2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END============================================
20 * ===================================================================
21 * ECOMP is a trademark and service mark of AT&T Intellectual Property.
24 package org.onap.clamp.clds.config;
26 import org.onap.clamp.clds.service.CldsUser;
27 import org.springframework.beans.factory.annotation.Autowired;
28 import org.springframework.beans.factory.annotation.Value;
29 import org.springframework.context.ApplicationContext;
30 import org.springframework.context.annotation.Configuration;
31 import org.springframework.context.annotation.Profile;
32 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
33 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
34 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
35 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
37 import com.att.eelf.configuration.EELFLogger;
38 import com.att.eelf.configuration.EELFManager;
41 * This class is used to enable the HTTP authentication to login. It requires a
42 * specific JSON file containing the user definition
43 * (classpath:etc/config/clds/clds-users.json).
48 @Profile("clamp-spring-authentication")
49 public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter {
51 protected static final EELFLogger logger = EELFManager.getInstance()
52 .getLogger(CldsSecurityConfigUsers.class);
53 protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
56 private ApplicationContext appContext;
58 @Value("${org.onap.clamp.config.files.cldsUsers:'classpath:etc/config/clds/clds-users.json'}")
59 private String cldsUsersFile;
61 @Value("${CLDS_PERMISSION_TYPE_CL:permission-type-cl}")
62 private String cldsPersmissionTypeCl;
64 @Value("${CLDS_PERMISSION_INSTANCE:dev}")
65 private String cldsPermissionInstance;
68 * This method configures on which URL the authorization will be enabled.
71 protected void configure(HttpSecurity http) throws Exception {
72 http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
73 .authenticated().anyRequest().permitAll().and().logout();
77 * This method is called by the framework and is used to load all the users
78 * defined in cldsUsersFile variable (this file path can be configured in
79 * the application.properties).
85 public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
86 CldsUser[] usersList = loadUsers();
89 if (null == usersList) {
90 logger.warn("No users defined. Users should be defined under " + cldsUsersFile);
94 for (CldsUser user : usersList) {
95 auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
96 .roles(user.getPermissionsString());
101 * This method loads physically the JSON file and convert it to an Array of
104 * @return The array of CldsUser
107 private CldsUser[] loadUsers() throws Exception {
108 logger.info("Load from clds-users.properties");
109 return CldsUserJsonDecoder.decodeJson(appContext.getResource(cldsUsersFile).getInputStream());