From: sebdet Date: Sun, 23 Feb 2020 17:31:04 +0000 (-0800) Subject: Simplify the user management X-Git-Tag: 5.0.0~43 X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=7658007d67c5c2bc1d81bff4bf972b315cb5bea6;hp=aa486be66b1c29ad2e953cb44d105ca1bde40b1c;p=clamp.git Simplify the user management Simplify the user management and fix a bug in the server, crashing when no user are logged and an operation is requested, and also previous user still stored in the securitycontext when admin is logged (due to static variable) Issue-ID: CLAMP-651 Change-Id: I57523bc2c3afaf5ca5a3acf5c59823df06fd4cd9 Signed-off-by: sebdet --- diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java index b49be86b..e4a03fd3 100644 --- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java +++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java @@ -27,19 +27,18 @@ package org.onap.clamp.authorization; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; - import java.util.Date; - import org.apache.camel.Exchange; import org.onap.clamp.clds.config.ClampProperties; import org.onap.clamp.clds.exception.NotAuthorizedException; -import org.onap.clamp.clds.service.SecureServiceBase; -import org.onap.clamp.clds.service.SecureServicePermission; +import org.onap.clamp.clds.model.ClampInformation; import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.util.PrincipalUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; /** @@ -48,7 +47,7 @@ import org.springframework.stereotype.Component; @Component public class AuthorizationController { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SecureServiceBase.class); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(AuthorizationController.class); protected static final EELFLogger auditLogger = EELFManager.getInstance().getMetricsLogger(); protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); @@ -56,9 +55,36 @@ public class AuthorizationController { @Autowired private ClampProperties refProp; + private SecurityContext securityContext = SecurityContextHolder.getContext(); + public static final String PERM_PREFIX = "security.permission.type."; private static final String PERM_INSTANCE = "security.permission.instance"; + private static String retrieveUserName(SecurityContext securityContext) { + if (securityContext == null || securityContext.getAuthentication() == null) { + return null; + } + if ((securityContext.getAuthentication().getPrincipal()) instanceof String) { + // anonymous case + return ((String)securityContext.getAuthentication().getPrincipal()); + } else { + return ((UserDetails) securityContext.getAuthentication().getPrincipal()).getUsername(); + } + } + /** + * Get the principal name. + * + * @return The principal name + */ + public static String getPrincipalName(SecurityContext securityContext) { + String principal = AuthorizationController.retrieveUserName(securityContext); + String name = "Not found"; + if (principal != null) { + name = principal; + } + return name; + } + /** * Insert authorize the api based on the permission. * @@ -78,7 +104,7 @@ public class AuthorizationController { if (null != instanceVar && !instanceVar.isEmpty()) { instance = instanceVar; } - String principalName = PrincipalUtils.getPrincipalName(); + String principalName = AuthorizationController.getPrincipalName(this.securityContext); SecureServicePermission perm = SecureServicePermission.create(type, instance, action); Date startTime = new Date(); LoggingUtils.setTargetContext("Clamp", "authorize"); @@ -101,7 +127,7 @@ public class AuthorizationController { */ public boolean isUserPermitted(SecureServicePermission inPermission) { - String principalName = PrincipalUtils.getPrincipalName(); + String principalName = AuthorizationController.getPrincipalName(this.securityContext); // check if the user has the permission key or the permission key with a // combination of all instance and/or all action. if (hasRole(inPermission.getKey()) || hasRole(inPermission.getKeyAllInstance())) { @@ -124,7 +150,7 @@ public class AuthorizationController { } protected boolean hasRole(String role) { - Authentication authentication = PrincipalUtils.getSecurityContext().getAuthentication(); + Authentication authentication = securityContext.getAuthentication(); if (authentication == null) { return false; } @@ -136,4 +162,23 @@ public class AuthorizationController { return false; } + /** + * Gets clds info. CLDS IFO service will return 3 things 1. User Name 2. CLDS + * code version that is currently installed from pom.xml file 3. User + * permissions + * + * @return the clds info + */ + public ClampInformation getClampInformation() { + ClampInformation clampInfo = new ClampInformation(); + Authentication authentication = securityContext.getAuthentication(); + if (authentication == null) { + return new ClampInformation(); + } + clampInfo.setUserName(AuthorizationController.getPrincipalName(this.securityContext)); + for (GrantedAuthority auth : authentication.getAuthorities()) { + clampInfo.getAllPermissions().add(auth.getAuthority()); + } + return clampInfo; + } } diff --git a/src/main/java/org/onap/clamp/clds/service/CldsUser.java b/src/main/java/org/onap/clamp/authorization/CldsUser.java similarity index 98% rename from src/main/java/org/onap/clamp/clds/service/CldsUser.java rename to src/main/java/org/onap/clamp/authorization/CldsUser.java index 82b7727b..b50f50cb 100644 --- a/src/main/java/org/onap/clamp/clds/service/CldsUser.java +++ b/src/main/java/org/onap/clamp/authorization/CldsUser.java @@ -21,7 +21,7 @@ * */ -package org.onap.clamp.clds.service; +package org.onap.clamp.authorization; import java.util.Arrays; diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java b/src/main/java/org/onap/clamp/authorization/SecureServicePermission.java similarity index 99% rename from src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java rename to src/main/java/org/onap/clamp/authorization/SecureServicePermission.java index a93732c3..374aab90 100644 --- a/src/main/java/org/onap/clamp/clds/service/SecureServicePermission.java +++ b/src/main/java/org/onap/clamp/authorization/SecureServicePermission.java @@ -21,7 +21,7 @@ * */ -package org.onap.clamp.clds.service; +package org.onap.clamp.authorization; /** * Permission class that can be instantiated easily using constructor or factory diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java b/src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java similarity index 97% rename from src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java rename to src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java index 9cbf711c..026ee802 100644 --- a/src/main/java/org/onap/clamp/clds/service/SecureServicePermissionDeserializer.java +++ b/src/main/java/org/onap/clamp/authorization/SecureServicePermissionDeserializer.java @@ -21,7 +21,8 @@ * */ -package org.onap.clamp.clds.service; +package org.onap.clamp.authorization; + import com.google.gson.Gson; import com.google.gson.JsonDeserializationContext; diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/authorization/UserService.java similarity index 88% rename from src/main/java/org/onap/clamp/clds/service/UserService.java rename to src/main/java/org/onap/clamp/authorization/UserService.java index cf8f6630..b4f51c95 100644 --- a/src/main/java/org/onap/clamp/clds/service/UserService.java +++ b/src/main/java/org/onap/clamp/authorization/UserService.java @@ -20,8 +20,7 @@ * =================================================================== */ -package org.onap.clamp.clds.service; - +package org.onap.clamp.authorization; import org.springframework.security.core.context.SecurityContext; @@ -35,7 +34,7 @@ import org.springframework.stereotype.Controller; @Controller public class UserService { - private SecurityContext securityContext = SecurityContextHolder.getContext(); + private SecurityContext securityContext = SecurityContextHolder.getContext(); /** * REST service that returns the username. @@ -43,6 +42,6 @@ public class UserService { * @return the user name */ public String getUser() { - return new DefaultUserNameHandler().retrieveUserName(securityContext); + return AuthorizationController.getPrincipalName(securityContext); } } \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 54aa95e5..5908201f 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -38,7 +38,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.camel.component.servlet.CamelHttpTransportServlet; -import org.onap.clamp.clds.service.SecureServicePermission; +import org.onap.clamp.authorization.SecureServicePermission; import org.springframework.context.ApplicationContext; import org.springframework.http.HttpStatus; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java index 876acc83..626227e2 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java @@ -33,7 +33,7 @@ import java.nio.charset.StandardCharsets; import org.apache.commons.io.IOUtils; import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; +import org.onap.clamp.authorization.CldsUser; import org.onap.clamp.clds.util.JsonUtils; public class CldsUserJsonDecoder { diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java index 6a539c7e..a4515860 100644 --- a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java @@ -32,7 +32,7 @@ import java.io.IOException; import org.onap.clamp.clds.exception.CldsConfigException; import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; +import org.onap.clamp.authorization.CldsUser; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; diff --git a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java b/src/main/java/org/onap/clamp/clds/model/ClampInformation.java similarity index 50% rename from src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java rename to src/main/java/org/onap/clamp/clds/model/ClampInformation.java index 543dd4a9..d73e9420 100644 --- a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java +++ b/src/main/java/org/onap/clamp/clds/model/ClampInformation.java @@ -1,43 +1,62 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.userdetails.UserDetails; - - - -public class DefaultUserNameHandler implements UserNameHandler { - - /* - * (non-Javadoc) - * - * @see - * org.onap.clamp.clds.service.PrincipalNameHandler#handleName(SecurityContext) - */ - @Override - public String retrieveUserName(SecurityContext securityContext) { - return ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - } -} +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017-2020 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.onap.clamp.clds.model; + +import com.google.gson.annotations.Expose; +import java.util.ArrayList; +import java.util.List; +import org.onap.clamp.clds.util.ClampVersioning; + +public class ClampInformation { + @Expose + private String userName; + @Expose + private String cldsVersion = ClampVersioning.getCldsVersionFromProps(); + @Expose + List allPermissions = new ArrayList<>(); + + public String getUserName() { + return userName; + } + + public void setUserName(String userName) { + this.userName = userName; + } + + public String getCldsVersion() { + return cldsVersion; + } + + public void setCldsVersion(String cldsVersion) { + this.cldsVersion = cldsVersion; + } + + public List getAllPermissions() { + return allPermissions; + } + + public void setAllPermissions(List allPermissions) { + this.allPermissions = allPermissions; + } +} diff --git a/src/main/java/org/onap/clamp/clds/model/CldsInfo.java b/src/main/java/org/onap/clamp/clds/model/CldsInfo.java deleted file mode 100644 index f3cf6ed1..00000000 --- a/src/main/java/org/onap/clamp/clds/model/CldsInfo.java +++ /dev/null @@ -1,110 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.model; - -import com.google.gson.annotations.Expose; - -public class CldsInfo { - @Expose - private String userName; - @Expose - private String cldsVersion; - @Expose - private boolean permissionReadCl; - @Expose - private boolean permissionUpdateCl; - @Expose - private boolean permissionReadTemplate; - @Expose - private boolean permissionUpdateTemplate; - @Expose - private boolean permissionReadTosca; - @Expose - private boolean permissionUpdateTosca; - - public String getUserName() { - return userName; - } - - public void setUserName(String userName) { - this.userName = userName; - } - - public String getCldsVersion() { - return cldsVersion; - } - - public void setCldsVersion(String cldsVersion) { - this.cldsVersion = cldsVersion; - } - - public boolean isPermissionReadCl() { - return permissionReadCl; - } - - public void setPermissionReadCl(boolean permissionReadCl) { - this.permissionReadCl = permissionReadCl; - } - - public boolean isPermissionUpdateCl() { - return permissionUpdateCl; - } - - public void setPermissionUpdateCl(boolean permissionUpdateCl) { - this.permissionUpdateCl = permissionUpdateCl; - } - - public boolean isPermissionReadTemplate() { - return permissionReadTemplate; - } - - public void setPermissionReadTemplate(boolean permissionReadTemplate) { - this.permissionReadTemplate = permissionReadTemplate; - } - - public boolean isPermissionUpdateTemplate() { - return permissionUpdateTemplate; - } - - public void setPermissionUpdateTemplate(boolean permissionUpdateTemplate) { - this.permissionUpdateTemplate = permissionUpdateTemplate; - } - - public boolean isPermissionReadTosca() { - return permissionReadTosca; - } - - public