Integrate AAF framework into Clamp.
Issue-ID: CLAMP-103
Change-Id: I2ceeb2a85b8b5674e712b3924a96a2bd6fb71d68
Signed-off-by: xg353y <xg353y@intl.att.com>
</exclusions>
</dependency>
<!-- Others dependencies -->
+ <dependency>
+ <groupId>org.onap.aaf.authz</groupId>
+ <artifactId>aaf-cadi-aaf</artifactId>
+ <version>2.1.0</version>
+ <exclusions>
+ <exclusion>
+ <groupId>javax.servlet</groupId>
+ <artifactId>servlet-api</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-core</artifactId>
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.config;
+
+import java.util.Properties;
+
+import javax.servlet.Filter;
+
+import org.onap.clamp.clds.filter.ClampCadiFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@Configuration
+@Profile("clamp-aaf-authentication")
+@ConfigurationProperties(prefix = "clamp.config.cadi")
+public class AAFConfiguration {
+ private static final String CADI_KEY_FILE = "cadi_keyfile";
+ private static final String CADI_LOG_LEVEL = "cadi_loglevel";
+ private static final String LATITUDE = "cadi_latitude";
+ private static final String LONGITUDE = "cadi_longitude";
+ private static final String LOCATE_URL = "aaf_locate_url";
+ private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url";
+ private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url";
+ private static final String AAF_ENV = "aaf_env";
+ private static final String AAF_URL = "aaf_url";
+ private static final String X509_ISSUERS = "cadi_x509_issuers";
+
+ private String keyFile;
+ private String cadiLoglevel;
+ private String cadiLatitude;
+ private String cadiLongitude;
+ private String aafLocateUrl;
+ private String oauthTokenUrl;
+ private String oauthIntrospectUrl;
+ private String aafEnv;
+ private String aafUrl;
+ private String cadiX509Issuers;
+
+ /**
+ * Method to return clamp cadi filter.
+ *
+ * @return Filter
+ */
+ @Bean(name = "cadiFilter")
+ public Filter cadiFilter() {
+ return new ClampCadiFilter();
+ }
+
+ /**
+ * Method to register cadi filter.
+ *
+ * @return FilterRegistrationBean
+ */
+ @Bean
+ public FilterRegistrationBean cadiFilterRegistration() {
+ FilterRegistrationBean registration = new FilterRegistrationBean();
+ registration.setFilter(cadiFilter());
+ registration.addUrlPatterns("/restservices/*");
+ //registration.addUrlPatterns("*");
+ registration.setName("cadiFilter");
+ registration.setOrder(0);
+ return registration;
+ }
+
+ public String getKeyFile() {
+ return keyFile;
+ }
+
+ public void setKeyFile(String keyFile) {
+ this.keyFile = keyFile;
+ }
+
+ public String getCadiLoglevel() {
+ return cadiLoglevel;
+ }
+
+ public void setCadiLoglevel(String cadiLoglevel) {
+ this.cadiLoglevel = cadiLoglevel;
+ }
+
+ public String getCadiLatitude() {
+ return cadiLatitude;
+ }
+
+ public void setCadiLatitude(String cadiLatitude) {
+ this.cadiLatitude = cadiLatitude;
+ }
+
+ public String getCadiLongitude() {
+ return cadiLongitude;
+ }
+
+ public void setCadiLongitude(String cadiLongitude) {
+ this.cadiLongitude = cadiLongitude;
+ }
+
+ public String getAafLocateUrl() {
+ return aafLocateUrl;
+ }
+
+ public void setAafLocateUrl(String aafLocateUrl) {
+ this.aafLocateUrl = aafLocateUrl;
+ }
+
+ public String getOauthTokenUrl() {
+ return oauthTokenUrl;
+ }
+
+ public void setOauthTokenUrl(String oauthTokenUrl) {
+ this.oauthTokenUrl = oauthTokenUrl;
+ }
+
+ public String getOauthIntrospectUrl() {
+ return oauthIntrospectUrl;
+ }
+
+ public void setOauthIntrospectUrl(String oauthIntrospectUrl) {
+ this.oauthIntrospectUrl = oauthIntrospectUrl;
+ }
+
+ public String getAafEnv() {
+ return aafEnv;
+ }
+
+ public void setAafEnv(String aafEnv) {
+ this.aafEnv = aafEnv;
+ }
+
+ public String getAafUrl() {
+ return aafUrl;
+ }
+
+ public void setAafUrl(String aafUrl) {
+ this.aafUrl = aafUrl;
+ }
+
+ public String getCadiX509Issuers() {
+ return cadiX509Issuers;
+ }
+
+ public void setCadiX509Issuers(String cadiX509Issuers) {
+ this.cadiX509Issuers = cadiX509Issuers;
+ }
+
+ public Properties getProperties() {
+ Properties prop = System.getProperties();
+ //prop.put("cadi_prop_files", "");
+ prop.put(CADI_KEY_FILE, keyFile);
+ prop.put(CADI_LOG_LEVEL, cadiLoglevel);
+ prop.put(LATITUDE, cadiLatitude);
+ prop.put(LONGITUDE, cadiLongitude);
+ prop.put(LOCATE_URL, aafLocateUrl);
+ if (oauthTokenUrl != null) {
+ prop.put(OAUTH_TOKEN_URL, oauthTokenUrl);
+ }
+ if (oauthIntrospectUrl != null) {
+ prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl);
+ }
+ prop.put(AAF_ENV, aafEnv);
+ prop.put(AAF_URL, aafUrl);
+ prop.put(X509_ISSUERS, cadiX509Issuers);
+ return prop;
+ }
+}
\ No newline at end of file
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.config;
