# See the License for the specific language governing permissions and
# limitations under the License.
#-------------------------------------------------------------------------------
+aaf.urls=https://aaf-onap-test.osaaf.org:8095
+aaf.user.role.properties=src/main/resources/aaf/AAFUserRoles.properties
+aaf.enabled=true
+aaf.namespace=org.onap.oof
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import java.util.ArrayList;\r
+import org.onap.optf.ticketmgt.SpringProfiles;\r
+import org.onap.optf.ticketmgt.aaf.AafClientCache.AuthorizationResult;\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.context.annotation.Profile;\r
+import org.springframework.core.env.Environment;\r
+import org.springframework.security.authentication.AuthenticationProvider;\r
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\r
+import org.springframework.security.core.Authentication;\r
+import org.springframework.security.core.AuthenticationException;\r
+import org.springframework.security.web.authentication.WebAuthenticationDetails;\r
+import org.springframework.stereotype.Component;\r
+\r
+@Component\r
+@Profile(SpringProfiles.AAF_AUTHENTICATION)\r
+public class AafAuthProvider implements AuthenticationProvider {\r
+\r
+ @Autowired\r
+ Environment env;\r
+\r
+ @Autowired\r
+ AafClientCache clientCache;\r
+\r
+ @Override\r
+ public Authentication authenticate(Authentication authentication) throws AuthenticationException {\r
+ String name = authentication.getName();\r
+ String password = authentication.getCredentials().toString();\r
+ String sessionId = null;\r
+ Object details = authentication.getDetails();\r
+ if (details instanceof WebAuthenticationDetails) {\r
+ WebAuthenticationDetails webAuthDetails = (WebAuthenticationDetails) details;\r
+ if (webAuthDetails.getSessionId() != null) {\r
+ sessionId = webAuthDetails.getRemoteAddress() + ":" + webAuthDetails.getSessionId();\r
+ }\r
+ }\r
+ if (env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true)) {\r
+ if (clientCache.authenticate(name, password, sessionId) != AuthorizationResult.Authenticated) {\r
+ return null;\r
+ }\r
+ }\r
+ return new UsernamePasswordAuthenticationToken(name, password, new ArrayList<>());\r
+\r
+ }\r
+\r
+ @Override\r
+ public boolean supports(Class<?> authentication) {\r
+ return authentication.equals(UsernamePasswordAuthenticationToken.class);\r
+ }\r
+}\r
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * org.onap.optf.cmso
- * ================================================================================
- * Copyright © 2019 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.optf.ticketmgt.aaf;
-
-import java.io.IOException;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.onap.observations.Observation;
-import org.onap.optf.cmso.common.exceptions.CmsoException;
-import org.onap.optf.ticketmgt.SpringProfiles;
-import org.onap.optf.ticketmgt.common.LogMessages;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
-import org.springframework.context.annotation.Profile;
-import org.springframework.context.annotation.PropertySource;
-import org.springframework.stereotype.Component;
-
-/**
- * AAF authorization filter.
- */
-
-@Component
-@Profile(SpringProfiles.AAF_AUTHENTICATION)
-@PropertySource("file:${server.local.startpath}/aaf/permissions.properties")
-public class AafAuthorizationFilter extends OrderedRequestContextFilter {
-
- @Value("${permission.type}")
- String type;
-
- @Value("${permission.instance}")
- String instance;
-
- /**
- * Instantiates a new aaf authorization filter.
- */
- public AafAuthorizationFilter() {
- this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority());
-
-
- }
-
- @Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
- throws IOException, ServletException {
- String permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase());
- if (request.getRequestURI().matches("^.*/util/echo$")) {
- filterChain.doFilter(request, response);
- }
- if (!request.isUserInRole(permission)) {
- Observation.report(LogMessages.UNAUTHORIZED);
- ResponseFormatter.errorResponse(request, response,
- new CmsoException(LogMessages.UNAUTHORIZED.getStatus(), LogMessages.UNAUTHORIZED, ""));
- } else {
- filterChain.doFilter(request, response);
- }
- }
-}
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import com.att.eelf.configuration.EELFLogger;\r
+import com.att.eelf.configuration.EELFManager;\r
+import java.net.UnknownHostException;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+import java.util.Map;\r
+import javax.ws.rs.ProcessingException;\r
+import javax.ws.rs.client.Client;\r
+import javax.ws.rs.client.ClientBuilder;\r
+import javax.ws.rs.client.Invocation;\r
+import javax.ws.rs.client.WebTarget;\r
+import javax.ws.rs.core.MediaType;\r
+import javax.ws.rs.core.Response;\r