void setPermissionReadTosca(boolean permissionReadTosca) { - this.permissionReadTosca = permissionReadTosca; - } - - public boolean isPermissionUpdateTosca() { - return permissionUpdateTosca; - } - - public void setPermissionUpdateTosca(boolean permissionUpdateTosca) { - this.permissionUpdateTosca = permissionUpdateTosca; - } - -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java b/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java deleted file mode 100644 index 7027cf1b..00000000 --- a/src/main/java/org/onap/clamp/clds/service/CldsInfoProvider.java +++ /dev/null @@ -1,52 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import org.onap.clamp.clds.model.CldsInfo; -import org.onap.clamp.clds.util.ClampVersioning; - -class CldsInfoProvider { - - - private final CldsService cldsService; - - public CldsInfoProvider(CldsService cldsService) { - this.cldsService = cldsService; - } - - public CldsInfo getCldsInfo() { - CldsInfo cldsInfo = new CldsInfo(); - cldsInfo.setUserName(cldsService.getUserName()); - cldsInfo.setCldsVersion(ClampVersioning.getCldsVersionFromProps()); - - cldsInfo.setPermissionReadCl(cldsService.isAuthorizedNoException(cldsService.permissionReadCl)); - cldsInfo.setPermissionUpdateCl(cldsService.isAuthorizedNoException(cldsService.permissionUpdateCl)); - cldsInfo.setPermissionReadTemplate(cldsService.isAuthorizedNoException(cldsService.permissionReadTemplate)); - cldsInfo.setPermissionUpdateTemplate(cldsService.isAuthorizedNoException(cldsService.permissionUpdateTemplate)); - cldsInfo.setPermissionReadTosca(cldsService.isAuthorizedNoException(cldsService.permissionReadTosca)); - cldsInfo.setPermissionUpdateTosca(cldsService.isAuthorizedNoException(cldsService.permissionUpdateTosca)); - return cldsInfo; - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsService.java b/src/main/java/org/onap/clamp/clds/service/CldsService.java deleted file mode 100644 index 3b84e360..00000000 --- a/src/main/java/org/onap/clamp/clds/service/CldsService.java +++ /dev/null @@ -1,180 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Modifications Copyright (c) 2019 Samsung - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.util.Date; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.clamp.clds.model.CldsInfo; -import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.clds.util.OnapLogConstants; -import org.slf4j.event.Level; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.stereotype.Component; - -/** - * Service to save and retrieve the CLDS model attributes. - */ -@Component -public class CldsService extends SecureServiceBase { - - /** - * The constant securityLogger. - */ - protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); - /** - * The constant logger. - */ - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsService.class); - - private final String cldsPermissionTypeFilterVf; - private final String cldsPermissionInstance; - /** - * The Permission read cl. - */ - final SecureServicePermission permissionReadCl; - /** - * The Permission update cl. - */ - final SecureServicePermission permissionUpdateCl; - /** - * The Permission read template. - */ - final SecureServicePermission permissionReadTemplate; - /** - * The Permission update template. - */ - final SecureServicePermission permissionUpdateTemplate; - /** - * The Permission read tosca. - */ - final SecureServicePermission permissionReadTosca; - /** - * The Permission update tosca. - */ - final SecureServicePermission permissionUpdateTosca; - - private LoggingUtils util = new LoggingUtils(logger); - - @Autowired - private HttpServletRequest request; - - /** - * Instantiates a new Clds service. - * - * @param cldsPersmissionTypeCl the clds persmission type cl - * @param cldsPermissionTypeClManage the clds permission type cl manage - * @param cldsPermissionTypeClEvent the clds permission type cl event - * @param cldsPermissionTypeFilterVf the clds permission type filter vf - * @param cldsPermissionTypeTemplate the clds permission type template - * @param cldsPermissionTypeTosca the clds permission type tosca - * @param cldsPermissionInstance the clds permission instance - */ - @Autowired - public CldsService( - @Value("${clamp.config.security.permission.type.cl:permission-type-cl}") String cldsPersmissionTypeCl, - @Value("${clamp.config.security.permission.type.cl.manage:permission-type-cl-manage}") - String cldsPermissionTypeClManage, - @Value("${clamp.config.security.permission.type.cl.event:permission-type-cl-event}") - String cldsPermissionTypeClEvent, - @Value("${clamp.config.security.permission.type.filter.vf:permission-type-filter-vf}") - String cldsPermissionTypeFilterVf, - @Value("${clamp.config.security.permission.type.template:permission-type-template}") - String cldsPermissionTypeTemplate, - @Value("${clamp.config.security.permission.type.tosca:permission-type-tosca}") - String cldsPermissionTypeTosca, - @Value("${clamp.config.security.permission.instance:dev}") String cldsPermissionInstance) { - this.cldsPermissionTypeFilterVf = cldsPermissionTypeFilterVf; - this.cldsPermissionInstance = cldsPermissionInstance; - permissionReadCl = SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "read"); - permissionUpdateCl = SecureServicePermission.create(cldsPersmissionTypeCl, cldsPermissionInstance, "update"); - permissionReadTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "read"); - permissionUpdateTemplate = SecureServicePermission.create(cldsPermissionTypeTemplate, cldsPermissionInstance, - "update"); - permissionReadTosca = SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, "read"); - permissionUpdateTosca = SecureServicePermission.create(cldsPermissionTypeTosca, cldsPermissionInstance, - "update"); - } - - /** - * Gets clds info. CLDS IFO service will return 3 things 1. User Name 2. CLDS - * code version that is currently installed from pom.xml file 3. User - * permissions - * - * @return the clds info - */ - public CldsInfo getCldsInfo() { - util.entering(request, "CldsService: GET cldsInfo"); - final Date startTime = new Date(); - LoggingUtils.setTimeContext(startTime, new Date()); - - CldsInfoProvider cldsInfoProvider = new CldsInfoProvider(this); - final CldsInfo cldsInfo = cldsInfoProvider.getCldsInfo(); - - // audit log - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.info("GET cldsInfo completed"); - util.exiting("200", "Get cldsInfo success", Level.INFO, OnapLogConstants.ResponseStatus.COMPLETED); - return cldsInfo; - } - - /** - * Determine if the user is authorized for a particular VF by its invariant - * UUID. - * - * @param vfInvariantUuid the vf invariant uuid - * @return boolean or throws