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+/**
+ * Overwrite the key method isUserInRole and getUserPrincipal, to adapt to the Clamp default user verification
+ */
+public class ClampUserWrap extends HttpServletRequestWrapper {
+
+ private String user;
+ private List<String> roles = null;
+ private HttpServletRequest realRequest;
+
+ /**
+ * Standard Wrapper constructor for Delegate pattern
+ * @param request
+ */
+ public ClampUserWrap(HttpServletRequest request, String userName, List<String> roles){
+ super(request);
+
+ this.user = userName;
+ this.roles = roles;
+ this.realRequest = request;
+ }
+
+ @Override
+ public boolean isUserInRole(String role) {
+ if (roles == null) {
+ return this.realRequest.isUserInRole(role);
+ }
+ return roles.contains(role);
+ }
+
+ @Override
+ public Principal getUserPrincipal() {
+ if (this.user == null) {
+ return realRequest.getUserPrincipal();
+ }
+
+ // make an anonymous implementation to just return our user
+ return new Principal() {
+ @Override
+ public String getName() {
+ return user;
+ }
+ };
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.clamp.clds.config;
+
+import javax.servlet.Filter;
+
+import org.onap.clamp.clds.filter.ClampDefaultUserFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+
+@Configuration
+@Profile("clamp-default-user")
+public class DefaultUserConfiguration {
+
+ /**
+ * Method to return clamp default user filter.
+ *
+ * @return Filter
+ */
+ @Bean(name = "defaultUserFilter")
+ public Filter defaultUserFilter() {
+ return new ClampDefaultUserFilter();
+ }
+
+ /**
+ * Method to register defaultUserFilter.
+ *
+ * @return FilterRegistrationBean
+ */
+ @Bean
+ public FilterRegistrationBean defaultUserFilterRegistration() {
+ FilterRegistrationBean registration = new FilterRegistrationBean();
+ registration.setFilter(defaultUserFilter());
+ registration.addUrlPatterns("/restservices/*");
+ registration.setName("defaultUserFilter");
+ registration.setOrder(0);
+ return registration;
+ }
+
+}
\ No newline at end of file
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.config;
+
+import org.springframework.context.annotation.Configuration;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.beans.factory.annotation.Value;
+
+@Configuration
+public class SSLConfiguration {
+ private static final String TRUST_STORE = "javax.net.ssl.trustStore";
+ private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword";
+ private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
+
+ @Value("${server.ssl.trust:/opt/app/osaaf/client/local/truststoreONAP.p12}")
+ private String sslTruststoreFile;
+ @Value("${server.ssl.trust-password:changeit}")
+ private String sslTruststorePw;
+ @Value("${server.ssl.trust-type:PKCS12}")
+ private String sslTruststoreType;
+
+ @PostConstruct
+ private void configureSSL() {
+ if (!sslTruststoreFile.equals("none")) {
+ System.setProperty(TRUST_STORE, sslTruststoreFile);
+ }
+ if (!sslTruststoreType.equals("none")) {
+ System.setProperty(TRUST_STORE_TYPE, sslTruststoreType);
+ }
+ if (!sslTruststorePw.equals("none")) {
+ System.setProperty(TRUST_STORE_PW, sslTruststorePw);
+ }
+ }
+}
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-
-package org.onap.clamp.clds.config.spring;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
-import java.io.IOException;
-
-import org.onap.clamp.clds.config.ClampProperties;
-import org.onap.clamp.clds.config.CldsUserJsonDecoder;
-import org.onap.clamp.clds.exception.CldsConfigException;
-import org.onap.clamp.clds.exception.CldsUsersException;
-import org.onap.clamp.clds.service.CldsUser;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-/**
- * This class is used to enable the HTTP authentication to login. It requires a
- * specific JSON file containing the user definition
- * (classpath:clds/clds-users.json).
- */
-@Configuration
-@EnableWebSecurity
-@Profile("clamp-spring-authentication")
-public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter {
-
- protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsSecurityConfigUsers.class);
- protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
- @Autowired
- private ClampProperties refProp;
- @Value("${clamp.config.security.permission.type.cl:permission-type-cl}")
- private String cldsPersmissionTypeCl;
- @Value("${CLDS_PERMISSION_INSTANCE:dev}")
- private String cldsPermissionInstance;
- @Value("${clamp.config.security.encoder:bcrypt}")
- private String cldsEncoderMethod;
- @Value("${clamp.config.security.encoder.bcrypt.strength:10}")
- private Integer cldsBcryptEncoderStrength;
-
- /**
- * This method configures on which URL the authorization will be enabled.
