1 /*******************************************************************************
\r
2 * Copyright © 2017-2018 AT&T Intellectual Property.
\r
4 * Licensed under the Apache License, Version 2.0 (the "License");
\r
5 * you may not use this file except in compliance with the License.
\r
6 * You may obtain a copy of the License at
\r
8 * http://www.apache.org/licenses/LICENSE-2.0
\r
10 * Unless required by applicable law or agreed to in writing, software
\r
11 * distributed under the License is distributed on an "AS IS" BASIS,
\r
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
13 * See the License for the specific language governing permissions and
\r
14 * limitations under the License.
\r
15 ******************************************************************************/
\r
16 package org.onap.ccsdk.apps.ms.vlantagapi.core;
\r
18 import java.util.ArrayList;
\r
19 import java.util.Base64;
\r
20 import java.util.List;
\r
21 import org.slf4j.Logger;
\r
22 import org.slf4j.LoggerFactory;
\r
23 import org.springframework.beans.factory.annotation.Autowired;
\r
24 import org.springframework.context.annotation.Configuration;
\r
25 import org.springframework.core.env.Environment;
\r
26 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
\r
27 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
\r
28 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
\r
29 import org.springframework.security.config.http.SessionCreationPolicy;
\r
30 import org.springframework.security.core.userdetails.User;
\r
31 import org.springframework.security.core.userdetails.UserDetails;
\r
32 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
\r
33 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
\r
34 import org.springframework.security.crypto.password.PasswordEncoder;
\r
35 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
\r
38 * ApplicationSecurityConfig.java Purpose: Configures and validates
\r
39 * Application Security configurations
\r
41 * @author Saurav Paira
\r
45 public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter{
\r
46 private Logger logger = LoggerFactory.getLogger(ApplicationSecurityConfig.class);
\r
49 private Environment environment;
\r
52 protected void configure(AuthenticationManagerBuilder auth) throws Exception {
\r
53 List<UserDetails> userDetails = new ArrayList<>();
\r
55 // Explicitly set bcrypt password encoder rather than using default
\r
56 PasswordEncoder encoder = new BCryptPasswordEncoder();
\r
57 final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);
\r
59 String authString = environment.getProperty("application.authToken");
\r
60 String[] tokens = authString.split(";");
\r
61 for (int i = 0; i < tokens.length; i++) {
\r
62 String token = tokens[i];
\r
63 String[] cred = token.split("~");
\r
64 String[] uidpwdarr = decode(cred[0]);
\r
65 logger.info("------uid/pwd ----------------{}, {}",uidpwdarr[0],uidpwdarr[1]);
\r
67 UserDetails user = userBuilder
\r
68 .username(uidpwdarr[0])
\r
69 .password(uidpwdarr[1])
\r
73 userDetails.add(user);
\r
76 logger.info("-------------------------------{}",userDetails);
\r
77 auth.userDetailsService(inMemoryUserDetailsManager(userDetails));
\r
81 public InMemoryUserDetailsManager inMemoryUserDetailsManager(List<UserDetails> userDetails) {
\r
82 return new InMemoryUserDetailsManager(userDetails);
\r
86 protected void configure(HttpSecurity http) throws Exception {
\r
87 http.authorizeRequests().anyRequest().fullyAuthenticated();
\r
88 http.httpBasic().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
\r
89 http.csrf().disable();
\r
92 private static String[] decode(String encoded) {
\r
93 final byte[] decodedBytes
\r
94 = Base64.getDecoder().decode(encoded.getBytes());
\r
95 final String pair = new String(decodedBytes);
\r
96 return pair.split(":", 2);
\r