From 3cc4c5bf37b4ae20a9809c329ad8aa1889aadbdd Mon Sep 17 00:00:00 2001 From: "k.kazak" Date: Fri, 19 Jul 2019 14:59:18 +0200 Subject: basic auth for so-monitoring Add basic auth for so-monitoring app Issue submitted in pentest report Change-Id: I8e826da9b9f66e893826fd9b40b3b26623b2ab8d Issue-ID: OJSI-169 Signed-off-by: k.kazak --- so-monitoring/so-monitoring-service/pom.xml | 4 +++ .../so/monitoring/rest/api/UserController.java | 35 +++++++++++++++++++ .../monitoring/rest/api/WebApplicationConfig.java | 9 ++--- .../monitoring/rest/api/WebSecurityConfigImpl.java | 39 ++++++++++++++++++++++ .../src/main/resources/application.yaml | 7 ++++ 5 files changed, 90 insertions(+), 4 deletions(-) create mode 100644 so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/UserController.java create mode 100644 so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebSecurityConfigImpl.java (limited to 'so-monitoring/so-monitoring-service') diff --git a/so-monitoring/so-monitoring-service/pom.xml b/so-monitoring/so-monitoring-service/pom.xml index ff70a77239..f5448aaf5c 100644 --- a/so-monitoring/so-monitoring-service/pom.xml +++ b/so-monitoring/so-monitoring-service/pom.xml @@ -64,6 +64,10 @@ spring-boot-configuration-processor compile + + org.springframework.boot + spring-boot-starter-security + diff --git a/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/UserController.java b/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/UserController.java new file mode 100644 index 0000000000..3959631f94 --- /dev/null +++ b/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/UserController.java @@ -0,0 +1,35 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Samsung + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.so.monitoring.rest.api; + +import java.security.Principal; +import org.springframework.web.bind.annotation.CrossOrigin; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RestController; + +@RestController +public class UserController { + + @RequestMapping("/user") + public Principal user(Principal user) { + return user; + } +} diff --git a/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebApplicationConfig.java b/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebApplicationConfig.java index cadd60b0d9..2b53ed8953 100644 --- a/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebApplicationConfig.java +++ b/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebApplicationConfig.java @@ -2,7 +2,9 @@ * ============LICENSE_START======================================================= * Copyright (C) 2018 Ericsson. All rights reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); + * Modifications Copyright (c) 2019 Samsung + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * @@ -21,16 +23,15 @@ package org.onap.so.monitoring.rest.api; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; /** * @author waqas.ikram@ericsson.com */ @Configuration -public class WebApplicationConfig extends WebMvcConfigurerAdapter { +public class WebApplicationConfig implements WebMvcConfigurer { @Override public void addViewControllers(final ViewControllerRegistry registry) { - super.addViewControllers(registry); registry.addViewController("/details/**").setViewName("forward:/"); } } diff --git a/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebSecurityConfigImpl.java b/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebSecurityConfigImpl.java new file mode 100644 index 0000000000..298f52bd35 --- /dev/null +++ b/so-monitoring/so-monitoring-service/src/main/java/org/onap/so/monitoring/rest/api/WebSecurityConfigImpl.java @@ -0,0 +1,39 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Samsung + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.so.monitoring.rest.api; + +import org.onap.so.security.WebSecurityConfig; +import org.springframework.context.annotation.Configuration; +import org.springframework.core.annotation.Order; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; + +@EnableWebSecurity +@Configuration("att-security-config") +@Order(2) +public class WebSecurityConfigImpl extends WebSecurityConfig { + + @Override + protected void configure(HttpSecurity http) throws Exception { + http.authorizeRequests().antMatchers("/actuator", "/actuator/*", "/login", "/", "/index.html", "/*.js", + "/*.js.map", "/favicon.png").permitAll().anyRequest().authenticated().and().httpBasic(); + } +} diff --git a/so-monitoring/so-monitoring-service/src/main/resources/application.yaml b/so-monitoring/so-monitoring-service/src/main/resources/application.yaml index 8235c7480a..347845e422 100644 --- a/so-monitoring/so-monitoring-service/src/main/resources/application.yaml +++ b/so-monitoring/so-monitoring-service/src/main/resources/application.yaml @@ -16,3 +16,10 @@ mso: url: http://so-request-db-adapter.onap:8083/infraActiveRequests/ auth: Basic YnBlbDpwYXNzd29yZDEk +spring: + security: + usercredentials: + - + username: gui + password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke' + role: GUI-Client -- cgit 1.2.3-korg