From c91aac4825b873442f0636ef9f4cb4f3c1a675ef Mon Sep 17 00:00:00 2001 From: MichaelMorris Date: Wed, 31 Jul 2019 13:28:48 +0000 Subject: Add oauth for calls from VNFM adapter to VNFM Change-Id: I0e6ba16bbeab457ec0c1985e345e26f544434667 Issue-ID: SO-2169 Signed-off-by: MichaelMorris --- vnfm-simulator/vnfm-service/pom.xml | 5 +++ .../simulator/oauth/AuthorizationServerConfig.java | 28 +++++++++++++ .../oauth/JsonSerializerConfiguration.java | 49 ++++++++++++++++++++++ .../simulator/oauth/OAuth2AccessTokenAdapter.java | 31 ++++++++++++++ .../simulator/oauth/OAuth2ResourceServer.java | 36 ++++++++++++++++ 5 files changed, 149 insertions(+) create mode 100644 vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/AuthorizationServerConfig.java create mode 100644 vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/JsonSerializerConfiguration.java create mode 100644 vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2AccessTokenAdapter.java create mode 100644 vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2ResourceServer.java (limited to 'vnfm-simulator/vnfm-service') diff --git a/vnfm-simulator/vnfm-service/pom.xml b/vnfm-simulator/vnfm-service/pom.xml index 7beccb6561..1e3244bae4 100644 --- a/vnfm-simulator/vnfm-service/pom.xml +++ b/vnfm-simulator/vnfm-service/pom.xml @@ -43,6 +43,11 @@ spring-boot-devtools runtime + + org.springframework.security.oauth + spring-security-oauth2 + 2.3.6.RELEASE + junit junit diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/AuthorizationServerConfig.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/AuthorizationServerConfig.java new file mode 100644 index 0000000000..5d2c310635 --- /dev/null +++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/AuthorizationServerConfig.java @@ -0,0 +1,28 @@ +package org.onap.svnfm.simulator.oauth; + +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer; +import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer; + +@Configuration +@EnableAuthorizationServer +@Profile("oauth-authentication") +/** + * Configures the authorization server for oauth token based authentication when the spring profile + * "oauth-authentication" is active + */ +public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter { + + private static final int ONE_DAY = 60 * 60 * 24; + + @Override + public void configure(final ClientDetailsServiceConfigurer clients) throws Exception { + clients.inMemory().withClient("vnfmadapter") + .secret("$2a$10$dHzTlqSBcm8hdO52LBvnX./zNTvUzzJy.lZrc4bCBL5gkln0wX6T6") + .authorizedGrantTypes("client_credentials").scopes("write").accessTokenValiditySeconds(ONE_DAY) + .refreshTokenValiditySeconds(ONE_DAY); + } + +} diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/JsonSerializerConfiguration.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/JsonSerializerConfiguration.java new file mode 100644 index 0000000000..d6eda28eb6 --- /dev/null +++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/JsonSerializerConfiguration.java @@ -0,0 +1,49 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ +package org.onap.svnfm.simulator.oauth; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; +import java.util.ArrayList; +import java.util.Collection; +import org.springframework.boot.autoconfigure.http.HttpMessageConverters; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.http.converter.HttpMessageConverter; +import org.springframework.http.converter.json.GsonHttpMessageConverter; +import org.springframework.security.oauth2.common.OAuth2AccessToken; + +/** + * Configures message converter + */ +@Configuration +public class JsonSerializerConfiguration { + + @Bean + public HttpMessageConverters customConverters() { + final Collection> messageConverters = new ArrayList<>(); + + final Gson gson = new GsonBuilder() + .registerTypeHierarchyAdapter(OAuth2AccessToken.class, new OAuth2AccessTokenAdapter()).create(); + final GsonHttpMessageConverter gsonHttpMessageConverter = new GsonHttpMessageConverter(gson); + messageConverters.add(gsonHttpMessageConverter); + return new HttpMessageConverters(true, messageConverters); + } +} diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2AccessTokenAdapter.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2AccessTokenAdapter.java new file mode 100644 index 0000000000..7bccffa2e0 --- /dev/null +++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2AccessTokenAdapter.java @@ -0,0 +1,31 @@ +package org.onap.svnfm.simulator.oauth; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonSerializationContext; +import com.google.gson.JsonSerializer; +import java.lang.reflect.Type; +import org.springframework.security.oauth2.common.OAuth2AccessToken; + +public class OAuth2AccessTokenAdapter implements JsonSerializer { + + @Override + public JsonElement serialize(final OAuth2AccessToken src, final Type typeOfSrc, + final JsonSerializationContext context) { + final JsonObject obj = new JsonObject(); + obj.addProperty(OAuth2AccessToken.ACCESS_TOKEN, src.getValue()); + obj.addProperty(OAuth2AccessToken.TOKEN_TYPE, src.getTokenType()); + if (src.getRefreshToken() != null) { + obj.addProperty(OAuth2AccessToken.REFRESH_TOKEN, src.getRefreshToken().getValue()); + } + obj.addProperty(OAuth2AccessToken.EXPIRES_IN, src.getExpiresIn()); + final JsonArray scopeObj = new JsonArray(); + for (final String scope : src.getScope()) { + scopeObj.add(scope); + } + obj.add(OAuth2AccessToken.SCOPE, scopeObj); + + return obj; + } +} diff --git a/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2ResourceServer.java b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2ResourceServer.java new file mode 100644 index 0000000000..18fb1a9461 --- /dev/null +++ b/vnfm-simulator/vnfm-service/src/main/java/org/onap/svnfm/simulator/oauth/OAuth2ResourceServer.java @@ -0,0 +1,36 @@ +/*- + * ============LICENSE_START======================================================= + * Copyright (C) 2019 Nordix Foundation. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * SPDX-License-Identifier: Apache-2.0 + * ============LICENSE_END========================================================= + */ + +package org.onap.svnfm.simulator.oauth; + +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; +import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer; +import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter; + +@Configuration +@EnableResourceServer +@Profile("oauth-authentication") +/** + * Enforces oauth token based authentication when the spring profile "oauth-authentication" is active + */ +public class OAuth2ResourceServer extends ResourceServerConfigurerAdapter { + +} -- cgit 1.2.3-korg