--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.catalogdb;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.catalogdb;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.openstack;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.openstack;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services")
+ .permitAll().antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.requestsdb.application;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.requestsdb.application;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.sdnc;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.sdnc;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services")
+ .permitAll().antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vfc;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.vfc;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info", "/services")
+ .permitAll().antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.adapters.vnfmadapter;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
/*-
* ============LICENSE_START=======================================================
- * Copyright (C) 2019 Nordix Foundation.
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
- *
- * SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
-/**
- * Configure the web security for the application.
- */
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
@Value("${server.ssl.client-auth:none}")
private String clientAuth;
- @Override
- protected void configure(final HttpSecurity http) throws Exception {
- if (("need").equalsIgnoreCase(clientAuth)) {
- http.csrf().disable().authorizeRequests().anyRequest().permitAll();
- } else {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
- }
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ if (("need").equalsIgnoreCase(clientAuth)) {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ } else {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ","))
+ .and().httpBasic();
+ }
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(final WebSecurity web) throws Exception {
- super.configure(web);
- final StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.asdc;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("!test & aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.asdc;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("!test & aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
}
}
<version>1.7.0</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.9</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
</project>
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.bpmn.infrastructure;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.bpmn.infrastructure;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
- "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
- .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
- }
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
+ "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
+
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
}
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().anyRequest().permitAll();
+ }
+ };
+ }
}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
+@Configuration
@EnableWebSecurity
public class WebSecurityConfigImpl extends WebSecurityConfig {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
- "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
- .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
- }
+ @Bean
+ @Profile("test")
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/async/services/**", "/workflow/services/*", "/SDNCAdapterCallbackService",
+ "/WorkflowMessage", "/vnfAdapterNotify", "/vnfAdapterRestNotify")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and().httpBasic();
+ }
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
- }
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+
+ };
+ }
}
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.9</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>org.reflections</groupId>