- */
- @Override
- protected void configure(HttpSecurity http) {
- try {
- http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
- .authenticated().anyRequest().permitAll().and().logout()
- .and().sessionManagement()
- .maximumSessions(1)
- .and().invalidSessionUrl("/designer/timeout.html");
-
- } catch (Exception e) {
- logger.error("Exception occurred during the setup of the Web users in memory", e);
- throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
- }
- }
-
- /**
- * This method is called by the framework and is used to load all the users
- * defined in cldsUsersFile variable (this file path can be configured in
- * the application.properties).
- *
- * @param auth
- */
- @Autowired
- public void configureGlobal(AuthenticationManagerBuilder auth) {
- // configure algorithm used for password hashing
- final PasswordEncoder passwordEncoder = getPasswordEncoder();
-
- try {
- CldsUser[] usersList = loadUsers();
- // no users defined
- if (null == usersList) {
- logger.warn("No users defined. Users should be defined under clds-users.json");
- return;
- }
- for (CldsUser user : usersList) {
- auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
- .roles(user.getPermissionsString()).and().passwordEncoder(passwordEncoder);
- }
- } catch (Exception e) {
- logger.error("Exception occurred during the setup of the Web users in memory", e);
- throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
- }
- }
-
- /**
- * This method loads physically the JSON file and convert it to an Array of
- * CldsUser.
- *
- * @return The array of CldsUser
- * @throws IOException
- * In case of the file is not found
- */
- private CldsUser[] loadUsers() throws IOException {
- logger.info("Load from clds-users.properties");
- return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
- }
-
- /**
- * This methods returns the chosen encoder for password hashing.
- */
- private PasswordEncoder getPasswordEncoder() {
- if ("bcrypt".equals(cldsEncoderMethod)) {
- return new BCryptPasswordEncoder(cldsBcryptEncoderStrength);
- } else {
- throw new CldsConfigException("Invalid clamp.config.security.encoder value. 'bcrypt' is the only option at this time.");
- }
- }
-}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.filter;
+
+import javax.servlet.FilterConfig;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import org.springframework.beans.factory.annotation.Value;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.clamp.clds.config.AAFConfiguration;
+
+public class ClampCadiFilter extends CadiFilter {
+ private static final String CADI_TRUST_STORE = "cadi_truststore";
+ private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password";
+ private static final String CADI_KEY_STORE = "cadi_keystore";
+ private static final String CADI_KEY_STORE_PW = "cadi_keystore_password";
+ private static final String ALIAS = "cadi_alias";
+
+ @Value("${server.ssl.key-store:none}")
+ private String keyStore;
+
+ @Value("${clamp.config.cadi.cadiKeystorePassword:none}")
+ private String keyStorePass;
+
+ @Value("${server.ssl.trust:none}")
+ private String trustStore;
+
+ @Value("${clamp.config.cadi.cadiTruststorePassword:none}")
+ private String trustStorePass;
+
+ @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
+ private String alias;
+
+ @Autowired
+ private AAFConfiguration aafConfiguration;
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ Properties props = aafConfiguration.getProperties();
+ props.setProperty(CADI_KEY_STORE, trimFileName(keyStore));
+ props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore));
+ props.setProperty(ALIAS, alias);
+ props.setProperty(CADI_KEY_STORE_PW, keyStorePass);
+ props.setProperty(CADI_TRUST_STORE_PW, trustStorePass);
+
+ super.init(filterConfig);
+ }
+
+ private String trimFileName (String fileName) {
+ int index= fileName.indexOf("file:");
+ if (index == -1) {
+ return fileName;
+ } else {
+ return fileName.substring(index+5);
+ }
+ }
+}
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ * reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.clamp.clds.filter;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.onap.clamp.clds.config.ClampProperties;
+import org.onap.clamp.clds.config.ClampUserWrap;
+import org.onap.clamp.clds.config.CldsUserJsonDecoder;
+import org.onap.clamp.clds.exception.CldsUsersException;
+import org.onap.clamp.clds.service.CldsUser;
+
+
+public class ClampDefaultUserFilter implements Filter {
+ private CldsUser defaultUser;
+ @Autowired
+ private ClampProperties refProp;
+
+ // Load the default user
+ public void init(FilterConfig cfg) throws ServletException {
+ try {
+ CldsUser[] users = CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
+ defaultUser = users[0];
+ } catch (IOException e) {
+ // not able to load default user
+ throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e);
+ }
+ }
+
+ // Call the ClampUserWrapper
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
+ HttpServletRequest hreq = (HttpServletRequest)req;
+ chain.doFilter(new ClampUserWrap(hreq, defaultUser.getUser(), Arrays.asList(defaultUser.getPermissionsString())), res);
+ }
+
+ public void destroy() {
+ }
+}
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
*/
package org.onap.clamp.clds.service;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.SecurityContext;
import org.springframework.stereotype.Component;
MediaType.TEXT_PLAIN
})
public class UserService {
+ @Context
+ private SecurityContext securityContext;
/**
* REST service that returns the username.
* @return the user name
*/
@GET
- @Path("/{userName}")
+ @Path("/getUser")
@Produces(MediaType.TEXT_PLAIN)
- public String getUser(@PathParam("userName") String userName) {
+ public String getUser() {
+ UserNameHandler userNameHandler = new DefaultUserNameHandler();
+ String userName = userNameHandler.retrieveUserName(securityContext);
return userName;
}
}
\ No newline at end of file
limitations under the License.