+import javax.ws.rs.core.Response.Status;\r
+import org.onap.observations.Mdc;\r
+import org.onap.observations.Observation;\r
+import org.onap.optf.cmso.common.BasicAuthenticatorFilter;\r
+import org.onap.optf.cmso.common.PropertiesManagement;\r
+import org.onap.optf.cmso.common.exceptions.CmsoException;\r
+import org.onap.optf.ticketmgt.SpringProfiles;\r
+import org.onap.optf.ticketmgt.aaf.AafEndpoints.Endpoint;\r
+import org.onap.optf.ticketmgt.common.LogMessages;\r
+import org.onap.optf.ticketmgt.filters.CmsoClientFilters;\r
+import org.onap.optf.ticketmgt.service.rs.models.HealthCheckComponent;\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.context.annotation.Profile;\r
+import org.springframework.core.env.Environment;\r
+import org.springframework.stereotype.Component;\r
+\r
+@Component\r
+@Profile(SpringProfiles.AAF_AUTHENTICATION)\r
+public class AafClient {\r
+ private static EELFLogger debug = EELFManager.getInstance().getDebugLogger();\r
+\r
+ @Autowired\r
+ Environment env;\r
+\r
+ @Autowired\r
+ PropertiesManagement pm;\r
+\r
+ @Autowired\r
+ AafEndpoints aafEndpoints;\r
+\r
+ /**\r
+ * Gets the authz.\r
+ *\r
+ * @param auth the auth\r
+ * @return the authz\r
+ * @throws CmsoException the cmso exception\r
+ */\r
+ public Response getAuthz(Map<String, String> auth) throws CmsoException {\r
+ Response response = null;\r
+ List<String> endpoints = new ArrayList<>();\r
+ String url = aafEndpoints.getEndpoint(Endpoint.AUTHZ, endpoints);\r
+ String user = auth.get("user");\r
+ if (!user.contains("@")) {\r
+ user += env.getProperty(AafProperties.aafDefaultUserDomain.toString(), "@csp.att.com");\r
+ }\r
+ String pass = auth.get("password");\r
+ while (url != null) {\r
+ try {\r
+ // Cannot provide changeId. Interesting.\r
+ // This should be replaced by fetch\r
+ // For now, make a best effort to get the passed changeId\r
+ if (!url.endsWith("/")) {\r
+ url += "/";\r
+ }\r
+ url += user;\r
+ response = get(url, user, pass);\r
+ return response;\r
+ } catch (ProcessingException e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.toString());\r
+ url = aafEndpoints.getNextEndpoint(Endpoint.AUTHZ, endpoints);\r
+ if (url == null || !tryNextUrl(e)) {\r
+ throw new CmsoException(Status.INTERNAL_SERVER_ERROR, LogMessages.UNEXPECTED_EXCEPTION, user,\r
+ e.getMessage());\r
+ }\r
+ } catch (Exception e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.toString());\r
+ throw new CmsoException(Status.INTERNAL_SERVER_ERROR, LogMessages.UNEXPECTED_EXCEPTION, user,\r
+ e.getMessage());\r
+ }\r
+ }\r
+ return response;\r
+ }\r
+\r
+ /**\r
+ * Gets the.\r
+ *\r
+ * @param url the url\r
+ * @param user the user\r
+ * @param pass the pass\r
+ * @return the response\r
+ */\r
+ public Response get(String url, String user, String pass) {\r
+ Client client = ClientBuilder.newClient();\r
+ client.register(new BasicAuthenticatorFilter(user, pass));\r
+ client.register(new CmsoClientFilters());\r
+ WebTarget target = client.target(url);\r
+ Invocation.Builder invocationBuilder = target.request(MediaType.APPLICATION_JSON);\r
+ debug.debug("AAF URL = " + url);\r
+ Response response = invocationBuilder.get();\r
+ debug.debug("AAF URL = " + url + " user=" + user + ":" + response.getStatusInfo().toString());\r
+ return response;\r
+ }\r
+\r
+ private boolean tryNextUrl(ProcessingException exc) {\r
+ if (exc.getCause() instanceof UnknownHostException) {\r
+ return true;\r
+ }\r
+ return true;\r
+ }\r
+\r
+ /**\r
+ * Health check.\r
+ *\r
+ * @return the health check component\r
+ */\r
+ public HealthCheckComponent healthCheck() {\r
+ Map<String, String> mdcSave = Mdc.save();\r
+ HealthCheckComponent hcc = new HealthCheckComponent();\r
+ hcc.setName("AAF");\r
+ hcc.setHealthy(false);\r
+ List<String> endpoints = new ArrayList<>();\r
+ try {\r
+ String url = aafEndpoints.getEndpoint(AafEndpoints.Endpoint.HEALTHCHECK, endpoints);\r
+ String user = "";\r
+ String pass = "";\r
+\r
+ while (url != null) {\r
+ try {\r
+ hcc.setUrl(url);\r
+ Response response = get(url, user, pass);\r
+ hcc.setHealthy(true);\r
+ hcc.setStatus(response.getStatusInfo().toString());\r
+ } catch (ProcessingException e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.toString());\r
+ url = aafEndpoints.getNextEndpoint(AafEndpoints.Endpoint.HEALTHCHECK, endpoints);\r
+ if (url == null || !tryNextUrl(e)) {\r
+ hcc.setStatus(e.getMessage());\r
+ }\r
+ } catch (Exception e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.toString());\r
+ hcc.setStatus(e.getMessage());\r
+ }\r
+ }\r
+ } finally {\r
+ Mdc.restore(mdcSave);\r
+ }\r
+ return hcc;\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property. Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except\r