<artifactId>reflections</artifactId>
@ConfigurationProperties(prefix = "spring.security")
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class WebSecurityConfig {
private List<UserCredentials> credentials;
private List<String> roles = new ArrayList<>();
public BCryptPasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(userDetailsService()).passwordEncoder(passwordEncoder());
- }
-
}
<groupId>io.micrometer</groupId>
<artifactId>micrometer-registry-prometheus</artifactId>
</dependency>
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.9</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
</dependencies>
<build>
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.apihandlerinfra;
+
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.Ordered;
+
+@Configuration
+@Profile("aaf")
+public class SecurityFilters {
+
+ @Bean
+ public FilterRegistrationBean<SoCadiFilter> loginRegistrationBean() {
+ FilterRegistrationBean<SoCadiFilter> filterRegistrationBean = new FilterRegistrationBean<>();
+ filterRegistrationBean.setFilter(new SoCadiFilter());
+ filterRegistrationBean.setName("cadiFilter");
+ filterRegistrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
+ return filterRegistrationBean;
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SO
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.so.apihandlerinfra;
+
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Component;
+
+@Component
+@Profile("aaf")
+public class SoCadiFilter extends CadiFilter {
+
+ protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
+
+ private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
+ private static String AAF_API_VERSION = "aaf_api_version";
+
+ @Value("${mso.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${mso.config.cadi.cadiKeyFile:#{null}}")
+ private String cadiKeyFile;
+
+ @Value("${mso.config.cadi.cadiTruststorePassword:#{null}}")
+ private String cadiTrustStorePassword;
+
+ @Value("${mso.config.cadi.cadiTrustStore:#{null}}")
+ private String cadiTrustStore;
+
+ @Value("${mso.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${mso.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${mso.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${mso.config.cadi.aafApiVersion:#{null}}")
+ private String aafApiVersion;
+
+ @Value("${mso.config.cadi.aafRootNs:#{null}}")
+ private String aafRootNs;
+
+ @Value("${mso.config.cadi.aafId:#{null}}")
+ private String aafMechId;
+
+ @Value("${mso.config.cadi.aafPassword:#{null}}")
+ private String aafMechIdPassword;
+
+ @Value("${mso.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${mso.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${mso.config.cadi.apiEnforcement:#{null}}")
+ private String apiEnforcement;
+
+ private void checkIfNullProperty(String key, String value) {
+ /*
+ * When value is null, it is not defined in application.yaml set nothing in System properties
+ */
+ if (value != null) {
+ System.setProperty(key, value);
+ }
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_KEYFILE, cadiKeyFile);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, cadiTrustStore);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, cadiTrustStorePassword);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_API_VERSION, aafApiVersion);
+ checkIfNullProperty(Config.AAF_ROOT_NS, aafRootNs);
+ checkIfNullProperty(Config.AAF_APPID, aafMechId);
+ checkIfNullProperty(Config.AAF_APPPASS, aafMechIdPassword);
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_API_ENFORCEMENT, apiEnforcement);
+ // checkIfNullProperty(AFT_ENVIRONMENT_VAR, aftEnv);
+ logger.debug(" *** init Filter Config *** ");
+ super.init(filterConfig);
+ }
+
+
+}
import org.onap.so.security.MSOSpringFirewall;
import org.onap.so.security.WebSecurityConfig;
+import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