============LICENSE_END============================================
===================================================================
-
-->
<style>
.divRow {
<head>
<title>CLDS</title>
</head>
-<div ng-controller="AuthenticateCtrl">
+<div ng-controller="AuthenticateCtrl" ng-init="authenticate()">
<div id='head'>
<div ng-include="'menu_simplified.html'"></div>
</div>
<div id='main'>
- <div class="divRow"><b>Welcome to Clamp. Please login first.</b></div>
- <div class="divForm">
- <form ng-submit="authenticate()" method="post" autocomplete="off">
- <div class="divFormRow"><label>User Name : <input type="text" ng-model="username" name="username"/> </label></div>
- <div class="divFormRow"><label>Password: <input type="password" ng-model="password" name="password"/> </label></div>
- <div class="divFormRow"><input type="submit" value=" Sign In"/></div>
- </form>
- </div>
+ <div class="divRow"><b>Welcome to Clamp.</b></div>
</div>
</div>
</head>
<div>
<div class="divRow"><b>Login Failed!</b></div>
- <div class="divRow"><b>Please make sure your login and password are correct.
- If you don't have the login credential, please contact CLAMP administrator.</b></div>
+ <div class="divRow"><b>You are not authorized to access CLAMP UI, please contact CLAMP administrator.</b></div>
<div class="divRow">To login again, please click <a href="/designer/index.html"/>Login</a></div>
</div>
-
-
-
-
* limitations under the License.
* ============LICENSE_END============================================
* ===================================================================
- *
+ *
*/
'use strict';
console.log("//////////AuthenticateCtrl");
$scope.getInclude = function() {
console.log("getInclude011111111");
- var invalidUser = $window.localStorage.getItem("isInvalidUser");
+ var invalidUser = $window.localStorage.getItem("invalidUser");
var isAuth = $window.localStorage.getItem("isAuth");
-
- if (invalidUser != null && invalidUser == 'true') {
- console.log("Authentication failed");
- $window.localStorage.removeItem("isInvalidUser");
- window.location.href = "/designer/invalid_login.html";
- } else if (isAuth == null || isAuth == 'false') {
+ if (invalidUser == 'true')
+ return "invalid_login.html";
+ else if (isAuth == null || isAuth == 'false') {
return "authenticate.html";
}
- // Reassign the login user info, to be used in menu.html
- $rootScope.loginuser = $window.localStorage.getItem("loginuser");
return "utmdashboard.html";
};
$scope.authenticate = function() {
- var username = $scope.username;
- var pass = $scope.password;
- if (!username || !pass) {
- console.log("Invalid username/password");
- $window.localStorage.setItem("isInvalidUser", true);
- return;
- }
- var headers = username ? {
- authorization: "Basic " +
- btoa(username + ":" + pass)
- } : {};
- // send request to a test API with the username/password to verify the authorization
- $http.get('/restservices/clds/v1/user/testUser', {
- headers: headers
+ // send request to a test API for authentication/authorization check
+ $http.get('/restservices/clds/v1/user/getUser', {
}).success(function(data) {
if (data) {
$window.localStorage.setItem("isAuth", true);
- $window.localStorage.setItem("loginuser", $scope.username);
- $rootScope.loginuser = $scope.username;
- } else {
- $window.localStorage.removeItem("isInvalidUser", true);
- }
+ $rootScope.loginuser = data;
+ }
callback && callback();
}).error(function() {
- $window.localStorage.removeItem("isInvalidUser", true);
+ $window.localStorage.setItem("invalidUser", true);
callback && callback();
});
};
--- /dev/null
+###\r
+# ============LICENSE_START=======================================================\r
+# ONAP CLAMP\r
+# ================================================================================\r
+# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights\r
+# reserved.\r
+# ================================================================================\r
+# Licensed under the Apache License, Version 2.0 (the "License");\r
+# you may not use this file except in compliance with the License.\r
+# You may obtain a copy of the License at\r
+#\r
+# http://www.apache.org/licenses/LICENSE-2.0\r
+#\r