NotAuthorizedException - */ - public boolean isAuthorizedForVf(String vfInvariantUuid) { - if (cldsPermissionTypeFilterVf != null && !cldsPermissionTypeFilterVf.isEmpty()) { - SecureServicePermission permission = SecureServicePermission.create(cldsPermissionTypeFilterVf, - cldsPermissionInstance, vfInvariantUuid); - return isAuthorized(permission); - } else { - // if CLDS_PERMISSION_TYPE_FILTER_VF property is not provided, then - // VF filtering is turned off - logger.warn("VF filtering turned off"); - return true; - } - } - - /** - * Sets logging util. - * - * @param utilP the util p - */ - // Created for the integration test - public void setLoggingUtil(LoggingUtils utilP) { - util = utilP; - } -} diff --git a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java b/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java deleted file mode 100644 index debd687c..00000000 --- a/src/main/java/org/onap/clamp/clds/service/SecureServiceBase.java +++ /dev/null @@ -1,226 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; - -import java.util.Date; -import javax.ws.rs.NotAuthorizedException; - -import org.onap.clamp.clds.util.LoggingUtils; -import org.onap.clamp.clds.util.OnapLogConstants; -import org.slf4j.event.Level; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; - -/** - * Base/abstract Service class. Implements shared security methods. - */ -public abstract class SecureServiceBase { - protected static final EELFLogger logger = EELFManager.getInstance().getLogger(SecureServiceBase.class); - protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); - protected static final EELFLogger securityLogger = EELFManager.getInstance().getSecurityLogger(); - - // By default we'll set it to a default handler - private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); - - - private SecurityContext securityContext = SecurityContextHolder.getContext(); - - /** - * Get the userId from AAF/CSP. - * - * @return user ID - */ - public String getUserId() { - return getUserName(); - } - - /** - * Get the Full name. - * - * @return user name - */ - public String getUserName() { - String name = userNameHandler.retrieveUserName(securityContext); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "getUserName"); - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.debug("User logged into the CLDS system={}", name); - return name; - } - - /** - * Get the principal name. - * - * @return the principal name - */ - public String getPrincipalName() { - String principal = ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - String name = "Not found"; - if (principal != null) { - name = principal; - } - logger.debug("userPrincipal.getName()={}", name); - return name; - } - - /** - * Check if user is authorized for the given the permission. Allow matches - * if user has a permission with an "*" in permission instance or permission - * action even if the permission to check has a specific value in those - * fields. For example: if the user has this permission: app-perm-type|*|* - * it will be authorized if the inPermission to check is: - * app-perm-type|dev|read - * - * @param inPermission - * The permission to validate - * @return A boolean to indicate if the user has the permission to do - * execute the inPermission - * @throws NotAuthorizedException - * In case of issues with the permission test, error is returned - * in this exception - */ - public boolean isAuthorized(SecureServicePermission inPermission) throws NotAuthorizedException { - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorized"); - LoggingUtils.setTimeContext(startTime, new Date()); - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - throw new NotAuthorizedException(msg); - } - } - - /** - * Check if user is authorized for the given aaf permission. Allow matches - * if user has a permission with an "*" in permission instance or permission - * action even if the permission to check has a specific value in those - * fields. For example: if the user has this permission: app-perm-type|*|* - * it will be authorized if the inPermission to check is: - * app-perm-type|dev|read - * - * @param inPermission - * The permission to validate - * @return A boolean to indicate if the user has the permission to do - * execute the inPermission - */ - public boolean isAuthorizedNoException(SecureServicePermission inPermission) { - securityLogger.debug("checking if {} has permission: {}", getPrincipalName(), inPermission); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "isAuthorizedNoException"); - LoggingUtils.setTimeContext(startTime, new Date()); - try { - return isUserPermitted(inPermission); - } catch (NotAuthorizedException nae) { - String msg = getPrincipalName() + " does not have permission: " + inPermission; - LoggingUtils.setErrorContext("100", "Authorization Error"); - securityLogger.warn(msg); - } - return false; - } - - /** - * This method can be used by the Application.class to set the - * UserNameHandler that must be used in this class. The UserNameHandler - * where to get the User name - * - * @param handler - * The Handler impl to use - */ - public static final void setUserNameHandler(UserNameHandler handler) { - if (handler != null) { - userNameHandler = handler; - } - } - - public void setSecurityContext(SecurityContext securityContext) { - this.securityContext = securityContext; - } - - private boolean isUserPermitted(SecureServicePermission inPermission) { - boolean authorized = false; - // check if the user has the permission key or the permission key with a - // combination of all instance and/or all action. - if (hasRole(inPermission.getKey())) { - securityLogger.info("{} authorized for permission: {}", getPrincipalName(), inPermission.getKey()); - authorized = true; - // the rest of these don't seem to be required - isUserInRole method - // appears to take * as a wildcard - } else if (hasRole(inPermission.getKeyAllInstance())) { - securityLogger.info("{} authorized because user has permission with * for instance: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else if (hasRole(inPermission.getKeyAllInstanceAction())) { - securityLogger.info("{} authorized because user has permission with * for instance and * for action: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else if (hasRole(inPermission.getKeyAllAction())) { - securityLogger.info("{} authorized because user has permission with * for action: {}", - getPrincipalName(), inPermission.getKey()); - authorized = true; - } else { - throw new NotAuthorizedException(""); - } - return authorized; - } - - protected boolean hasRole(String role) { - Authentication authentication = securityContext.getAuthentication(); - if (authentication == null) { - return false; - } - - for (GrantedAuthority auth : authentication.getAuthorities()) { - if (role.equals(auth.getAuthority())) { - return true; - } - } - - return false; - } - - protected void auditLogInfo(LoggingUtils util, String actionDescription, Date startTime) { - LoggingUtils.setTimeContext(startTime, new Date()); - auditLogger.info(actionDescription + " completed"); - util.exiting("200", actionDescription + " success", Level.INFO, - OnapLogConstants.ResponseStatus.COMPLETED); - } - - protected void auditLogInfo(String actionDescription, Date startTime) { - - LoggingUtils.setTimeContext(startTime, new Date()); - LoggingUtils.setResponseContext("0", actionDescription + " success", - this.getClass().getName()); - auditLogger.info(actionDescription + " completed"); - } -} \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java deleted file mode 100644 index d48700f6..00000000 --- a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java +++ /dev/null @@ -1,31 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import org.springframework.security.core.context.SecurityContext; - -public interface UserNameHandler { - - public String retrieveUserName(SecurityContext securityContext); -} diff --git a/src/main/java/org/onap/clamp/clds/util/JsonUtils.java b/src/main/java/org/onap/clamp/clds/util/JsonUtils.java index 704d3ac3..8024331f 100644 --- a/src/main/java/org/onap/clamp/clds/util/JsonUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/JsonUtils.java @@ -30,8 +30,8 @@ import com.google.gson.GsonBuilder; import java.time.Instant; -import org.onap.clamp.clds.service.SecureServicePermission; -import org.onap.clamp.clds.service.SecureServicePermissionDeserializer; +import org.onap.clamp.authorization.SecureServicePermission; +import org.onap.clamp.authorization.SecureServicePermissionDeserializer; import org.onap.clamp.dao.model.gson.converter.InstantDeserializer; import org.onap.clamp.dao.model.gson.converter.InstantSerializer; diff --git a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java index 1a6cca6b..a471b411 100644 --- a/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java +++ b/src/main/java/org/onap/clamp/clds/util/LoggingUtils.java @@ -25,7 +25,6 @@ package org.onap.clamp.clds.util; import com.att.eelf.configuration.EELFLogger; import com.att.eelf.configuration.EELFManager; - import java.net.HttpURLConnection; import java.net.InetAddress; import java.net.URLConnection; @@ -39,12 +38,10 @@ import java.time.temporal.ChronoUnit; import java.util.Date; import java.util.TimeZone; import java.util.UUID; - import javax.net.ssl.HttpsURLConnection; import javax.servlet.http.HttpServletRequest; import javax.validation.constraints.NotNull; - -import org.onap.clamp.clds.service.DefaultUserNameHandler; +import org.onap.clamp.authorization.AuthorizationController; import org.slf4j.MDC; import org.slf4j.event.Level; import org.springframework.security.core.context.SecurityContextHolder; @@ -188,8 +185,8 @@ public class LoggingUtils { // Default the partner name to the user name used to login to clamp if (partnerName.equalsIgnoreCase(EMPTY_MESSAGE)) { - MDC.put(OnapLogConstants.Mdcs.PARTNER_NAME, new DefaultUserNameHandler() - .retrieveUserName(SecurityContextHolder.getContext())); + MDC.put(OnapLogConstants.Mdcs.PARTNER_NAME, + AuthorizationController.getPrincipalName(SecurityContextHolder.getContext())); } // Set standard MDCs. Override this entire method if you want to set diff --git a/src/main/java/org/onap/clamp/tosca/DictionaryService.java b/src/main/java/org/onap/clamp/tosca/DictionaryService.java index 21ca1f7f..5b24def9 100644 --- a/src/main/java/org/onap/clamp/tosca/DictionaryService.java +++ b/src/main/java/org/onap/clamp/tosca/DictionaryService.java @@ -27,12 +27,11 @@ import com.google.common.collect.Sets; import java.util.List; import java.util.Set; import javax.persistence.EntityNotFoundException; -import org.onap.clamp.clds.service.SecureServiceBase; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @Service -public class DictionaryService extends SecureServiceBase { +public class DictionaryService { private final DictionaryRepository dictionaryRepository; private final DictionaryElementsRepository dictionaryElementsRepository; diff --git a/src/main/java/org/onap/clamp/util/PrincipalUtils.java b/src/main/java/org/onap/clamp/util/PrincipalUtils.java deleted file mode 100644 index d6dfacbd..00000000 --- a/src/main/java/org/onap/clamp/util/PrincipalUtils.java +++ /dev/null @@ -1,89 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2019 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * Modifications copyright (c) 2018 Nokia - * =================================================================== - * - */ - -package org.onap.clamp.util; - -import java.util.Date; - -import org.onap.clamp.clds.service.DefaultUserNameHandler; -import org.onap.clamp.clds.service.UserNameHandler; -import org.onap.clamp.clds.util.LoggingUtils; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.core.userdetails.UserDetails; - -public class PrincipalUtils { - private static UserNameHandler userNameHandler = new DefaultUserNameHandler(); - private static SecurityContext securityContext = SecurityContextHolder.getContext(); - - /** - * Private constructor to avoid creating instances of util class. - */ - private PrincipalUtils(){ - } - - /** - * Get the Full name. - * - * @return The user name - */ - public static String getUserName() { - String name = userNameHandler.retrieveUserName(securityContext); - Date startTime = new Date(); - LoggingUtils.setTargetContext("CLDS", "getUserName"); - LoggingUtils.setTimeContext(startTime, new Date()); - return name; - } - - /** - * Get the userId from AAF/CSP. - * - * @return The user ID - */ - public static String getUserId() { - return getUserName(); - } - - /** - * Get the principal name. - * - * @return The principal name - */ - public static String getPrincipalName() { - String principal = ((UserDetails)securityContext.getAuthentication().getPrincipal()).getUsername(); - String name = "Not found"; - if (principal != null) { - name = principal; - } - return name; - } - - public static void setSecurityContext(SecurityContext securityContext) { - PrincipalUtils.securityContext = securityContext; - } - - public static SecurityContext getSecurityContext() { - return securityContext; - } -} diff --git a/src/main/resources/clds/camel/rest/clamp-api-v2.xml b/src/main/resources/clds/camel/rest/clamp-api-v2.xml index d62a0c28..1f927267 100644 --- a/src/main/resources/clds/camel/rest/clamp-api-v2.xml +++ b/src/main/resources/clds/camel/rest/clamp-api-v2.xml @@ -1050,5 +1050,10 @@ + + + diff --git a/src/main/resources/clds/camel/rest/clds-services.xml b/src/main/resources/clds/camel/rest/clds-services.xml index dd3a4bfd..ce52f31d 100644 --- a/src/main/resources/clds/camel/rest/clds-services.xml +++ b/src/main/resources/clds/camel/rest/clds-services.xml @@ -1,10 +1,5 @@ - - - @@ -23,7 +18,7 @@ - + diff --git a/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java b/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java index a9480421..5a129221 100644 --- a/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java +++ b/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java @@ -26,11 +26,11 @@ package org.onap.clamp.clds.config; -import static org.assertj.core.api.Assertions.assertThat; - import org.junit.Test; +import org.onap.clamp.authorization.CldsUser; import org.onap.clamp.clds.exception.CldsUsersException; -import org.onap.clamp.clds.service.CldsUser; + +import static org.assertj.core.api.Assertions.assertThat; public class CldsUserJsonDecoderTest { diff --git a/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java b/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java index 49f17364..3406042c 100644 --- a/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java +++ b/src/test/java/org/onap/clamp/clds/it/AuthorizationControllerItCase.java @@ -25,27 +25,27 @@ package org.onap.clamp.clds.it; +import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -import java.util.List; +import java.util.Arrays; +import java.util.Collection; import org.apache.camel.Exchange; -import org.junit.Before; +import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mockito; import org.onap.clamp.authorization.AuthorizationController; +import org.onap.clamp.authorization.SecureServicePermission; import org.onap.clamp.clds.exception.NotAuthorizedException; -import org.onap.clamp.clds.service.SecureServicePermission; -import org.onap.clamp.util.PrincipalUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.userdetails.User; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.test.context.junit4.SpringRunner; /** @@ -53,33 +53,67 @@ import org.springframework.test.context.junit4.SpringRunner; * and stored procedures. */ @RunWith(SpringRunner.class) -@SpringBootTest +@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT) public class AuthorizationControllerItCase { - private PermissionTestDefaultHelper permissionTestHelper = new PermissionTestDefaultHelper(); - - // @Spy - // MockEnvironment env; - @Autowired private AuthorizationController auth; + private static SecurityContext sc = SecurityContextHolder.getContext(); + /** * Setup the variable before the tests execution. */ - @Before - public void setupBefore() { - // permissionTestHelper.setupMockEnv(env); - List authList = permissionTestHelper.getAuthList(); - - SecurityContext securityContext = Mockito.mock(SecurityContext.class); - Mockito.when(securityContext.getAuthentication()) - .thenReturn(new UsernamePasswordAuthenticationToken(new User("admin", "", authList), "", authList)); - PrincipalUtils.setSecurityContext(securityContext); + @BeforeClass + public static void setupBefore() { + + sc.setAuthentication(new Authentication() { + @Override + public Collection getAuthorities() { + return Arrays.asList(new SimpleGrantedAuthority( + new SecureServicePermission("permission-type-cl", "dev", "read").getKey()), + new SimpleGrantedAuthority(new SecureServicePermission("permission-type-cl-manage", "dev", + "DEPLOY").getKey()), + new SimpleGrantedAuthority(new SecureServicePermission("permission-type-filter-vf", "dev", + "12345-55555-55555-5555").getKey())); + } + + @Override + public Object getCredentials() { + return null; + } + + @Override + public Object getDetails() { + return null; + } + + @Override + public Object getPrincipal() { + return "admin"; + } + + @Override + public boolean isAuthenticated() { + return true; + } + + @Override + public void setAuthenticated(boolean authenticatedFlag) throws IllegalArgumentException { + + } + + @Override + public String getName() { + return "admin"; + } + }); + } @Test public void testIsUserPermitted() { + assertEquals(AuthorizationController.getPrincipalName(sc),"admin"); assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl", "dev", "read"))); assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl-manage", "dev", "DEPLOY"))); assertTrue(auth.isUserPermitted( @@ -87,17 +121,6 @@ public class AuthorizationControllerItCase { assertFalse(auth.isUserPermitted(new SecureServicePermission("permission-type-cl", "test", "read"))); } - @Test - public void testIfUserAuthorize() { - Exchange ex = Mockito.mock(Exchange.class); - try { - permissionTestHelper - .doActionOnAllPermissions(((type, instance, action) -> auth.authorize(ex, type, instance, action))); - } catch (NotAuthorizedException e) { - fail(e.getMessage()); - } - } - @Test(expected = NotAuthorizedException.class) public void testIfAuthorizeThrowException() { Exchange ex = Mockito.mock(Exchange.class); diff --git a/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java b/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java deleted file mode 100644 index 40cc0650..00000000 --- a/src/test/java/org/onap/clamp/clds/it/CldsServiceItCase.java +++ /dev/null @@ -1,240 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.it; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -import java.io.IOException; -import java.io.InputStream; -import java.util.LinkedList; -import java.util.List; -import java.util.Properties; - -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.NotAuthorizedException; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mockito.Matchers; -import org.mockito.Mockito; -import org.onap.clamp.clds.model.CldsInfo; -import org.onap.clamp.clds.service.CldsService; -import org.onap.clamp.clds.util.LoggingUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.core.userdetails.User; -import org.springframework.security.core.userdetails.UserDetails; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; - -/** - * Test HTTP and HTTPS settings + redirection of HTTP to HTTPS. - */ -@RunWith(SpringJUnit4ClassRunner.class) -@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) -public class CldsServiceItCase { - - @Autowired - private CldsService cldsService; - - private LoggingUtils util; - private SecurityContext securityContext = mock(SecurityContext.class); - private Authentication auth = Mockito.mock(Authentication.class); - private UserDetails userDetails = Mockito.mock(UserDetails.class); - private List authorityList = new LinkedList(); - /** - * Setup the variable before the tests execution. - * - * @throws IOException In case of