+ * in compliance with the License. You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software distributed under the License\r
+ * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express\r
+ * or implied. See the License for the specific language governing permissions and limitations under\r
+ * the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed under the Creative\r
+ * Commons License, Attribution 4.0 Intl. (the "License"); you may not use this documentation except\r
+ * in compliance with the License. You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation distributed under the\r
+ * License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either\r
+ * express or implied. See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ */\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import com.att.eelf.configuration.EELFLogger;\r
+import com.att.eelf.configuration.EELFManager;\r
+import com.fasterxml.jackson.databind.ObjectMapper;\r
+import java.security.Principal;\r
+import java.util.HashMap;\r
+import java.util.List;\r
+import java.util.Map;\r
+import javax.ws.rs.container.ContainerRequestContext;\r
+import javax.ws.rs.core.Response;\r
+import javax.xml.bind.DatatypeConverter;\r
+import org.onap.observations.Observation;\r
+import org.onap.optf.ticketmgt.SpringProfiles;\r
+import org.onap.optf.ticketmgt.common.LogMessages;\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.context.annotation.Profile;\r
+import org.springframework.core.env.Environment;\r
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;\r
+import org.springframework.security.web.authentication.WebAuthenticationDetails;\r
+import org.springframework.stereotype.Component;\r
+\r
+/**\r
+ * The Class AafClientCache.\r
+ */\r
+@Component\r
+@Profile(SpringProfiles.AAF_AUTHENTICATION)\r
+public class AafClientCache {\r
+ private static EELFLogger debug = EELFManager.getInstance().getDebugLogger();\r
+\r
+ @Autowired\r
+ Environment env;\r
+\r
+ @Autowired\r
+ AafClient aafClient;\r
+\r
+ @Autowired\r
+ AafUserRoleProperties aafUserRoleProperties;\r
+\r
+ public enum AuthorizationResult {\r
+\r
+ Authorized(0), AuthenticationFailure(401), AuthorizationFailure(403), Authenticated(0),;\r
+ private final int status;\r
+\r
+ AuthorizationResult(int status) {\r
+ this.status = status;\r
+ }\r
+\r
+ public int getStatus() {\r
+ return status;\r
+ }\r
+ }\r
+\r
+ private Map<String, String> cache = new HashMap<>();\r
+ private Long cacheAge = 0L;\r
+\r
+ /**\r
+ * Authorize.\r
+ *\r
+ * @param requestContext the request context\r
+ * @return the authorization result\r
+ */\r
+ public AuthorizationResult authorize(ContainerRequestContext requestContext) {\r
+ if (!env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true)) {\r
+ return AuthorizationResult.Authorized;\r
+ }\r
+ Map<String, String> auth = getUserPasssword(requestContext);\r
+ String permissions = getPermissions(auth);\r
+ if (permissions == null) {\r
+ return AuthorizationResult.AuthenticationFailure;\r
+ }\r
+ return processPermissions(auth, permissions);\r
+ }\r
+\r
+ /**\r
+ * Authenticate.\r
+ *\r
+ * @param user the user\r
+ * @param password the password\r
+ * @param sessionId the session id\r
+ * @return the authorization result\r
+ */\r
+ public AuthorizationResult authenticate(String user, String password, String sessionId) {\r
+ Map<String, String> auth = new HashMap<>();\r
+ auth.put("user", user);\r
+ auth.put("password", password);\r
+ if (sessionId != null) {\r
+ auth.put("sessionId", sessionId);\r
+ }\r
+ if (getPermissions(auth) == null) {\r
+ return AuthorizationResult.AuthenticationFailure;\r
+ }\r
+ return AuthorizationResult.Authenticated;\r
+ }\r
+\r
+\r
+ private String getPermissions(Map<String, String> auth) {\r
+ long now = System.currentTimeMillis();\r
+ Long timeout = env.getProperty(AafProperties.aafCacheTimeout.toString(), Long.class, 300L);\r
+ String permissions = null;\r
+ // Do caching logic\r
+ // Serializes calls to AAF\r
+ // We will not cache authentication failures...\r
+ synchronized (cache) {\r
+ debug.debug("AAF cache now=" + now + ", cacheAge=" + cacheAge + " timeout=" + timeout);\r
+ if (cacheAge != 0 && now > (cacheAge + (timeout * 1000))) {\r
+ debug.debug("Clearing the AAF cache now=" + now + ", cacheAge=" + cacheAge + " timeout=" + timeout);\r
+ cache.clear();\r
+ cacheAge = now;\r
+ }\r
+ if (cacheAge == 0) {\r
+ cacheAge = now;\r
+ }\r
+ permissions = cache.get(getCacheKey(auth));\r
+ if (permissions == null) {\r
+ if (!auth.get("password").equals("")) {\r
+ permissions = getPermissionsFromAaf(auth);\r
+ if (permissions != null) {\r
+ cache.put(getCacheKey(auth), permissions);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return permissions;\r
+ }\r
+\r
+ private String getCacheKey(Map<String, String> auth) {\r