+# Unless required by applicable law or agreed to in writing, software\r
+# distributed under the License is distributed on an "AS IS" BASIS,\r
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+# See the License for the specific language governing permissions and\r
+# limitations under the License.\r
+# ============LICENSE_END============================================\r
+# ===================================================================\r
+# ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+###\r
+\r
+info.build.artifact=@project.artifactId@\r
+info.build.name=@project.name@\r
+info.build.description=@project.description@\r
+info.build.version=@project.version@\r
+### Set the port for HTTP or HTTPS protocol (Controlled by Spring framework, only one at a time).\r
+### (See below for the parameter 'server.http.port' if you want to have both enabled)\r
+### To have only HTTP, keep the lines server.ssl.* commented\r
+### To have only HTTPS enabled, uncomment the server.ssl.* lines and specify a right keystore location\r
+#server.port=8080\r
+### Settings for HTTPS (this automatically enables the HTTPS on the port 'server.port')\r
+#server.ssl.key-store=file:/tmp/mykey.jks\r
+#server.ssl.key-store-password=pass\r
+#server.ssl.key-password=pass\r
+\r
+### In order to be user friendly when HTTPS is enabled,\r
+### you can add another HTTP port that will be automatically redirected to HTTPS\r
+### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)\r
+#server.http-to-https-redirection.port=8090\r
+\r
+### HTTP Example:\r
+###--------------\r
+server.port=8080\r
+\r
+\r
+### HTTP (Redirected to HTTPS) and HTTPS Example:\r
+### --------------------------------------------\r
+### server.port=8443 <-- The HTTPS port\r
+### server.ssl.key-store=file:/tmp/mykey.jks\r
+### server.ssl.key-store-password=mypass\r
+### server.ssl.key-password=mypass\r
+### server.http-to-https-redirection.port=8080\r
+\r
+server.contextPath=/\r
+#Modified engine-rest applicationpath\r
+spring.profiles.active=clamp-default,clamp-default-user,clamp-sdc-controller\r
+\r
+#The max number of active threads in this pool\r
+server.tomcat.max-threads=200\r
+#The minimum number of threads always kept alive\r
+server.tomcat.min-Spare-Threads=25\r
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads\r
+server.tomcat.max-idle-time=60000\r
+server.tomcat.clientAuth=want\r
+#Servlet context parameters\r
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.\r
+\r
+camel.springboot.consumer-template-cache-size=1000\r
+camel.springboot.producer-template-cache-size=1000\r
+camel.springboot.jmx-enabled=false\r
+camel.defaultthreadpool.poolsize=10\r
+camel.defaultthreadpool.maxpoolsize=20\r
+camel.defaultthreadpool.maxqueuesize=1000\r
+camel.defaultthreadpool.keepaliveTime=60\r
+camel.defaultthreadpool.rejectpolicy=CallerRuns\r
+#camel.springboot.xmlRoutes = false\r
+camel.springboot.xmlRoutes=classpath:/clds/camel/*.xml\r
+#camel.springboot.typeConversion = false\r
+\r
+#clds datasource connection details\r
+spring.datasource.cldsdb.driverClassName=org.mariadb.jdbc.Driver\r
+spring.datasource.cldsdb.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3\r
+spring.datasource.cldsdb.username=clds\r
+spring.datasource.cldsdb.password=4c90a0b48204383f4283448d23e0b885a47237b2a23588e7c4651604f51c1067\r
+spring.datasource.cldsdb.validationQuery=SELECT 1\r
+spring.datasource.cldsdb.validationQueryTimeout=20000\r
+spring.datasource.cldsdb.validationInterval=30000\r
+spring.datasource.cldsdb.testWhileIdle = true\r
+spring.datasource.cldsdb.minIdle = 0\r
+spring.datasource.cldsdb.initialSize=0\r
+# Automatically test whether a connection provided is good or not\r
+spring.datasource.cldsdb.testOnBorrow=true\r
+spring.datasource.cldsdb.ignoreExceptionOnPreLoad=true\r
+\r
+#Async Executor default Parameters\r
+async.core.pool.size=10\r
+async.max.pool.size=20\r
+async.queue.capacity=500\r
+\r
+clamp.config.files.cldsPolicyConfig=classpath:/clds/clds-policy-config.properties\r
+clamp.config.files.cldsUsers=classpath:/clds/clds-users.json\r
+clamp.config.files.globalProperties=classpath:/clds/templates/globalProperties.json\r
+clamp.config.files.sdcController=classpath:/clds/sdc-controllers-config.json\r
