+++ /dev/null
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.interceptors.pre;
-
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
-import java.util.Optional;
-
-import javax.annotation.Priority;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.container.PreMatching;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-
-import org.onap.aai.TraversalProfiles;
-import org.onap.aai.exceptions.AAIException;
-import org.onap.aai.interceptors.AAIContainerFilter;
-import org.onap.aai.logging.ErrorLogHelper;
-import org.onap.aai.service.AuthorizationService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Profile;
-
-@Profile(TraversalProfiles.ONE_WAY_SSL)
-@PreMatching
-@Priority(AAIRequestFilterPriority.AUTHORIZATION)
-public class OneWaySslAuthorization extends AAIContainerFilter implements ContainerRequestFilter {
-
- @Autowired
- private AuthorizationService authorizationService;
-
- @Override
- public void filter(ContainerRequestContext containerRequestContext) throws IOException {
-
- if (containerRequestContext.getUriInfo().getRequestUri().getPath()
- .matches("^.*/util/echo$")) {
- return;
- }
-
- String basicAuth = containerRequestContext.getHeaderString("Authorization");
- List<MediaType> acceptHeaderValues = containerRequestContext.getAcceptableMediaTypes();
-
- if (basicAuth == null || !basicAuth.startsWith("Basic ")) {
- Optional<Response> responseOptional = errorResponse("AAI_3300", acceptHeaderValues);
- containerRequestContext.abortWith(responseOptional.get());
- return;
- }
-
- basicAuth = basicAuth.replaceAll("Basic ", "");
-
- if (!authorizationService.checkIfUserAuthorized(basicAuth)) {
- Optional<Response> responseOptional = errorResponse("AAI_3300", acceptHeaderValues);
- containerRequestContext.abortWith(responseOptional.get());
- return;
- }
-
- }
-
- private Optional<Response> errorResponse(String errorCode, List<MediaType> acceptHeaderValues) {
- AAIException aaie = new AAIException(errorCode);
- return Optional.of(Response.status(aaie.getErrorObject().getHTTPResponseCode())
- .entity(
- ErrorLogHelper.getRESTAPIErrorResponse(acceptHeaderValues, aaie, new ArrayList<>()))
- .build());
-
- }
-}
+++ /dev/null
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.service;
-
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.util.Base64;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.stream.Stream;
-import javax.annotation.PostConstruct;
-import org.eclipse.jetty.util.security.Password;
-import org.onap.aai.TraversalProfiles;
-import org.onap.aai.util.AAIConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.context.annotation.Profile;
-import org.springframework.stereotype.Service;
-
-@Service
-@Profile(TraversalProfiles.ONE_WAY_SSL)
-public class AuthorizationService {
-
- private static final Logger logger = LoggerFactory.getLogger(AuthorizationService.class);
-
- private final Map<String, String> authorizedUsers = new HashMap<>();
-
- private static final Base64.Encoder ENCODER = Base64.getEncoder();
-
- @PostConstruct
- public void init() {
-
- String basicAuthFile = getBasicAuthFilePath();
-
- try (Stream<String> stream = Files.lines(Path.of(basicAuthFile))) {
- stream.filter(line -> !line.startsWith("#")).forEach(str -> {
- byte[] bytes = null;
-
- String usernamePassword = null;
- String accessType = null;
-
- String[] userAccessType = str.split(",");
-
- if (userAccessType.length != 2) {
- throw new RuntimeException(
- "Please check the realm.properties file as it is not conforming to the basic auth");
- }
-
- usernamePassword = userAccessType[0];
- accessType = userAccessType[1];
-
- String[] usernamePasswordArray = usernamePassword.split(":");
-
- if (usernamePasswordArray.length != 3) {
- throw new RuntimeException(
- "This username / pwd is not a valid entry in realm.properties");
- }
-
- String username = usernamePasswordArray[0];
- String password = null;
-
- if (str.contains("OBF:")) {
- password = usernamePasswordArray[1] + ":" + usernamePasswordArray[2];
- password = Password.deobfuscate(password);
- }
-
- bytes =
- ENCODER.encode((username + ":" + password).getBytes(StandardCharsets.UTF_8));
-
- authorizedUsers.put(new String(bytes), accessType);
-
- authorizedUsers.put(new String(ENCODER.encode(bytes)), accessType);
- });
- } catch (IOException e) {
- logger.error("IO Exception occurred during the reading of realm.properties", e);
- }
- }
-
- public boolean checkIfUserAuthorized(String authorization) {
- return authorizedUsers.containsKey(authorization)
- && "admin".equals(authorizedUsers.get(authorization));
- }
-
- public String getBasicAuthFilePath() {
- return AAIConstants.AAI_HOME_ETC_AUTH + AAIConstants.AAI_FILESEP + "realm.properties";
- }
-}
org.onap.aai.interceptors.pre.RequestTransactionLogging.class,
org.onap.aai.interceptors.pre.HeaderValidation.class,
org.onap.aai.interceptors.pre.HttpHeaderInterceptor.class,
- org.onap.aai.interceptors.pre.OneWaySslAuthorization.class,
org.onap.aai.interceptors.pre.VersionLatestInterceptor.class,
org.onap.aai.interceptors.pre.RetiredInterceptor.class,
org.onap.aai.interceptors.pre.VersionInterceptor.class,
<parent>
<groupId>org.onap.aai.aai-common</groupId>
<artifactId>aai-parent</artifactId>
- <version>1.15.5-SNAPSHOT</version>
+ <version>1.15.5</version>
</parent>
<groupId>org.onap.aai.traversal</groupId>
<artifactId>traversal</artifactId>
Nexus Proxy Properties and Snapshot Locations
Ideally this can be overwritten at runtime per internal environment specific values at runtime
-->
- <aai.common.version>1.15.5-SNAPSHOT</aai.common.version>
+ <aai.common.version>1.15.5</aai.common.version>
<nexusproxy>https://nexus.onap.org</nexusproxy>
<site.path>/content/sites/site/org/onap/aai/traversal/${project.artifactId}/${project.version}</site.path>
<release.path>/content/repositories/releases/</release.path>
Code Review / aai / traversal.git / commitdiff