+ if (auth.get("sessionId") != null) {\r
+ return auth.get("user") + "|" + auth.get("sessionId");\r
+ }\r
+ return auth.get("user") + "|" + auth.get("password");\r
+ }\r
+\r
+\r
+ private String getPermissionsFromAaf(Map<String, String> auth) {\r
+ try {\r
+ Response response = aafClient.getAuthz(auth);\r
+ debug.debug("AAF authorization: " + response.getStatusInfo().toString());\r
+ switch (response.getStatus()) {\r
+ case 200:\r
+ String permissions = response.readEntity(String.class);\r
+ return permissions;\r
+ case 401:\r
+ return null;\r
+ default:\r
+ Observation.report(LogMessages.UNEXPECTED_RESPONSE, "AAF", response.getStatusInfo().toString(),\r
+ auth.get("user"));\r
+ }\r
+ } catch (Exception e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.getMessage());\r
+ }\r
+ return null;\r
+ }\r
+\r
+ private AuthorizationResult processPermissions(Map<String, String> auth, String permissions) {\r
+ try {\r
+ List<AafUserRole> perms = aafUserRoleProperties.getForUrlMethod(auth.get("path"), auth.get("method"));\r
+ ObjectMapper om = new ObjectMapper();\r
+ AafPermResponse resp = om.readValue(permissions, AafPermResponse.class);\r
+ int tested = 0;\r
+ int passed = 0;\r
+ for (AafUserRole perm : perms) {\r
+ for (AafPerm test : perm.getAafPerms()) {\r
+ tested++;\r
+ for (AafPerm userPerm : resp.getPerm()) {\r
+\r
+ if (test.ok(userPerm)) {\r
+ passed++;\r
+ break;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ // All permissions must be OK\r
+ if (tested > 0 && tested == passed) {\r
+ return AuthorizationResult.Authorized;\r
+ } else {\r
+ return AuthorizationResult.AuthorizationFailure;\r
+ }\r
+ } catch (Exception e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.getMessage());\r
+ }\r
+ return AuthorizationResult.AuthenticationFailure;\r
+ }\r
+\r
+ private Map<String, String> getUserPasssword(ContainerRequestContext requestContext) {\r
+\r
+ String header = requestContext.getHeaderString("Authorization");\r
+ Map<String, String> userPassword = getUserPasswordFromAuthorizationHeader(header);\r
+ // Add other stuff....\r
+ userPassword.put("path", requestContext.getUriInfo().getAbsolutePath().getPath());\r
+ userPassword.put("method", requestContext.getMethod());\r
+ Principal principal = requestContext.getSecurityContext().getUserPrincipal();\r
+ if (principal instanceof UsernamePasswordAuthenticationToken) {\r
+ UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) principal;\r
+ Object object = token.getDetails();\r
+ if (object instanceof WebAuthenticationDetails) {\r
+ WebAuthenticationDetails details = (WebAuthenticationDetails) object;\r
+ if (details.getSessionId() != null) {\r
+ String sessionId = details.getRemoteAddress() + ":" + details.getSessionId();\r
+ userPassword.put("sessionId", sessionId);\r
+ userPassword.put("user", token.getName());\r
+ }\r
+\r
+ }\r
+ }\r
+ return userPassword;\r
+ }\r
+\r
+ private Map<String, String> getUserPasswordFromAuthorizationHeader(String header) {\r
+ Map<String, String> userPassword = new HashMap<>();\r
+ userPassword.put("user", "");\r
+ userPassword.put("password", "");\r
+ if (header != null) {\r
+ String[] auth = header.split("Basic ");\r
+ if (auth.length == 2) {\r
+ String token = getToken(auth[1]);\r
+ if (token.contains(":")) {\r
+ String[] tokens = token.split(":");\r
+ userPassword.put("user", tokens[0]);\r
+ if (tokens.length == 2) {\r
+ userPassword.put("password", tokens[1]);\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return userPassword;\r
+ }\r
+\r
+ private String getToken(String auth) {\r
+ try {\r
+ String token = new String(DatatypeConverter.parseBase64Binary(auth));\r
+ return token;\r
+ } catch (Exception e) {\r
+ return auth;\r
+ }\r
+ }\r
+\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import java.io.IOException;\r
+import javax.annotation.Priority;\r
+import javax.ws.rs.WebApplicationException;\r
+import javax.ws.rs.container.ContainerRequestContext;\r
+import javax.ws.rs.container.ContainerRequestFilter;\r
+import javax.ws.rs.core.Response;\r
+import javax.ws.rs.core.Response.ResponseBuilder;\r
+import javax.ws.rs.ext.Provider;\r
+import org.onap.observations.Observation;\r
+import org.onap.optf.ticketmgt.SpringProfiles;\r
+import org.onap.optf.ticketmgt.aaf.AafClientCache.AuthorizationResult;\r
+import org.onap.optf.ticketmgt.common.LogMessages;\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.context.annotation.Profile;\r
+import org.springframework.stereotype.Component;\r
+\r
+@Priority(1)\r
+@Provider\r
+@Component\r
+@Profile(SpringProfiles.AAF_AUTHENTICATION)\r
+public class AafContainerFilters implements ContainerRequestFilter {\r
+\r
+ @Autowired\r
+ AafClientCache aafClientCache;\r
+\r
+ @Override\r
