docker-compose up
```
+### Generate auth credential
+
+Util "crypt_password.py" to generate new cryptographic password is stored in dcaegen2/sdk
+
+```
+python crypt_password.py -p TestPassword
+```
+
### Environment variables in Docker Container
Most of the configuration of how VESCollector should be started and managed is done through environment variables.
Some of them are set during the image build process and some of them are defined manually or by
## To disable enter 0\r
header.authflag=0\r
\r
-## Combination of userid,base64 encoded pwd list to be supported\r
+## Combination of userid,hashPassword encoded pwd list to be supported\r
## userid and pwd comma separated; pipe delimitation between each pair\r
-header.authlist=sample1,c2FtcGxlMQ==\r
+header.authlist=sample1,$2a$10$0buh.2WeYwN868YMwnNNEuNEAMNYVU9.FSMJGyIKV3dGET/7oGOi6\r
\r
## Event transformation Flag - when set expects configurable transformation\r
## defined under ./etc/eventTransform.json\r
}
private Map<String, String> prepareUsersMap(@Nullable String allowedUsers) {
- return allowedUsers == null ? HashMap.empty() : List.ofAll(stream(allowedUsers.split("\\|")))
- .toMap(t -> t.split(",")[0].trim(), t -> new String(Base64.getDecoder().decode(t.split(",")[1])).trim());
+ return allowedUsers == null ? HashMap.empty()
+ : List.of(allowedUsers.split("\\|"))
+ .map(t->t.split(","))
+ .toMap(t-> t[0].trim(), t -> t[1].trim());
}
private String findOutConfigurationFileLocation(Map<String, String> parsedArgs) {
package org.onap.dcae.restapi;
import io.vavr.control.Option;
+import java.io.IOException;
+import java.util.Base64;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
import org.onap.dcae.ApplicationSettings;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Base64;
-
final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
+ private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
private final ApplicationSettings applicationSettings;
private Logger errorLog;
String providedPassword = decodedData.split(":")[1].trim();
Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
boolean userRegistered = maybeSavedPassword.isDefined();
- return userRegistered && maybeSavedPassword.get().equals(providedPassword);
+ return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get());
} catch (Exception e) {
LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
authorizationHeader), e);
return false;
}
}
-}
+}
\ No newline at end of file
@EnableWebMvc
@Configuration
public class ApiConfiguration implements WebMvcConfigurer {
+
private final ApplicationSettings applicationSettings;
private Logger errorLogger;
).validAuthorizationCredentials();
// then
- assertEquals(allowedUsers.get("pasza").get(), "simplepassword");
- assertEquals(allowedUsers.get("someoneelse").get(), "simplepassword");
+ assertEquals(allowedUsers.get("pasza").get(), "c2ltcGxlcGFzc3dvcmQNCg==");
+ assertEquals(allowedUsers.get("someoneelse").get(), "c2ltcGxlcGFzc3dvcmQNCg==");
}
@Test
when(settings.keystoreFileLocation()).thenReturn(KEYSTORE.toString());
when(settings.keystorePasswordFileLocation()).thenReturn(KEYSTORE_PASSWORD_FILE.toString());
when(settings.authorizationEnabled()).thenReturn(true);
- when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, PASSWORD));
+ when(settings.validAuthorizationCredentials()).thenReturn(HashMap.of(USERNAME, "$2a$10$51tDgG2VNLde5E173Ay/YO.Fq.aD.LR2Rp8pY3QAKriOSPswvGviy"));
}
}
public void shouldSucceed() throws IOException {
// given
final HttpServletRequest request = createRequestWithAuthorizationHeader();
-
when(settings.authorizationEnabled()).thenReturn(true);
- when(settings.validAuthorizationCredentials()).thenReturn(CREDENTIALS);
+ when(settings.validAuthorizationCredentials()).thenReturn(
+ HashMap.of(USERNAME, "$2a$10$BsZkEynNm/93wbAeeZuxJeu6IHRyQl4XReqDg2BtYOFDhUsz20.3G"));
when(response.getWriter()).thenReturn(writer);
// when