2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
7 * ================================================================================
8 * Modifications Copyright (c) 2019 Samsung
9 * ================================================================================
10 * Licensed under the Apache License, Version 2.0 (the "License");
11 * you may not use this file except in compliance with the License.
12 * You may obtain a copy of the License at
14 * http://www.apache.org/licenses/LICENSE-2.0
16 * Unless required by applicable law or agreed to in writing, software
17 * distributed under the License is distributed on an "AS IS" BASIS,
18 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19 * See the License for the specific language governing permissions and
20 * limitations under the License.
21 * ============LICENSE_END============================================
22 * ===================================================================
26 package org.onap.clamp.clds.config;
28 import com.att.eelf.configuration.EELFLogger;
29 import com.att.eelf.configuration.EELFManager;
31 import java.io.IOException;
33 import org.onap.clamp.clds.exception.CldsConfigException;
34 import org.onap.clamp.clds.exception.CldsUsersException;
35 import org.onap.clamp.clds.service.CldsUser;
36 import org.springframework.beans.factory.annotation.Autowired;
37 import org.springframework.beans.factory.annotation.Value;
38 import org.springframework.context.annotation.Configuration;
39 import org.springframework.context.annotation.Profile;
40 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
41 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
42 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
43 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
44 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
45 import org.springframework.security.crypto.password.PasswordEncoder;
48 * This class is used to enable the HTTP authentication to login. It requires a
49 * specific JSON file containing the user definition
50 * (classpath:clds/clds-users.json).
54 @Profile("clamp-default-user")
55 public class DefaultUserConfiguration extends WebSecurityConfigurerAdapter {
57 protected static final EELFLogger logger = EELFManager.getInstance().getLogger(DefaultUserConfiguration.class);
58 protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
59 private static final String SETUP_WEB_USERS_EXCEPTION_MSG = "Exception occurred during the setup of the Web users in memory";
61 private ClampProperties refProp;
62 @Value("${clamp.config.security.permission.type.cl:permission-type-cl}")
63 private String cldsPersmissionTypeCl;
64 @Value("${CLDS_PERMISSION_INSTANCE:dev}")
65 private String cldsPermissionInstance;
66 @Value("${clamp.config.security.encoder:bcrypt}")
67 private String cldsEncoderMethod;
68 @Value("${clamp.config.security.encoder.bcrypt.strength:10}")
69 private Integer cldsBcryptEncoderStrength;
72 * This method configures on which URL the authorization will be enabled.
75 protected void configure(HttpSecurity http) {
77 http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
78 .authenticated().anyRequest().permitAll().and().logout()
79 .logoutUrl("/restservices/clds/v1/user/logout").logoutSuccessUrl("/index.html")
80 .invalidateHttpSession(true).deleteCookies("JSESSIONID").and().sessionManagement()
83 } catch (Exception e) {
84 logger.error(SETUP_WEB_USERS_EXCEPTION_MSG, e);
85 throw new CldsUsersException(SETUP_WEB_USERS_EXCEPTION_MSG, e);
90 * This method is called by the framework and is used to load all the users
91 * defined in cldsUsersFile variable (this file path can be configured in the
92 * application.properties).
94 * @param auth authentication manager builder
97 public void configureGlobal(AuthenticationManagerBuilder auth) {
98 // configure algorithm used for password hashing
99 final PasswordEncoder passwordEncoder = getPasswordEncoder();
102 CldsUser[] usersList = loadUsers();
104 if (null == usersList) {
105 logger.warn("No users defined. Users should be defined under clds-users.json");
108 for (CldsUser user : usersList) {
109 auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
110 .authorities(user.getPermissionsString()).and().passwordEncoder(passwordEncoder);
112 } catch (Exception e) {
113 logger.error(SETUP_WEB_USERS_EXCEPTION_MSG, e);
114 throw new CldsUsersException(SETUP_WEB_USERS_EXCEPTION_MSG, e);
119 * This method loads physically the JSON file and convert it to an Array of
122 * @return The array of CldsUser
123 * @throws IOException In case of the file is not found
125 private CldsUser[] loadUsers() throws IOException {
126 logger.info("Load from clds-users.properties");
127 return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
131 * This methods returns the chosen encoder for password hashing.
133 private PasswordEncoder getPasswordEncoder() {
134 if ("bcrypt".equals(cldsEncoderMethod)) {
135 return new BCryptPasswordEncoder(cldsBcryptEncoderStrength);
137 throw new CldsConfigException(
138 "Invalid clamp.config.security.encoder value. 'bcrypt' is the only option at this time.");