From 505b82d23d4340e67f619675bad4580fc3ae050a Mon Sep 17 00:00:00 2001
From: "waqas.ikram" <waqas.ikram@est.tech>
Date: Fri, 7 Feb 2020 16:10:14 +0000
Subject: Fix for SO-2598

Change-Id: If2086de6cb635f39a03927be35fed9c177919211
Issue-ID: SO-2598
Signed-off-by: waqas.ikram <waqas.ikram@est.tech>

Making WebSecurityConfigurerAdapter configurable so that other
components can configure it per there requirement

Change-Id: I8f7674710ff41195946a710b86c7c8d7b52815f8
Signed-off-by: waqas.ikram <waqas.ikram@est.tech>
---
 .../VnfmBasicHttpSecurityConfigurer.java           | 63 ++++++++++++++++++++++
 .../VnfmBasicWebSecurityConfigurerAdapter.java     | 56 -------------------
 2 files changed, 63 insertions(+), 56 deletions(-)
 create mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java
 delete mode 100644 adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java

(limited to 'adapters')

diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java
new file mode 100644
index 0000000000..1e0a18a339
--- /dev/null
+++ b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicHttpSecurityConfigurer.java
@@ -0,0 +1,63 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter;
+
+import org.onap.so.security.HttpSecurityConfigurer;
+import org.onap.so.security.SoUserCredentialConfiguration;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Primary;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.stereotype.Component;
+import org.springframework.util.StringUtils;
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ * @author Gareth Roper (gareth.roper@est.tech)
+ *
+ */
+@Primary
+@Component
+public class VnfmBasicHttpSecurityConfigurer implements HttpSecurityConfigurer {
+
+    @Autowired
+    private SoUserCredentialConfiguration soUserCredentialConfiguration;
+
+    @Value("${server.ssl.client-auth:none}")
+    private String clientAuth;
+
+    @Override
+    public void configure(final HttpSecurity http) throws Exception {
+        if (("need").equalsIgnoreCase(clientAuth)) {
+            http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+        } else {
+            http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+                    .antMatchers(HttpMethod.GET, "/etsi/subscription/notification").permitAll().antMatchers("/**")
+                    .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ","))
+                    .and().httpBasic();
+
+        }
+    }
+}
+
diff --git a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java b/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java
deleted file mode 100644
index a5404607b4..0000000000
--- a/adapters/mso-vnfm-adapter/mso-vnfm-etsi-adapter/src/main/java/org/onap/so/adapters/vnfmadapter/VnfmBasicWebSecurityConfigurerAdapter.java
+++ /dev/null
@@ -1,56 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ONAP - SO
- * ================================================================================
- * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Modifications Copyright (c) 2019 Samsung
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *      http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.so.adapters.vnfmadapter;
-
-import org.onap.so.security.SoBasicWebSecurityConfigurerAdapter;
-import org.onap.so.security.SoUserCredentialConfiguration;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.http.HttpMethod;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-
-/**
- * @author Waqas Ikram (waqas.ikram@est.tech)
- * @author Gareth Roper (gareth.roper@est.tech)
- *
- */
-@EnableWebSecurity
-@Configuration
-public class VnfmBasicWebSecurityConfigurerAdapter extends SoBasicWebSecurityConfigurerAdapter {
-
-    @Value("${server.ssl.client-auth:none}")
-    private String clientAuth;
-    SoUserCredentialConfiguration soUserCredentialConfiguration;
-
-    @Override
-    protected void configure(final HttpSecurity http) throws Exception {
-        if (("need").equalsIgnoreCase(clientAuth)) {
-            http.csrf().disable().authorizeRequests().anyRequest().permitAll();
-        } else {
-            super.configure(http);
-            http.authorizeRequests().antMatchers(HttpMethod.GET, "/etsi/subscription/notification").permitAll();
-        }
-    }
-}
-
-- 
cgit 1.2.3-korg