+ public void filter(ContainerRequestContext requestContext) throws IOException {\r
+ ResponseBuilder builder = null;\r
+ AuthorizationResult status = null;\r
+ try {\r
+ status = aafClientCache.authorize(requestContext);\r
+ } catch (Exception e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.getMessage());\r
+ status = AuthorizationResult.AuthenticationFailure;\r
+ }\r
+ switch (status) {\r
+ case AuthenticationFailure:\r
+ builder = Response.status(Response.Status.UNAUTHORIZED).entity("");\r
+ builder.header("WWW-Authenticate", "Basic realm=\"Realm\"");\r
+ throw new WebApplicationException(builder.build());\r
+ case AuthorizationFailure:\r
+ builder = Response.status(Response.Status.FORBIDDEN).entity("");\r
+ throw new WebApplicationException(builder.build());\r
+ case Authorized:\r
+ case Authenticated:\r
+ default:\r
+ }\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.core.env.Environment;\r
+import org.springframework.stereotype.Component;\r
+\r
+/**\r
+ * Intent is to use AAF vanity URL however, this allows us to support a list of URLs.\r
+ *\r
+ */\r
+@Component\r
+public class AafEndpoints extends BaseEndpoints {\r
+\r
+ @Autowired\r
+ Environment env;\r
+\r
+ public enum Endpoint implements EndpointInterface {\r
+ AUTHZ(AafProperties.aafAuthzPath, "/authz/perms/user/"), HEALTHCHECK(AafProperties.aafHealthCheckPath, "/"),;\r
+\r
+ private final AafProperties pathName;\r
+ private final String defaultPath;\r
+\r
+ private Endpoint(AafProperties pathname, String defaultPath) {\r
+ this.pathName = pathname;\r
+ this.defaultPath = defaultPath;\r
+ }\r
+\r
+ @Override\r
+ public AafProperties getPathName() {\r
+ return pathName;\r
+ }\r
+\r
+ @Override\r
+ public String defaultPath() {\r
+ return defaultPath;\r
+ }\r
+\r
+ @Override\r
+ public EndpointInterface[] getValues() {\r
+ return Endpoint.values();\r
+ }\r
+ }\r
+}\r
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * org.onap.optf.cmso
- * ================================================================================
- * Copyright © 2019 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.optf.ticketmgt.aaf;
-
-import java.io.IOException;
-import java.util.Properties;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.filter.CadiFilter;
-import org.onap.observations.Observation;
-import org.onap.optf.cmso.common.exceptions.CmsoException;
-import org.onap.optf.ticketmgt.Application;
-import org.onap.optf.ticketmgt.SpringProfiles;
-import org.onap.optf.ticketmgt.common.LogMessages;
-import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
-import org.springframework.context.annotation.Profile;
-import org.springframework.stereotype.Component;
-
-/**
- * AAF authentication filter.
- */
-
-@Component
-@Profile(SpringProfiles.AAF_AUTHENTICATION)
-public class AafFilter extends OrderedRequestContextFilter {
-
- private final CadiFilter cadiFilter;
-
- /**
- * Instantiates a new aaf filter.
- *
- * @throws IOException Signals that an I/O exception has occurred.
- * @throws ServletException the servlet exception
- */
- public AafFilter() throws IOException, ServletException {
- Properties cadiProperties = new Properties();
- cadiProperties.load(Application.class.getClassLoader().getResourceAsStream("cadi.properties"));
- cadiFilter = new CadiFilter(new PropAccess(cadiProperties));
- this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority());
- }
-
- @Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
- throws IOException, ServletException {
- if (!request.getRequestURI().matches("^.*/util/echo$")) {
- cadiFilter.doFilter(request, response, filterChain);
- if (response.getStatus() >= 400 && response.getStatus() < 500) {
- Observation.report(LogMessages.UNAUTHENTICATED);
- ResponseFormatter.errorResponse(request, response, new CmsoException(
- LogMessages.UNAUTHENTICATED.getStatus(), LogMessages.UNAUTHENTICATED, ""));
- }
- } else {
- filterChain.doFilter(request, response);
- }
- }
-
-
-}
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import java.util.HashSet;\r
+import java.util.Set;\r
+\r
+\r
+public class AafPerm {\r
+ private String type;\r
+ private String instance;\r
+ private String action;\r
+ private Set<String> actions = new HashSet<>();\r
+\r
+ public String getAction() {\r
+ return action;\r
+ }\r
+\r
+ /**\r
+ * Initialize the actions.\r
+ *\r
+ * @param action action list\r
+ */\r
+ public void setAction(String action) {\r
+ this.action = action;\r
+ String[] list = action.split(",");\r
+ for (String a : list) {\r
+ actions.add(a);\r
+ }\r
+ }\r
+\r
+ public String getType() {\r
+ return type;\r
+ }\r
+\r
+ public void setType(String type) {\r
+ this.type = type;\r
+ }\r
+\r
+ public String getInstance() {\r
+ return instance;\r
+ }\r
+\r
+ public void setInstance(String instance) {\r
+ this.instance = instance;\r
