframework.web.client.RestTemplate; +import org.springframework.web.servlet.config.annotation.InterceptorRegistry; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +/** + * @author Sheel Bajpai (sheel.bajpai@orange.com) + * + */ +@Configuration +@Profile("serviceMesh") +class HttpHeaderForwarderConfig implements WebMvcConfigurer { + @Bean + public RestTemplate restTemplate() { + RestTemplate restTemplate = new RestTemplate(); + + List interceptors = restTemplate.getInterceptors(); + if (CollectionUtils.isEmpty(interceptors)) + interceptors = new ArrayList<>(); + + interceptors.add(new HttpHeaderForwarderRequestInterceptor()); + restTemplate.setInterceptors(interceptors); + return restTemplate; + } + + @Override + public void addInterceptors(InterceptorRegistry registry) { + registry.addInterceptor(new HttpHeaderForwarderHandlerInterceptor()); + } +} diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java new file mode 100644 index 0000000000..da01e5e1cf --- /dev/null +++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderHandlerInterceptor.java @@ -0,0 +1,68 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Orange. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.function.Function; +import java.util.stream.Collectors; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.springframework.web.servlet.ModelAndView; +import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; +import com.google.common.collect.ImmutableSet; + +/** + * @author Sheel Bajpai (sheel.bajpai@orange.com) + * + */ + +public class HttpHeaderForwarderHandlerInterceptor extends HandlerInterceptorAdapter { + + private static final ThreadLocal>> HEADERS_THREAD_LOCAL = new ThreadLocal<>(); + + private static final Set FORWARDED_HEADER_NAMES = ImmutableSet.of("authorization", "x-request-id", + "x-b3-traceid", "x-b3-spanid", "x-b3-parentspanid", "x-b3-sampled", "x-b3-flags", "x-ot-span-context"); + + @Override + public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) + throws Exception { + + Map> headerMap = Collections.list(request.getHeaderNames()).stream() + .map(String::toLowerCase).filter(FORWARDED_HEADER_NAMES::contains) + .collect(Collectors.toMap(Function.identity(), h -> Collections.list(request.getHeaders(h)))); + + HEADERS_THREAD_LOCAL.set(headerMap); + return super.preHandle(request, response, handler); + } + + @Override + public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, + ModelAndView modelAndView) throws Exception { + HEADERS_THREAD_LOCAL.remove(); + } + + static Map> getHeaders() { + return HEADERS_THREAD_LOCAL.get(); + } + +} diff --git a/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java new file mode 100644 index 0000000000..18a3f3deda --- /dev/null +++ b/common/src/main/java/org/onap/so/security/HttpHeaderForwarderRequestInterceptor.java @@ -0,0 +1,47 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2021 Orange. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.so.security; + +import java.io.IOException; +import java.util.List; +import java.util.Map; +import org.springframework.http.HttpRequest; +import org.springframework.http.client.ClientHttpRequestExecution; +import org.springframework.http.client.ClientHttpRequestInterceptor; +import org.springframework.http.client.ClientHttpResponse; + +/** + * @author Sheel Bajpai (sheel.bajpai@orange.com) + * + */ + +public class HttpHeaderForwarderRequestInterceptor implements ClientHttpRequestInterceptor { + + @Override + public ClientHttpResponse intercept(HttpRequest request, byte[] body, ClientHttpRequestExecution execution) + throws IOException { + + Map> headerMap = HttpHeaderForwarderHandlerInterceptor.getHeaders(); + if (headerMap != null && !headerMap.isEmpty()) + request.getHeaders().putAll(HttpHeaderForwarderHandlerInterceptor.getHeaders()); + return execution.execute(request, body); + } + +} diff --git a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java index b3e4842bbd..4a112b9687 100644 --- a/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java +++ b/common/src/main/java/org/onap/so/security/SoNoAuthWebSecurityConfigurerAdapter.java @@ -34,7 +34,7 @@ import org.springframework.security.web.firewall.StrictHttpFirewall; @EnableWebSecurity @Configuration @Order(2) -@Profile({"aaf", "test"}) +@Profile({"aaf", "test", "serviceMesh"}) public class SoNoAuthWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { @Override public void configure(final WebSecurity web) throws Exception { -- cgit 1.2.3-korg