1 /*******************************************************************************
\r
2 * Copyright © 2017-2018 AT&T Intellectual Property.
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
15 ******************************************************************************/
\r
16 package org.onap.ccsdk.apps.ms.vlantagapi.core;
\r
18 import java.util.ArrayList;
\r
19 import java.util.Base64;
\r
20 import java.util.List;
\r
21 import org.slf4j.Logger;
\r
22 import org.slf4j.LoggerFactory;
\r
23 import org.springframework.beans.factory.annotation.Autowired;
\r
24 import org.springframework.context.annotation.Bean;
\r
25 import org.springframework.context.annotation.Configuration;
\r
26 import org.springframework.core.env.Environment;
\r
27 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
\r
28 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
\r
29 import org.springframework.security.config.http.SessionCreationPolicy;
\r
30 import org.springframework.security.core.userdetails.User;
\r
31 import org.springframework.security.core.userdetails.UserDetails;
\r
32 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
\r
33 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
\r
34 import org.springframework.security.crypto.password.PasswordEncoder;
\r
35 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
\r
36 import org.springframework.security.web.SecurityFilterChain;
\r
39 * ApplicationSecurityConfig.java Purpose: Configures and validates
\r
40 * Application Security configurations
\r
42 * @author Saurav Paira
\r
46 public class ApplicationSecurityConfig {
\r
47 private Logger logger = LoggerFactory.getLogger(ApplicationSecurityConfig.class);
\r
50 private Environment environment;
\r
53 public InMemoryUserDetailsManager userDetailsService() {
\r
54 List<UserDetails> userDetails = new ArrayList<>();
\r
56 // Explicitly set bcrypt password encoder rather than using default
\r
57 PasswordEncoder encoder = new BCryptPasswordEncoder();
\r
58 final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);
\r
60 String authString = environment.getProperty("application.authToken");
\r
61 String[] tokens = authString.split(";");
\r
62 for (int i = 0; i < tokens.length; i++) {
\r
63 String token = tokens[i];
\r
64 String[] cred = token.split("~");
\r
65 String[] uidpwdarr = decode(cred[0]);
\r
66 logger.info("------uid/pwd ----------------{}, {}",uidpwdarr[0],uidpwdarr[1]);
\r
68 UserDetails user = userBuilder
\r
69 .username(uidpwdarr[0])
\r
70 .password(uidpwdarr[1])
\r
74 userDetails.add(user);
\r
77 logger.info("-------------------------------{}",userDetails);
\r
78 return new InMemoryUserDetailsManager(userDetails);
\r
82 public InMemoryUserDetailsManager inMemoryUserDetailsManager(List<UserDetails> userDetails) {
\r
83 return new InMemoryUserDetailsManager(userDetails);
\r
87 public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
\r
88 http.authorizeHttpRequests().anyRequest().fullyAuthenticated();
\r
89 http.httpBasic().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
\r
90 http.csrf().disable();
\r
92 return http.build();
\r
95 private static String[] decode(String encoded) {
\r
96 final byte[] decodedBytes
\r
97 = Base64.getDecoder().decode(encoded.getBytes());
\r
98 final String pair = new String(decodedBytes);
\r
99 return pair.split(":", 2);
\r