ms/vlantag-api/src/main/java/org/onap/ccsdk/apps/ms/vlantagapi/core/ApplicationSecurityConfig.java

   1 /*******************************************************************************\r
   2  * Copyright © 2017-2018 AT&T Intellectual Property.\r
   3  * \r
   4  * Licensed under the Apache License, Version 2.0 (the "License");\r
   5  * you may not use this file except in compliance with the License.\r
   6  * You may obtain a copy of the License at\r
   7  * \r
   8  *     http://www.apache.org/licenses/LICENSE-2.0\r
   9  * \r
  10  * Unless required by applicable law or agreed to in writing, software\r
  11  * distributed under the License is distributed on an "AS IS" BASIS,\r
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  13  * See the License for the specific language governing permissions and\r
  14  * limitations under the License.\r
  15  ******************************************************************************/\r
  16 package org.onap.ccsdk.apps.ms.vlantagapi.core;\r
  17 \r
  18 import java.util.ArrayList;\r
  19 import java.util.Base64;\r
  20 import java.util.List;\r
  21 import org.slf4j.Logger;\r
  22 import org.slf4j.LoggerFactory;\r
  23 import org.springframework.beans.factory.annotation.Autowired;\r
  24 import org.springframework.context.annotation.Configuration;\r
  25 import org.springframework.core.env.Environment;\r
  26 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\r
  27 import org.springframework.security.config.annotation.web.builders.HttpSecurity;\r
  28 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\r
  29 import org.springframework.security.config.http.SessionCreationPolicy;\r
  30 import org.springframework.security.core.userdetails.User;\r
  31 import org.springframework.security.core.userdetails.UserDetails;\r
  32 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;\r
  33 import org.springframework.security.crypto.factory.PasswordEncoderFactories;\r
  34 import org.springframework.security.crypto.password.PasswordEncoder;\r
  35 import org.springframework.security.provisioning.InMemoryUserDetailsManager;\r
  36 \r
  37 /**\r
  38  * ApplicationSecurityConfig.java Purpose: Configures and validates\r
  39  * Application Security configurations\r
  40  * \r
  41  * @author Saurav Paira\r
  42  * @version 1.0\r
  43  */\r
  44 @Configuration\r
  45 public class ApplicationSecurityConfig extends WebSecurityConfigurerAdapter{\r
  46         private Logger logger = LoggerFactory.getLogger(ApplicationSecurityConfig.class);\r
  47          \r
  48         @Autowired\r
  49         private Environment environment;\r
  50 \r
  51         @Override\r
  52         protected void configure(AuthenticationManagerBuilder auth) throws Exception {\r
  53                 List<UserDetails> userDetails = new ArrayList<>();\r
  54                 \r
  55                 // Explicitly set bcrypt password encoder rather than using default\r
  56                 PasswordEncoder encoder = new BCryptPasswordEncoder();\r
  57         final User.UserBuilder userBuilder = User.builder().passwordEncoder(encoder::encode);\r
  58 \r
  59                 String authString = environment.getProperty("application.authToken");\r
  60                 String[] tokens = authString.split(";");\r
  61                 for (int i = 0; i < tokens.length; i++) {\r
  62                         String token = tokens[i];\r
  63                         String[] cred = token.split("~"); \r
  64                         String[] uidpwdarr = decode(cred[0]);\r
  65                         logger.info("------uid/pwd ----------------{}, {}",uidpwdarr[0],uidpwdarr[1]);  \r
  66                         \r
  67                         UserDetails user = userBuilder\r
  68                     .username(uidpwdarr[0])\r
  69                     .password(uidpwdarr[1])\r
  70                     .roles(cred[1])\r
  71                     .build();\r
  72                         \r
  73                         userDetails.add(user);\r
  74                 }\r
  75                 \r
  76                 logger.info("-------------------------------{}",userDetails);\r
  77                 auth.userDetailsService(inMemoryUserDetailsManager(userDetails));\r
  78         }\r
  79         \r
  80     \r
  81     public InMemoryUserDetailsManager inMemoryUserDetailsManager(List<UserDetails> userDetails) {           \r
  82         return new InMemoryUserDetailsManager(userDetails);\r
  83     }\r
  84 \r
  85         @Override\r
  86         protected void configure(HttpSecurity http) throws Exception {\r
  87                 http.authorizeRequests().anyRequest().fullyAuthenticated();\r
  88             http.httpBasic().and().sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);\r
  89                 http.csrf().disable();\r
  90         }\r
  91         \r
  92     private static String[] decode(String encoded) {\r
  93         final byte[] decodedBytes \r
  94                 = Base64.getDecoder().decode(encoded.getBytes());\r
  95         final String pair = new String(decodedBytes);\r
  96         return pair.split(":", 2);\r
  97     }\r
  98 \r
  99 }\r