+ }\r
+\r
+ public Set<String> getActions() {\r
+ return actions;\r
+ }\r
+\r
+ public void setActions(Set<String> actions) {\r
+ this.actions = actions;\r
+ }\r
+\r
+ /**\r
+ * Are permissions ok.\r
+ *\r
+ * @param userPerm user permissions\r
+ * @return true = permissions ok\r
+ */\r
+ public boolean ok(AafPerm userPerm) {\r
+ if (type.equals(userPerm.getType())) {\r
+ if (userPerm.getInstance().equals("*") || instance.equals("*") || userPerm.getInstance().equals(instance)) {\r
+ for (String userAction : userPerm.getActions()) {\r
+ if (userAction.equals("*") || actions.contains("*") || actions.contains(userAction)) {\r
+ return true;\r
+ }\r
+ }\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import java.util.List;\r
+\r
+public class AafPermResponse {\r
+ private List<AafPerm> perm;\r
+\r
+ public List<AafPerm> getPerm() {\r
+ return perm;\r
+ }\r
+\r
+ public void setPerm(List<AafPerm> list) {\r
+ this.perm = list;\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+public enum AafProperties {\r
+ mechidUser("mechid.user"), mechidPass("mechid.pass"), aafUrls("aaf.urls"), aafAuthzPath(\r
+ "aaf.path.authz"), aafHealthCheckPath("aaf.path.healthcheck"), aafCacheTimeout(\r
+ "aaf.cache.timeout"), aafUserRoleProperties(\r
+ "aaf.user.role.properties"), aafDefaultUserDomain(\r
+ "aaf.default.user.domain"), aafEnabled(\r
+ "aaf.enabled"), aafNamespace(\r
+ "aaf.namespace"),;\r
+ private final String text;\r
+\r
+ private AafProperties(String text) {\r
+ this.text = text;\r
+ }\r
+\r
+ @Override\r
+ public String toString() {\r
+ return text;\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import com.fasterxml.jackson.core.JsonProcessingException;\r
+import com.fasterxml.jackson.databind.ObjectMapper;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+import org.onap.observations.Observation;\r
+import org.onap.optf.ticketmgt.common.LogMessages;\r
+\r
+/**\r
+ * The Class AafUserRole.\r
+ */\r
+public class AafUserRole {\r
+ private String url = "";\r
+ private String[] pathParts = {};\r
+ private String perm = "";\r
+ private String method = "";\r
+ private List<AafPerm> aafPerms = new ArrayList<>();\r
+\r
+ /**\r
+ * Instantiates a new aaf user role.\r
+ *\r
+ * @param url the url\r
+ * @param perm the perm\r
+ */\r
+ public AafUserRole(String url, String perm) {\r
+ this.setUrl(url);\r
+ this.setPerm(perm);\r
+ pathParts = url.split("\\/");\r
+\r
+ String[] perms = perm.split(",");\r
+ for (String p : perms) {\r
+ String[] parts = p.split(" ");\r
+ if (parts.length == 2) {\r
+ method = parts[1];\r
+ }\r
+ else {\r
+ method = "ALL";\r
+ }\r
+\r
+ String[] list = parts[0].split("\\|");\r
+ if (list.length == 3) {\r
+ AafPerm aafPerm = new AafPerm();\r
+ aafPerm.setAction(list[2]);\r
+ aafPerm.setInstance(list[1]);\r
+ aafPerm.setType(list[0]);\r
+ aafPerms.add(aafPerm);\r
+ }\r
+ }\r
+ }\r
+\r
+ /**\r
+ * Gets the url.\r
+ *\r
+ * @return the url\r
+ */\r
+ public String getUrl() {\r
+ return url;\r
+ }\r
+\r
+ /**\r
+ * Sets the url.\r
+ *\r
+ * @param url the new url\r
+ */\r
+ public void setUrl(String url) {\r
+ this.url = url;\r
+ }\r
+\r
+ /**\r
+ * Gets the perm.\r
+ *\r
+ * @return the perm\r
+ */\r
+ public String getPerm() {\r
+ return perm;\r
+ }\r
+\r
+ /**\r
+ * Sets the perm.\r
+ *\r
+ * @param perm the new perm\r
+ */\r
+ public void setPerm(String perm) {\r
+ this.perm = perm;\r
+ }\r
+\r
+ /**\r
+ * Gets the aaf perms.\r
+ *\r
+ * @return the aaf perms\r
+ */\r
+ public List<AafPerm> getAafPerms() {\r
+ return aafPerms;\r
+ }\r
+\r
+ /**\r
+ * Sets the aaf perms.\r
+ *\r
+ * @param aafPerms the new aaf perms\r
+ */\r
+ public void setAafPerms(List<AafPerm> aafPerms) {\r
+ this.aafPerms = aafPerms;\r
+ }\r
+\r
+ /**\r
+ * Matches.\r
+ *\r
+ * @param path the path\r
+ * @param matchMethod the match method\r
+ * @return true, if successful\r
+ */\r
+ public boolean matches(String path, String matchMethod) {\r
+ if (!this.method.equals("ALL") && !this.method.equals(matchMethod)) {\r
+ return false;\r
+ }\r
+ List<String> inNodes = new ArrayList<>();\r
+ List<String> matchNodes = new ArrayList<>();\r
+ String[] pathList = path.split("\\/");\r
+ for (String n : pathList) {\r
+ inNodes.add(n);\r
+ }\r
+ for (String n : pathParts) {\r
+ matchNodes.add(n);\r
+ }\r
+\r
+ while (!inNodes.isEmpty() && !matchNodes.isEmpty()) {\r
+ String inNode = inNodes.remove(0);\r
+ String matchNode = matchNodes.get(0);\r
+ if (matchNode.equals(inNode) || matchNode.equals("*")) {\r
+ matchNodes.remove(0);\r
+ } else {\r
+ if (!matchNode.equals("**")) {\r
+ return false;\r
+ }\r
+ }\r
+ }\r
+\r
+ //\r
+ if (inNodes.isEmpty() && matchNodes.isEmpty()) {\r
+ return true;\r
+ }\r
+\r
+ // We have incoming nodes remaining, see if we can wildcard them\r
+ if (matchNodes.size() == 1) {\r