+\r
+# Properties for Clamp\r
+# DCAE request build properties\r
+#\r
+clamp.config.dcae.template=classpath:/clds/templates/dcae-template.json\r
+clamp.config.dcae.decode.service_ids=classpath:/clds/templates/dcae-decode-service_ids.json\r
+clamp.config.dcae.deployment.template=classpath:/clds/templates/dcae-deployment-template.json\r
+#\r
+# SDC request blueprint properties\r
+#\r
+clamp.config.sdc.template=classpath:/clds/templates/sdc-template.json\r
+clamp.config.sdc.decode.service_ids=classpath:/clds/templates/sdc-decode-service_ids.json\r
+#\r
+#\r
+# Configuration Settings for Policy Engine Components\r
+clamp.config.policy.pdpUrl1=http://policy.api.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123\r
+clamp.config.policy.pdpUrl2=http://policy.api.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123\r
+clamp.config.policy.papUrl=http://policy.api.simpledemo.onap.org:8081/pap/ , testpap, alpha123\r
+clamp.config.policy.notificationType=websocket\r
+clamp.config.policy.notificationUebServers=localhost\r
+clamp.config.policy.notificationTopic=\r
+clamp.config.policy.clientId=myclientid\r
+# base64 encoding\r
+\r
+clamp.config.policy.clientKey=5CE79532B3A2CB4D132FC0C04BF916A7\r
+#DEVL for development\r
+#TEST for Test environments\r
+#PROD for prod environments\r
+clamp.config.policy.policyEnvironment=TEST\r
+# General Policy request properties\r
+#\r
+clamp.config.policy.onap.name=DCAE\r
+clamp.config.policy.pdp.group=default\r
+clamp.config.policy.ms.type=MicroService\r
+clamp.config.policy.ms.policyNamePrefix=Config_MS_\r
+clamp.config.policy.op.policyNamePrefix=Config_BRMS_Param_\r
+clamp.config.policy.base.policyNamePrefix=Config_\r
+clamp.config.policy.op.type=BRMS_Param\r
+\r
+\r
+# TCA MicroService Policy request build properties\r
+#\r
+clamp.config.tca.policyid.prefix=DCAE.Config_\r
+clamp.config.tca.policy.template=classpath:/clds/templates/tca-policy-template.json\r
+clamp.config.tca.template=classpath:/clds/templates/tca-template.json\r
+clamp.config.tca.thresholds.template=classpath:/clds/templates/tca-thresholds-template.json\r
+\r
+#\r
+#\r
+# Operational Policy request build properties\r
+#\r
+clamp.config.op.policyDescription=from clds\r
+# default\r
+clamp.config.op.templateName=ClosedLoopvUSP\r
+clamp.config.op.operationTopic=APPC-CL\r
+clamp.config.op.notificationTopic=POLICY-CL-MGT\r
+clamp.config.op.controller=amsterdam\r
+clamp.config.op.policy.appc=APPC\r
+# by service: vSCP\r
+clamp.config.op.templateName.vSCP=ClosedLoopTemplate\r
+clamp.config.op.controller.vSCP=1607-f5fw\r
+clamp.config.op.eNodeB.templateName=ClosedLoopControlName\r
+clamp.config.op.eNodeB.operationTopic=com.onap.sdnr.RanCLRequest-v00\r
+clamp.config.op.eNodeB.notificationTopic=com.onap-policy.IST-ENODEB-CL\r
+clamp.config.op.eNodeB.controller=amsterdam\r
+clamp.config.op.eNodeB.recipe=classpath:/clds/templates/op-eNodeB-recipe.json\r
+clamp.config.op.eNodeB.timeWindow=35\r
+clamp.config.op.eNodeB.limit=2\r
+clamp.config.op.eNodeB.period=10s\r
+#\r
+# Sdc service properties\r
+clamp.config.sdc.catalog.url=http://sdc.api.simpledemo.onap.org:8080/sdc/v1/catalog/\r
+clamp.config.sdc.hostUrl=http://sdc.api.simpledemo.onap.org:8080\r
+clamp.config.sdc.serviceUrl=http://sdc.api.simpledemo.onap.org:8080/sdc/v1/catalog/services\r
+clamp.config.sdc.serviceUsername=clamp\r
+clamp.config.sdc.servicePassword=b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981\r
+clamp.config.sdc.artifactLabel=blueprintclampcockpit\r
+clamp.config.sdc.sdcX-InstanceID=CLAMP\r
+clamp.config.sdc.artifactType=DCAE_INVENTORY_BLUEPRINT\r
+clamp.config.sdc.locationArtifactLabel=locationclampcockpit\r
+clamp.config.sdc.locationArtifactType=DCAE_INVENTORY_JSON\r
+clamp.config.sdc.InstanceID=X-ECOMP-InstanceID\r
+clamp.config.sdc.header.requestId = X-ECOMP-RequestID\r
+#\r
+clamp.config.sdc.csarFolder = /tmp/sdc-controllers\r
+clamp.config.sdc.blueprint.parser.mapping = classpath:/clds/blueprint-parser-mapping.json\r
+#\r
+clamp.config.ui.location.default=classpath:/clds/templates/ui-location-default.json\r
+clamp.config.ui.alarm.default=classpath:/clds/templates/ui-alarm-default.json\r
+#\r