+import org.springframework.context.annotation.Profile;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.firewall.StrictHttpFirewall;
import org.springframework.util.StringUtils;
@EnableWebSecurity
@Configuration("att-security-config")
-@Order(2)
+// @Order(2)
public class WebSecurityConfigImpl extends WebSecurityConfig {
+ @Profile({"basic", "test"})
+ @Bean
+ public WebSecurityConfigurerAdapter basicAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
+ .httpBasic();
+ }
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
+ @Override
+ public void configure(WebSecurity web) throws Exception {
+ super.configure(web);
+ StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+ @Override
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
+ .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
+ }
+ };
}
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
+ @Profile("aaf")
+ @Bean
+ public WebSecurityConfigurerAdapter noAuth() {
+ return new WebSecurityConfigurerAdapter() {
+ @Override
+ protected void configure(HttpSecurity http) throws Exception {
+ http.authorizeRequests().antMatchers("/**").permitAll();
+ }
+ };
}
}
COPY scripts/start-app.sh /app
COPY scripts/wait-for.sh /app
COPY ca-certificates/onap-ca.crt /app/ca-certificates/onap-ca.crt
+COPY certs/* /app/
RUN chown -R so:so /app && chmod 700 /app/*.sh
--- /dev/null
+xVdhDotWIx2RB3f8RxAFQb9mkHVVdIzv8eiij9cDjg_5ea5HWPS7OzLR5lv4NA0vStrAMfSAaS2e
+j4rzvrlserM9bTRco3JHb-i6ZGYMoTL6kuFJ9JMveSqg-fkwvrm7VcYQJBs1FIE3hRLNqiGJ34ud
+hDRp-cGUvNRLIImksKT2fmUyEawLLuE0Lo5aX46y0ibjIMe7clMxLHIS5-WggvkgIOPkVDcxqLT2
+OteGptqW1cjrm1ydbTkLYN6dd7ZmRsT3ULPYLEtPTlZ2vCh7bFBBvP_tjp2cZf4uSPM6EClYAikn
+dnTqivOfCZn25r0xeXuectoXbq12fws_jaCH05ZK1wJwAF_cQNfpvaiM457rE672YV3Ev4yhXCyM
+1jVL2P9Chl1sSBkZujCftvaj1rlippP9P_eohcLv84mtApEyV49rBFRMtkX9ZVdPyb8shFSoXJxk
+M6DentRzY1g37mVJ1B1YMKPNQj95nOD4gLvjbUZ7dATuroENsG7oUWkfaV6dokfTmh504ZbyeqGh
+xa7yfr3326fMQBhQMpsyqD2o_Obe5wN57p-vb469w65pUmK7iJDa0Fgxaxy8XNNnw6gCurbbsvyU
+nB8UdfhTvL5mJew_tKUvtq_KH9ajnA8giSxuFd9KM6YHJWiFMXIROEQT7hKjTJka1ghERBjcH_pY
+hbKtHdvbrS7T2hGwY_MQEUXYQBirtjaEwAvI960hXQt1K-MC8PNLRYtdLKE2Aq3amMt7ZKtrHSeN
+33I1MjXc3wRUeOi5A6qImge1Q_Wmn1SURAn9KbEv9eoMUbQUkN1z2iyw4x94BZpBk5GjDypKKOyg
+guec0UY3y9wqm5gGW7XvT3v1lZqo5180VgK49iFgA4IhWZ7dnDFQmq6IHTr1pM4kuvJ9dka9saIh
+9xCk_KINPp5_dqJ2Lhak2IeRg_Zm3belm1jvYGCyRRqfoi9WGrDh3LLZeK8MHrrfzLI4Toy_n6DG
+UNXPrXqrZPREfW2lhYLRfrivOBYWPq9JidQXn1UctSmWdNoMH7XuikBpAwmlInNA_5j9J-L-gf9D
+cw2zoby3_wvcm5vxndnocEdhqVVdo7uMmXasQqphuyJP8rgCJf_I1v0Qe5F-JXsj6xDvarOUPOTj
+Z93a64EO0KI0OznolRyBqHpIXffbGh7e1EpAE0LMESKJC3Mjmsgz1ld3s7WfdeDK-IxUEHJLHlhY
+IjBlY6q3OJDrgvPLkwoWPbI48tmRUJX1BCafvDU6W8crl4VQKhL_l5ANAX5oaKwh-0ZJAZ15tna5
+6fjWcWrtQSdNQxj0jXV7uEcBtRtyPyOk2uw4HJDBLQyyOglUUxcQZJFCFp2fCHmNyttmUJQ5U9cu
+yw9lKhsyBJ5TB4psbp64_0EalITeAGrpuH1I1N2m1O5ZY8pmrpPtA1Mb5rQ4IJqiVbZgHTcvSiN5
+Z2SilurhI1vq4_aN_UZJQvEnw9U5WU3ysphsQk8RZKbFH4W9GDtmEGbAkRkTy17KrDIuMpe--XJF
+SQHUd4tzxbiYVYHKdF6Ce1kfQ-DEFXEf7RddwuKbc7tw2pSjy1MVH4HSRoTOQQpewZRTfG-4d3MX
+B99-QgufEk1OBkfemuDhdnPty5qkOLUEG_uQKPpD0QDVf-t4OxZqk_8G_dCJcXbmY4VT3V7pdN_I
+qp2xP98wGcIPuLGlEB8px94jKdUolkqeV_UTmmkTGz-szLzgK_YhnnVJn8VeyNsPTwAFUlqiPTyT
+n_7rCb_6nNKlriadaHu6IuJWehv03ZR9jS0P1Y3YLM286deCLFu93lN3nY4yf-SEguASdHJNCBFJ
+RQViYm8Tfuim5F0KQGafheGcdZxTvBFihnDduQWNBR_bDB9zfD6OtvvkseyyWHt3gHkJm5QeCjWK
+RzRvbjLpUnA31cJeEXmnmhB5qMAvjn8yORKcotn3u4MXdHEk-s8vR_SKykS6IcaYE1xxbowtg-UG
+d1iaky1NFYa2VZ4pGx9lD93GDTDynmOSfzVeVsxhTu_5rAanpDkUYVuxOzajmRh55I8a6dRk
\ No newline at end of file
jksargs="$jksargs -Djavax.net.ssl.trustStorePassword=${TRUSTSTORE_PASSWORD}"
fi
-jvmargs="${JVM_ARGS} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}"
+if [ -z "${ACTIVE_PROFILE}" ]; then
+ export ACTIVE_PROFILE="basic"
+fi
+
+jvmargs="${JVM_ARGS} -Dspring.profiles.active=${ACTIVE_PROFILE} -Djava.security.egd=file:/dev/./urandom -Dlogs_dir=${LOG_PATH} -Dlogging.config=/app/logback-spring.xml $jksargs -Dspring.config.additional-location=$CONFIG_PATH ${SSL_DEBUG} ${DISABLE_SNI}"
echo "JVM Arguments: ${jvmargs}"