+ if (matchNodes.get(0).equals("**")) {\r
+ return true;\r
+ }\r
+ if (inNodes.size() == 1 && matchNodes.get(0).equals("*")) {\r
+ return true;\r
+ }\r
+ }\r
+ return false;\r
+ }\r
+\r
+ /* (non-Javadoc)\r
+ * @see java.lang.Object#toString()\r
+ */\r
+ @Override\r
+ public String toString() {\r
+ try {\r
+ return new ObjectMapper().writeValueAsString(this);\r
+ } catch (JsonProcessingException e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.toString());\r
+ }\r
+ return this.url;\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import com.att.eelf.configuration.EELFLogger;\r
+import com.att.eelf.configuration.EELFManager;\r
+import java.nio.file.Files;\r
+import java.nio.file.Paths;\r
+import java.util.ArrayList;\r
+import java.util.List;\r
+import javax.annotation.PostConstruct;\r
+import org.onap.observations.Observation;\r
+import org.onap.optf.ticketmgt.SpringProfiles;\r
+import org.onap.optf.ticketmgt.common.LogMessages;\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.context.annotation.Profile;\r
+import org.springframework.core.env.Environment;\r
+import org.springframework.stereotype.Component;\r
+\r
+/**\r
+ * The Class AafUserRoleProperties.\r
+ */\r
+@Component\r
+@Profile(SpringProfiles.AAF_AUTHENTICATION)\r
+public class AafUserRoleProperties {\r
+ private static EELFLogger debug = EELFManager.getInstance().getDebugLogger();\r
+\r
+ /** The env. */\r
+ @Autowired\r
+ Environment env;\r
+\r
+ private List<AafUserRole> list = new ArrayList<>();\r
+\r
+ /**\r
+ * Initialize permissions.\r
+ */\r
+ @PostConstruct\r
+ public void initializePermissions() {\r
+ String userRolePropertiesName = env.getProperty(AafProperties.aafUserRoleProperties.toString(),\r
+ "opt/att/ajsc/config/AAFUserRoles.properties");\r
+ try {\r
+ List<String> lines = Files.readAllLines(Paths.get(userRolePropertiesName));\r
+ for (String line : lines) {\r
+ line = line.trim();\r
+ if (!line.startsWith("#")) {\r
+ String[] parts = line.split("=");\r
+ if (parts.length == 2) {\r
+ list.add(new AafUserRole(parts[0], env.resolvePlaceholders(parts[1])));\r
+ } else {\r
+ Observation.report(LogMessages.INVALID_ATTRIBUTE, line, userRolePropertiesName);\r
+ }\r
+ }\r
+ }\r
+ } catch (Exception e) {\r
+ Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.getMessage());\r
+ }\r
+ debug.debug("AafUserRole.properties: " + list);\r
+ }\r
+\r
+ /**\r
+ * Gets the for url method.\r
+ *\r
+ * @param url the url\r
+ * @param method the method\r
+ * @return the for url method\r
+ */\r
+ public List<AafUserRole> getForUrlMethod(String url, String method) {\r
+ List<AafUserRole> userRoleList = new ArrayList<>();\r
+ for (AafUserRole aur : list) {\r
+ if (aur.matches(url, method)) {\r
+ userRoleList.add(aur);\r
+ }\r
+ }\r
+ return userRoleList;\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import java.util.ArrayList;\r
+import java.util.HashMap;\r
+import java.util.List;\r
+import java.util.Map;\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.core.env.Environment;\r
+import org.springframework.stereotype.Component;\r
+\r
+/**\r
+ * Intent is to use AAF vanity URL however, this allows us to support a list of URLs.\r
+ */\r
+@Component\r
+public class BaseEndpoints {\r
+\r
+ @Autowired\r
+ Environment env;\r
+\r
+ private Map<EndpointInterface, List<String>> endpointMap = new HashMap<>();\r
+ private Map<EndpointInterface, String> endpointMapOk = new HashMap<>();\r
+\r
+ /**\r
+ * Gets the endpoint.\r
+ *\r
+ * @param ep the ep\r
+ * @param endpoints the endpoints\r
+ * @return the endpoint\r
+ */\r
+ public String getEndpoint(EndpointInterface ep, List<String> endpoints) {\r
+ loadUrls(ep);\r
+ endpoints.clear();\r
+ endpoints.addAll(endpointMap.get(ep));\r
+ String endpoint = null;\r
+ if (endpoints.size() > 0) {\r
+ // Make an attempt to return the most recent "working" endpoint.\r
+ //\r
+ synchronized (endpointMapOk) {\r
+ endpoint = endpointMapOk.get(ep);\r
+ if (endpoint == null) {\r
+ endpoint = endpoints.get(0);\r
+ endpointMapOk.put(ep, endpoint);\r
+ }\r
+ }\r
+ endpoints.remove(endpoint);\r
+ }\r
+ return endpoint;\r
+ }\r
+\r
+ // Call this if the previous enpoint failed to connect.\r
+ /**\r
+ * Gets the next endpoint.\r
+ *\r
+ * @param ep the ep\r
+ * @param endpoints the endpoints\r
+ * @return the next endpoint\r
+ */\r
+ // An attempt to track the most recent "working" endpoint.\r
+ public String getNextEndpoint(EndpointInterface ep, List<String> endpoints) {\r
+ String endpoint = null;\r
+ if (endpoints.size() > 0) {\r
+ endpoint = endpoints.remove(0);\r
+ synchronized (endpointMapOk) {\r
+ // Let's hope this one works.\r
+ endpointMapOk.put(ep, endpoint);\r
+ }\r
+ }\r
+ return endpoint;\r
+ }\r
+\r
+ private synchronized void loadUrls(EndpointInterface endpoint) {\r
