ms/vlantag-api/src/main/java/org/onap/ccsdk/apps/ms/vlantagapi/core/ApplicationSecurityConfig.java

   1 /*******************************************************************************\r
   2  * Copyright © 2017-2018 AT&T Intellectual Property.\r
   3  * \r
   4  * Licensed under the Apache License, Version 2.0 (the "License");\r
   5  * you may not use this file except in compliance with the License.\r
   6  * You may obtain a copy of the License at\r
   7  * \r
   8  *     http://www.apache.org/licenses/LICENSE-2.0\r
   9  * \r
  10  * Unless required by applicable law or agreed to in writing, software\r
  11  * distributed under the License is distributed on an "AS IS" BASIS,\r
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  13  * See the License for the specific language governing permissions and\r
  14  * limitations under the License.\r
  15  ******************************************************************************/\r
  16 package org.onap.ccsdk.apps.ms.vlantagapi.core;\r
  17 \r
  18 import java.util.ArrayList;\r
  19 import java.util.Base64;\r
  20 import java.util.List;\r
  21 import org.slf4j.Logger;\r
  22 import org.slf4j.LoggerFactory;\r
  23 import org.springframework.beans.factory.annotation.Autowired;\r
  24 import org.springframework.context.annotation.Bean;\r
  25 import org.springframework.context.annotation.Configuration;\r
  26 import org.springframework.core.env.Environment;\r
  27 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\r
  28 import org.springframework.security.config.annotation.web.builders.HttpSecurity;\r
  29 import org.springframework.security.config.http.SessionCreationPolicy;\r
  30 import org.springframework.security.core.userdetails.User;\r
  31 import org.springframework.security.core.userdetails.UserDetails;\r
  32 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\r
  33 import org.springframework.security.crypto.factory.PasswordEncoderFactories;\r
  34 import org.springframework.security.crypto.password.PasswordEncoder;\r
  35 import org.springframework.security.provisioning.InMemoryUserDetailsManager;\r
  36 import org.springframework.security.web.SecurityFilterChain;\r
  37 \r
  38 /**\r
  39  * ApplicationSecurityConfig.java Purpose: Configures and validates\r
  40  * Application Security configurations\r
  41  * \r
  42  * @author Saurav Paira\r
  43  * @version 1.0\r
  44  */\r
  45 @Configuration\r
  46 public class ApplicationSecurityConfig {\r
  47         private Logger logger = LoggerFactory.getLogger(ApplicationSecurityConfig.class);\r
  48          \r
  49         @Autowired\r
  50         private Environment environment;\r
  51 \r
  52         @Bean\r
  53         public InMemoryUserDetailsManager userDetailsService() {\r
  54                 List<UserDetails> userDetails = new ArrayList<>();\r
  55                 \r
  56                 // Explicitly set bcrypt password encoder rather than using default\r
  57                 PasswordEncoder encoder = new BCryptPasswordEncoder();\r
  58         final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);\r
  59 \r
  60                 String authString = environment.getProperty("application.authToken");\r
  61                 String[] tokens = authString.split(";");\r
  62                 for (int i = 0; i < tokens.length; i++) {\r
  63                         String token = tokens[i];\r
  64                         String[] cred = token.split("~"); \r
  65                         String[] uidpwdarr = decode(cred[0]);\r
  66                         logger.info("------uid/pwd ----------------{}, {}",uidpwdarr[0],uidpwdarr[1]);  \r
  67                         \r
  68                         UserDetails user = userBuilder\r
  69                     .username(uidpwdarr[0])\r
  70                     .password(uidpwdarr[1])\r
  71                     .roles(cred[1])\r
  72                     .build();\r
  73                         \r
  74                         userDetails.add(user);\r
  75                 }\r
  76                 \r
  77                 logger.info("-------------------------------{}",userDetails);\r
  78                 return new InMemoryUserDetailsManager(userDetails);\r
  79         }\r
  80         \r
  81     \r
  82     public InMemoryUserDetailsManager inMemoryUserDetailsManager(List<UserDetails> userDetails) {           \r
  83         return new InMemoryUserDetailsManager(userDetails);\r
  84     }\r
  85 \r
  86         @Bean\r
  87         public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {\r
  88                 http.authorizeHttpRequests().anyRequest().fullyAuthenticated();\r
  89                 http.httpBasic().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);\r
  90                 http.csrf().disable();\r
  91 \r
  92                 return http.build();\r
  93         }\r
  94 \r
  95     private static String[] decode(String encoded) {\r
  96         final byte[] decodedBytes \r
  97                 = Base64.getDecoder().decode(encoded.getBytes());\r
  98         final String pair = new String(decodedBytes);\r
  99         return pair.split(":", 2);\r
 100     }\r
 101 \r
 102 }\r