+# if action.test.override is true, then any action will be marked as test=true (even if incoming action request had test=false); otherwise, test flag will be unchanged on the action request\r
+clamp.config.action.test.override=false\r
+# if action.insert.test.event is true, then insert event even if the action is set to test\r
+clamp.config.action.insert.test.event=false\r
+clamp.config.clds.service.cache.invalidate.after.seconds=120\r
+\r
+#DCAE Inventory Url Properties\r
+clamp.config.dcae.inventory.url=http://dcae.api.simpledemo.onap.org:8080\r
+clamp.config.dcae.intentory.retry.interval=10000\r
+clamp.config.dcae.intentory.retry.limit=3\r
+\r
+#DCAE Dispatcher Url Properties\r
+clamp.config.dcae.dispatcher.url=http://dcae.api.simpledemo.onap.org:8080\r
+clamp.config.dcae.header.requestId = X-ECOMP-RequestID\r
+\r
+clamp.config.security.permission.instance=dev\r
+\r
+#AAF related parameters\r
+clamp.config.security.permission.type.cl=org.onap.clamp.clds.cl\r
+clamp.config.security.permission.type.cl.manage=org.onap.clamp.clds.cl.manage\r
+clamp.config.security.permission.type.cl.event=org.onap.clds.cl.event\r
+clamp.config.security.permission.type.filter.vf=org.onap.clamp.clds.filter.vf\r
+clamp.config.security.permission.type.template=org.onap.clamp.clds.template\r
+\r
### (See below for the parameter 'server.http.port' if you want to have both enabled)\r
### To have only HTTP, keep the lines server.ssl.* commented\r
### To have only HTTPS enabled, uncomment the server.ssl.* lines and specify a right keystore location\r
-server.port=8080\r
+### server.port=8080\r
### Settings for HTTPS (this automatically enables the HTTPS on the port 'server.port')\r
#server.ssl.key-store=file:/tmp/mykey.jks\r
#server.ssl.key-store-password=pass\r
\r
### HTTP (Redirected to HTTPS) and HTTPS Example:\r
### --------------------------------------------\r
-### server.port=8443 <-- The HTTPS port\r
-### server.ssl.key-store=file:/tmp/mykey.jks\r
-### server.ssl.key-store-password=mypass\r
-### server.ssl.key-password=mypass\r
-### server.http-to-https-redirection.port=8090 <-- The HTTP port\r
+server.port=8443\r
+server.ssl.client-auth=want\r
+server.ssl.key-store=file:/opt/clamp/config/clamp@clamp.onap.org.p12\r
+server.ssl.key-store-password=China in the Spring\r
+server.ssl.key-password=China in the Spring\r
+server.ssl.key-store-type=PKCS12\r
+server.ssl.trust=/opt/clamp/config/truststoreONAP.p12\r
+server.ssl.trust-pass=changeit\r
+server.ssl.trust-type=PKCS12\r
+server.ssl.key-alias=clamp@clamp.onap.org\r
+server.http-to-https-redirection.port=8080\r
\r
server.contextPath=/\r
#Modified engine-rest applicationpath\r
-spring.profiles.active=clamp-default,clamp-spring-authentication,clamp-sdc-controller\r
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller\r
\r
#The max number of active threads in this pool\r
server.tomcat.max-threads=200\r
clamp.config.dcae.header.requestId = X-ECOMP-RequestID\r
\r
#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case !\r
-clamp.config.security.permission.type.cl=permission-type-cl\r
-clamp.config.security.permission.type.cl.manage=permission-type-cl-manage\r
-clamp.config.security.permission.type.cl.event=permission-type-cl-event\r
-clamp.config.security.permission.type.filter.vf=permission-type-filter-vf\r
-clamp.config.security.permission.type.template=permission-type-template\r
+clamp.config.security.permission.type.cl=org.onap.clamp.clds.cl\r
+clamp.config.security.permission.type.cl.manage=org.onap.clamp.clds.cl.manage\r
+clamp.config.security.permission.type.cl.event=org.onap.clds.cl.event\r
+clamp.config.security.permission.type.filter.vf=org.onap.clamp.clds.filter.vf\r
+clamp.config.security.permission.type.template=org.onap.clamp.clds.template\r
#This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties\r
clamp.config.security.permission.instance=dev\r
+\r
+#AAF related parameters\r
+clamp.config.cadi.keyFile=/opt/clamp/config/org.onap.clamp.keyfile\r
+clamp.config.cadi.cadiLoglevel=INFO\r
+clamp.config.cadi.cadiLatitude=37.78187\r
+clamp.config.cadi.cadiLongitude=-122.26147\r
+clamp.config.cadi.aafLocateUrl=https://aaf-onap-beijing-test.osaaf.org\r
+clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs\r
+clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf\r
+#clamp.config.cadi.oauthTokenUrl=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token\r
+#clamp.config.cadi.oauthIntrospectUrll=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect\r
+clamp.config.cadi.aafEnv=DEV\r
+clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0\r
+clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US\r
--- /dev/null
+HTQLJHUg5Du0VM7wHY5cBMTgupk6ujhSoAgx5BTHp9wt9CoWvD72ScIciyldEH9R2QZIL9ZvpVo0
+h2o-hSQueaVjPcIFUhVIl4HWmNC6I2YAlNkwy3VMl1g9otKaOTgo3ChsFUVq7ACIrcr2977wo4B_
+FeHa0lInuaLoEjHMP1fszTWYBBx9oY3K9s-9MQQyCo6bFV-4L733sPeE60j20FWoygUwvIqxp3Pc
+Bmnm1AtcrhGH0elqDg9qNjmnmC3gxZaGpGiclaEds_lVu57RIXwtTHgYyMbJzfP-Ziq3T7i8d-h3
+JZThj1l9JvDLYm2z0BEXuQ3Owvn4m98cWB9P5esJOKYEvsfIGK_Fd6uT04fzkeDT1wNV4-Swuorr
+ymZQxnvHbUAp91NJEa3EtWTuBxNeoqV0cw97WkAYn95pgjH4ZVhBdczclS-EStFJyYOHtTRAs1A_
+8i36GiuUPHn3KolkRF2GvtZfwNj5AYfcUKhqULJ-T_is2KKYnGwQ2iaItX2852o4zlzkMXFMkt5C
+qbsDmrU7F5zxn4HG6yShW5sIXgAcS9cyIs8IFgHtkYauDJlKZWynhzqibh3-bzPyfFmreTHxQ-Av
+Lgp5sAtf1B9_1feVyE78bmQ3IMtxE-YkV8RYPDJzKw0nIdjce7j89azNq_as5JMfCCHSlYcKRs8O
+Nrh8gXYun28iUL_kwEUWK0WohPgwQBb46_Hkc6a0aSYbuFA_7qgprPB9wmAlHtuqnCAb2vk8GT-h
+07DB6yPGgzE-OgXUzLIWHXVzPO6SjOg3ifYpCRigOsNqkV1paBBOzje7dn2RnpgaRJS3zupTMnqF
+g5N9qCgubxRlII626-Dc_i5X1OAWPzJK8UZPuxRAg3YVJNHluB3O0Q2Uo14RkO3a2Tn_Ce9XoTUJ
+Jqi_qZWytIB9sHMNM7KvcRxGedLqd_230O3zV7rTa4Up0BFoMyHmnf2SZu96x_Yz_n_AWhiaALvE
+ON_nTxPEOHfEfrNzo7pCwIaI5gM6eu_S24aZTf4L-5tekqH7l1PEbKr2QP4XfTZBN4FgNExgGpzG
+the3zv4k7hJeWe7GbtMmnZXIQUJkZVTHBwqvHkqtN9cBWpihCNVmI3zKq6Bsy6Us0SDZ686kpeVS
+s9eyrzj6uLPE65mQxCpoMt6G4HSjzMqA3HOX_7ixBBhtdVi5-X7NeTigr-uaZg67yP3cSikfFf9w
+dyFuMjg29jtlaTNzOov8HFrcLq01N3fpwDkSU_2TmLndU-FMat78CMCLW5QuS1KF3hC9T8wzKWS_
+WHK2oMA3SqWyqnj_cE_T4Ql_VKL3nkvf_bzTvLso_BWodUw2A-eO-1qjtCHp3nnTdSVH06E3_eRH
+BuKWEt0MLyNpm88OD0tgOC3fn7casioynQLoFatta5nlQfj4nsAXj2bD6CrohtDhjOKXqHxDU6s7
+adtNoBGyEK5FKy3HtHMC7KXsK_6wbYUluz93nCNMok696HIHojNUydGFqfr2HluQTi0S3uHnD_pS
+-QM8DbsFi8oIztn6Er4CFFJQ-tUuDyX6ahfY5gWLqCgRM7RzrkoHY7b4vkHxZTBLZlPGWfRtG0vc
+GTSqIRNI2Z_Zte5-wW7T9vfFVBsArF0SJWOrlUqf7fGN1_2H9B9aIpLEMaHF7EEp1OP6_SNnfuhB
+K31EFy0VW0eGnLezpd3HT540kznub7h_m6phZaqeZJxsle9jHEOS7qDc3T6s1hZ7DLK2Ej5RFuq8
+5LA9Cj5VrdejKMZKZJwmyWylLe224RyY4gDa0MB_lDAeC-YFdY2ClymYRJmclFFSWf7X1j5beQve
+xGbsXJaWZcJpahpFu4RR-kOOyZBLPsdiyOZ7PGXz83l35NiXabmRapgjve1t7NFSuRluafihc0Lg
+GKoz_-3YAFJmh4Z3bcCsz1WhCUYqzWyDsnZiD7sMQT7Oyje7RqzoxBZs5Ke1_0jtpgFrc7BcqHG7
+WpwJr6hg53o3BpWcUEopBomhbdxiDSLxZmDrePy9LDC7YNk_7-gVKIc7dZDMgw6kSRR330p0
\ No newline at end of file
"password":"$2a$10$H/e21kl04Dw9C978CHuM7OewyMGUN5WGzAAx7SgIaR4ix8.wTcssi",
"permissions":
[
- "permission-type-cl|dev|read",
- "permission-type-cl|dev|update",
- "permission-type-cl-manage|dev|*",
- "permission-type-filter-vf|dev|*",
- "permission-type-template|dev|read"
+ "org.onap.clamp.clds.cl|dev|read",
+ "org.onap.clamp.clds.cl|dev|update",
+ "org.onap.clamp.clds.cl.manage|dev|*",
+ "org.onap.clamp.clds.filter.vf|dev|*",
+ "org.onap.clamp.clds.template|dev|read",
+ "org.onap.clamp.clds.template|dev|update"
]
},
{
"password":"$2a$10$H/e21kl04Dw9C978CHuM7OewyMGUN5WGzAAx7SgIaR4ix8.wTcssi",
"permissions":
[
- "permission-type-cl|dev|read",
- "permission-type-cl|dev|update",
- "permission-type-cl-manage|dev|*",
- "permission-type-filter-vf|dev|*",
- "permission-type-template|dev|read",
- "permission-type-template|dev|update"
+ "org.onap.clamp.clds.cl|dev|read",
+ "org.onap.clamp.clds.cl|dev|update",
+ "org.onap.clamp.clds.cl.manage|dev|*",
+ "org.onap.clamp.clds.filter.vf|dev|*",
+ "org.onap.clamp.clds.template|dev|read",
+ "org.onap.clamp.clds.template|dev|update"
]
}
]
<queueSize>256</queueSize>
<appender-ref ref="SECURITY" />
</appender>
-
+ <!-- AAF related loggers -->
+ <logger name="org.onap.aaf" level="INFO" additivity="true">
+ <appender-ref ref="DEBUG" />
+ </logger>
+ <logger name="org.apache.catalina.core" level="INFO" additivity="true">
+ <appender-ref ref="DEBUG" />
+ </logger>
<!-- CLDS related loggers -->
<logger name="org.onap.clamp.clds" level="INFO" additivity="true">
<appender-ref ref="ERROR" />
Code Review / policy / clamp.git / commitdiff