+ endpointMap = new HashMap<>();\r
+ String urls = env.getProperty(AafProperties.aafUrls.toString());\r
+ String[] list = urls.split("\\|");\r
+ for (String url : list) {\r
+ for (EndpointInterface ep : endpoint.getValues()) {\r
+ addToEndpointMap(ep, url);\r
+ }\r
+ }\r
+ }\r
+\r
+\r
+ private void addToEndpointMap(EndpointInterface ep, String endpoint) {\r
+ List<String> list = endpointMap.get(ep);\r
+ if (list == null) {\r
+ list = new ArrayList<>();\r
+ endpointMap.put(ep, list);\r
+ }\r
+ String path = env.getProperty(ep.getPathName().toString(), ep.defaultPath());\r
+ list.add(endpoint + path);\r
+ }\r
+}\r
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+public interface EndpointInterface {\r
+ public AafProperties getPathName();\r
+\r
+ public String defaultPath();\r
+\r
+ public EndpointInterface[] getValues();\r
+\r
+}\r
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * org.onap.optf.cmso
- * ================================================================================
- * Copyright © 2019 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.optf.ticketmgt.aaf;
-
-import org.springframework.core.Ordered;
-
-public enum FilterPriority {
- AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE), AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1); // higher number
-
- private final int priority;
-
- FilterPriority(final int pri) {
- priority = pri;
- }
-
- public int getPriority() {
- return priority;
- }
-}
+++ /dev/null
-/*
- * ============LICENSE_START=======================================================
- * org.onap.optf.cmso
- * ================================================================================
- * Copyright © 2019 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.optf.ticketmgt.aaf;
-
-import java.io.IOException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import org.onap.optf.cmso.common.exceptions.CmsoException;
-
-class ResponseFormatter {
-
-
- static void errorResponse(HttpServletRequest request, HttpServletResponse response, CmsoException error)
- throws IOException {
- response.setStatus(error.getStatus().getStatusCode());
- response.getWriter().write(error.getRequestError().toString());
- response.getWriter().flush();
- response.getWriter().close();
- }
-
-}
--- /dev/null
+/*\r
+ * Copyright (c) 2019 AT&T Intellectual Property.\r
+ * Modifications Copyright © 2018 IBM.\r
+ *\r
+ * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * you may not use this file except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * http://www.apache.org/licenses/LICENSE-2.0\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, software\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+ *\r
+ *\r
+ * Unless otherwise specified, all documentation contained herein is licensed\r
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");\r
+ * you may not use this documentation except in compliance with the License.\r
+ * You may obtain a copy of the License at\r
+ *\r
+ * https://creativecommons.org/licenses/by/4.0/\r
+ *\r
+ * Unless required by applicable law or agreed to in writing, documentation\r
+ * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * See the License for the specific language governing permissions and\r
+ * limitations under the License.\r
+*/\r
+\r
+package org.onap.optf.ticketmgt.aaf;\r
+\r
+import org.onap.optf.ticketmgt.SpringProfiles;\r
+import org.springframework.beans.factory.annotation.Autowired;\r
+import org.springframework.context.annotation.ComponentScan;\r
+import org.springframework.context.annotation.Configuration;\r
+import org.springframework.context.annotation.Profile;\r
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;\r
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;\r
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;\r
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;\r
+\r
+@Configuration\r
+@EnableWebSecurity\r
+@ComponentScan("org.onap")\r
+@Profile(SpringProfiles.AAF_AUTHENTICATION)\r
+public class SecurityConfig extends WebSecurityConfigurerAdapter {\r
+\r
+ @Autowired\r
+ private AafAuthProvider authProvider;\r
+\r
+ @Override\r
+ protected void configure(AuthenticationManagerBuilder auth) throws Exception {\r
+ auth.authenticationProvider(authProvider);\r
+\r
+ }\r
+\r
+ @Override\r
+ protected void configure(HttpSecurity http) throws Exception {\r
+\r
+ http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic().realmName("Realm");\r
+\r
+ }\r
+}\r
--- /dev/null
+/**=org.onap.oof.access|*|get ALL
\ No newline at end of file
com.att.eelf.logging.path=
logging.config=
-spring.profiles.active=proprietary-auth
\ No newline at end of file
+spring.profiles.active=aaf-auth
\ No newline at end of file
Code Review / optf / cmso.git / commitdiff