Change-Id: I5ed802c35ade8ba5da4d21f2a8c22d0198490885
Signed-off-by: ac2550 <ac2550@intl.att.com>
Issue-ID: CLAMP-143
-You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`
\ No newline at end of file
+You can see the swagger definition for the jaxrs apis at `/restservices/clds/v1/openapi.json`\r
+\r
+\r
+## Clamp Credentials\r
+\r
+Credentials should be specified in `src/main/resources/clds/clds-users.json`. You might specify you own credential file by redefining the `clamp.config.files.cldsUsers` in `application.properties`.\r
+\r
+Passwords should be hashed using md5, then using Bcrypt :\r
+```\r
+# pip3 install bcrypt # if you don't have the bcrypt python lib installed, should be done once.\r
+# python3 -c 'import bcrypt; import hashlib; m = hashlib.md5(); m.update("password".encode()); m.hexdigest(); print(bcrypt.hashpw(m.hexdigest().encode(), bcrypt.gensalt(rounds=10, prefix=b"2a")))'\r
+```\r
+\r
+Default credentials are admin/password and cs0008/password.\r
+\r
+\r
import org.onap.clamp.clds.config.ClampProperties;
import org.onap.clamp.clds.config.CldsUserJsonDecoder;
import org.onap.clamp.clds.config.ClampProperties;
import org.onap.clamp.clds.config.CldsUserJsonDecoder;
+import org.onap.clamp.clds.exception.CldsConfigException;
import org.onap.clamp.clds.exception.CldsUsersException;
import org.onap.clamp.clds.service.CldsUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.onap.clamp.clds.exception.CldsUsersException;
import org.onap.clamp.clds.service.CldsUser;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.security.crypto.password.PasswordEncoder;
/**
* This class is used to enable the HTTP authentication to login. It requires a
/**
* This class is used to enable the HTTP authentication to login. It requires a
private String cldsPersmissionTypeCl;
@Value("${CLDS_PERMISSION_INSTANCE:dev}")
private String cldsPermissionInstance;
private String cldsPersmissionTypeCl;
@Value("${CLDS_PERMISSION_INSTANCE:dev}")
private String cldsPermissionInstance;
+ @Value("${clamp.config.security.encoder:bcrypt}")
+ private String cldsEncoderMethod;
+ @Value("${clamp.config.security.encoder.bcrypt.strength:10}")
+ private Integer cldsBcryptEncoderStrength;
/**
* This method configures on which URL the authorization will be enabled.
/**
* This method configures on which URL the authorization will be enabled.
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) {
+ // configure algorithm used for password hashing
+ final PasswordEncoder passwordEncoder = getPasswordEncoder();
+
try {
CldsUser[] usersList = loadUsers();
// no users defined
try {
CldsUser[] usersList = loadUsers();
// no users defined
}
for (CldsUser user : usersList) {
auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
}
for (CldsUser user : usersList) {
auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
- .roles(user.getPermissionsString());
+ .roles(user.getPermissionsString()).and().passwordEncoder(passwordEncoder);
}
} catch (Exception e) {
logger.error("Exception occurred during the setup of the Web users in memory", e);
}
} catch (Exception e) {
logger.error("Exception occurred during the setup of the Web users in memory", e);
logger.info("Load from clds-users.properties");
return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
}
logger.info("Load from clds-users.properties");
return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
}
+
+ /**
+ * This methods returns the chosen encoder for password hashing.
+ */
+ private PasswordEncoder getPasswordEncoder() {
+ if ("bcrypt".equals(cldsEncoderMethod)) {
+ return new BCryptPasswordEncoder(cldsBcryptEncoderStrength);
+ } else {
+ throw new CldsConfigException("Invalid clamp.config.security.encoder value. Must be one of [bcrypt, none]");
+ }
+ }
- "password":"5f4dcc3b5aa765d61d8327deb882cf99",
+ "password":"$2a$10$j7wM0G1gcpJTJygRY2ZG8O2HafSwlvM.tIb18/eusVPKBhrpwB6xC",
"permissions":
[
"permission-type-cl|dev|read",
"permissions":
[
"permission-type-cl|dev|read",
- "password":"5f4dcc3b5aa765d61d8327deb882cf99",
+ "password":"$2a$10$j7wM0G1gcpJTJygRY2ZG8O2HafSwlvM.tIb18/eusVPKBhrpwB6xC",
"permissions":
[
"permission-type-cl|dev|read",
"permissions":
[
"permission-type-cl|dev|read",
"permission-type-template|dev|update"
]
}
"permission-type-template|dev|update"
]
}
-]
\ No newline at end of file