issues when opening the files - */ - @Before - public void setupBefore() throws IOException { - util = Mockito.mock(LoggingUtils.class); - Mockito.doNothing().when(util).entering(Matchers.any(HttpServletRequest.class), Matchers.any(String.class)); - cldsService.setLoggingUtil(util); - - } - - @Test - public void testCldsInfoNotAuthorized() { - Mockito.when(userDetails.getUsername()).thenReturn("admin"); - Mockito.when(securityContext.getAuthentication()).thenReturn(auth); - Mockito.when(auth.getPrincipal()).thenReturn(userDetails); - - cldsService.setSecurityContext(securityContext); - CldsInfo cldsInfo = cldsService.getCldsInfo(); - assertFalse(cldsInfo.isPermissionReadCl()); - assertFalse(cldsInfo.isPermissionReadTemplate()); - assertFalse(cldsInfo.isPermissionUpdateCl()); - assertFalse(cldsInfo.isPermissionUpdateTemplate()); - } - - @Test - public void testCldsInfoAuthorized() throws Exception { - List authList = new LinkedList(); - authList.add(new SimpleGrantedAuthority("permission-type-cl-manage|dev|*")); - authList.add(new SimpleGrantedAuthority("permission-type-cl|dev|read")); - authList.add(new SimpleGrantedAuthority("permission-type-cl|dev|update")); - authList.add(new SimpleGrantedAuthority("permission-type-template|dev|read")); - authList.add(new SimpleGrantedAuthority("permission-type-template|dev|update")); - authList.add(new SimpleGrantedAuthority("permission-type-filter-vf|dev|*")); - authList.add(new SimpleGrantedAuthority("permission-type-cl-event|dev|*")); - Authentication authentication; - authentication = new UsernamePasswordAuthenticationToken(new User("admin", "", authList), "", authList); - - Mockito.when(securityContext.getAuthentication()).thenReturn(authentication); - - cldsService.setSecurityContext(securityContext); - CldsInfo cldsInfo = cldsService.getCldsInfo(); - assertTrue(cldsInfo.isPermissionReadCl()); - assertTrue(cldsInfo.isPermissionReadTemplate()); - assertTrue(cldsInfo.isPermissionUpdateCl()); - assertTrue(cldsInfo.isPermissionUpdateTemplate()); - Properties prop = new Properties(); - InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream("clds-version.properties"); - prop.load(in); - assertNotNull(in); - in.close(); - assertEquals(cldsInfo.getCldsVersion(), prop.getProperty("clds.version")); - assertEquals(cldsInfo.getUserName(), "admin"); - } - - @Test(expected = NotAuthorizedException.class) - public void isAuthorizedForVfTestNotAuthorized1() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - when(securityContext.getAuthentication()).thenReturn(auth); - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test(expected = NotAuthorizedException.class) - public void isAuthorizedForVfTestNotAuthorized2() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - authorityList.add(new SimpleGrantedAuthority("permission-type-filter-vf|prod|*")); - when((List)auth.getAuthorities()).thenReturn(authorityList); - when(securityContext.getAuthentication()).thenReturn(auth); - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test(expected = NotAuthorizedException.class) - public void isAuthorizedForVfTestNotAuthorized3() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - authorityList.add(new SimpleGrantedAuthority("permission-type-filter-vf|dev|testId2")); - when((List)auth.getAuthorities()).thenReturn(authorityList); - when(securityContext.getAuthentication()).thenReturn(auth); - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test(expected = NullPointerException.class) - public void isAuthorizedForVfTestNotAuthorized4() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - when(securityContext.getAuthentication()).thenReturn(null); - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test - public void isAuthorizedForVfTest1() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - authorityList.add(new SimpleGrantedAuthority("permission-type-filter-vf|*|*")); - when((List)auth.getAuthorities()).thenReturn(authorityList); - when(securityContext.getAuthentication()).thenReturn(auth); - - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test - public void isAuthorizedForVfTest2() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - authorityList.add(new SimpleGrantedAuthority("permission-type-filter-vf|dev|*")); - when((List)auth.getAuthorities()).thenReturn(authorityList); - when(securityContext.getAuthentication()).thenReturn(auth); - - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test - public void isAuthorizedForVfTest3() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - authorityList.add(new SimpleGrantedAuthority("permission-type-filter-vf|dev|testId")); - when((List)auth.getAuthorities()).thenReturn(authorityList); - when(securityContext.getAuthentication()).thenReturn(auth); - - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test - public void isAuthorizedForVfTest4() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - authorityList.add(new SimpleGrantedAuthority("permission-type-filter-vf|*|testId")); - when((List)auth.getAuthorities()).thenReturn(authorityList); - when(securityContext.getAuthentication()).thenReturn(auth); - - cldsService.setSecurityContext(securityContext); - boolean res = cldsService.isAuthorizedForVf("testId"); - assertThat(res).isTrue(); - } - - @Test - public void getUserIdTest() throws Exception { - when(userDetails.getUsername()).thenReturn("testName"); - when(auth.getPrincipal()).thenReturn(userDetails); - when(securityContext.getAuthentication()).thenReturn(auth); - - cldsService.setSecurityContext(securityContext); - assertThat(cldsService.getUserId()).isEqualTo("testName"); - } -} diff --git a/src/test/java/org/onap/clamp/clds/it/PermissionTestDefaultHelper.java b/src/test/java/org/onap/clamp/clds/it/PermissionTestDefaultHelper.java deleted file mode 100644 index 1830115f..00000000 --- a/src/test/java/org/onap/clamp/clds/it/PermissionTestDefaultHelper.java +++ /dev/null @@ -1,51 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2019 Samsung. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.it; - -import com.google.common.collect.ImmutableMap; - -import java.util.Map; - -public class PermissionTestDefaultHelper extends PermissionTestHelper { - - private static final String[] ALL_ACTION = new String[] { "*" }; - private static final String[] READ_UPDATE_ACTION = new String[] { "read", "update" }; - - private static final String DEV_INSTANCE = "dev"; - private static final String TEST_INSTANCE = "test"; - - private static final Map> defaultPermission = ImmutableMap.of("permission-type-cl", - ImmutableMap.of(DEV_INSTANCE, ALL_ACTION), "permission-type-cl-event", - ImmutableMap.of(DEV_INSTANCE, ALL_ACTION, TEST_INSTANCE, READ_UPDATE_ACTION), "permission-type-cl-manage", - ImmutableMap.of(DEV_INSTANCE, ALL_ACTION, TEST_INSTANCE, READ_UPDATE_ACTION), "permission-type-filter-vf", - ImmutableMap.of(DEV_INSTANCE, ALL_ACTION, TEST_INSTANCE, READ_UPDATE_ACTION), "permission-type-template", - ImmutableMap.of(DEV_INSTANCE, ALL_ACTION, TEST_INSTANCE, READ_UPDATE_ACTION)); - - /** - * Permission test default helper constructor. This class setup the default - * permission in the parent PermissionTestHelper class. - */ - public PermissionTestDefaultHelper() { - super(defaultPermission); - } -} diff --git a/src/test/java/org/onap/clamp/clds/it/PermissionTestHelper.java b/src/test/java/org/onap/clamp/clds/it/PermissionTestHelper.java deleted file mode 100644 index 905b7f70..00000000 --- a/src/test/java/org/onap/clamp/clds/it/PermissionTestHelper.java +++ /dev/null @@ -1,79 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2019 Samsung. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.it; - -import static org.onap.clamp.authorization.AuthorizationController.PERM_PREFIX; -import static org.onap.clamp.clds.config.ClampProperties.CONFIG_PREFIX; - -import java.util.LinkedList; -import java.util.List; -import java.util.Map; - -import org.springframework.mock.env.MockEnvironment; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; - -public class PermissionTestHelper { - - private static final String securityPrefix = CONFIG_PREFIX + PERM_PREFIX; - private final Map> permission; - private static final List authList = new LinkedList<>(); - - /** - * Permission Test Helper constructor. Generate authList base on general - * permission collection. - */ - public PermissionTestHelper(Map> permission) { - this.permission = permission; - this.createAuthList(); - } - - private void createAuthList() { - permission.forEach((type, instanceMap) -> instanceMap.forEach((instance, actionList) -> { - for (String action : (String[]) actionList) { - authList.add(new SimpleGrantedAuthority(type + "|" + instance + "|" + action)); - } - })); - } - - List getAuthList() { - return authList; - } - - void setupMockEnv(MockEnvironment env) { - permission.forEach((type, instanceMap) -> env.withProperty(securityPrefix + type, type)); - } - - void doActionOnAllPermissions(PermissionAction action) { - permission.forEach((type, instanceMap) -> instanceMap.forEach((instance, actionList) -> { - for (String actionName : (String[]) actionList) { - action.doAction(type, (String) instance, actionName); - } - })); - } - - @FunctionalInterface - public interface PermissionAction { - void doAction(String type, String instance, String action); - } -} diff --git a/src/test/java/org/onap/clamp/clds/service/CldsInfoProviderTest.java b/src/test/java/org/onap/clamp/clds/service/CldsInfoProviderTest.java deleted file mode 100644 index fa898c7a..00000000 --- a/src/test/java/org/onap/clamp/clds/service/CldsInfoProviderTest.java +++ /dev/null @@ -1,60 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP CLAMP - * ================================================================================ - * Copyright (C) 2018 Nokia Intellectual Property. All rights - * reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END============================================ - * =================================================================== - * - */ - -package org.onap.clamp.clds.service; - -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Matchers.any; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.when; - -import org.junit.Test; -import org.onap.clamp.clds.model.CldsInfo; - - -public class CldsInfoProviderTest { - - private static final String TEST_USERNAME = "TEST_USERNAME"; - - @Test - public void shouldProvideCldsInfoFromContext() throws Exception { - - // given - CldsService serviceBase = mock(CldsService.class); - when(serviceBase.getUserName()).thenReturn(TEST_USERNAME); - when(serviceBase.isAuthorizedNoException(any())).thenReturn(true); - CldsInfoProvider cldsInfoProvider = new CldsInfoProvider(serviceBase); - - // when - CldsInfo cldsInfo = cldsInfoProvider.getCldsInfo(); - - // then - assertThat(cldsInfo.getUserName()).isEqualTo(TEST_USERNAME); - assertThat(cldsInfo.isPermissionReadCl()).isTrue(); - assertThat(cldsInfo.isPermissionReadTemplate()).isTrue(); - assertThat(cldsInfo.isPermissionUpdateCl()).isTrue(); - assertThat(cldsInfo.isPermissionUpdateTemplate()).isTrue(); - assertThat(cldsInfo.isPermissionReadTosca()).isTrue(); - assertThat(cldsInfo.isPermissionUpdateTosca()).isTrue(); - } -} \ No newline at end of file diff --git a/ui-react/src/api/UserService.js b/ui-react/src/api/UserService.js index 8da6e3a7..5703fdcc 100644 --- a/ui-react/src/api/UserService.js +++ b/ui-react/src/api/UserService.js @@ -74,7 +74,7 @@ export default class UserService { } static getUserInfo() { - return fetch('/restservices/clds/v1/clds/cldsInfo', { + return fetch('/restservices/clds/v2/clampInformation', { method: 'GET', credentials: 'same-origin' }) @@ -82,6 +82,8 @@ export default class UserService { console.debug("getUserInfo response received, status code:", response.status); if (response.ok) { return response.json(); + } else { + return {} } }) .then(function (data) { @@ -91,7 +93,7 @@ export default class UserService { .catch(function(error) { console.warn("getUserInfo error received, user set to: ",UserService.notLoggedUserName); console.error("getUserInfo error:",error); - return; + return {}; }); } } diff --git a/ui-react/src/components/dialogs/UserInfoModal.js b/ui-react/src/components/dialogs/UserInfoModal.js index 1273d87c..4b779dec 100644 --- a/ui-react/src/components/dialogs/UserInfoModal.js +++ b/ui-react/src/components/dialogs/UserInfoModal.js @@ -39,12 +39,7 @@ export default class UserInfoModal extends React.Component { super(props, context); this.handleClose = this.handleClose.bind(this); - this.renderReadTemplatePermission = this.renderReadTemplatePermission.bind(this); - this.renderReadModelPermission = this.renderReadModelPermission.bind(this); - this.renderReadToscaPermission = this.renderReadToscaPermission.bind(this); - this.renderUpdateTemplatePermission = this.renderUpdateTemplatePermission.bind(this); - this.renderUpdateModelPermission = this.renderUpdateModelPermission.bind(this); - this.renderUpdateToscaPermission = this.renderUpdateToscaPermission.bind(this); + this.renderPermissions = this.renderPermissions.bind(this); this.renderUserName = this.renderUserName.bind(this); this.state = { show: true, @@ -60,48 +55,16 @@ export default class UserInfoModal extends React.Component { handleClose() { this.props.history.push('/'); } - renderReadTemplatePermission() { - if (this.state.userInfo["permissionReadTemplate"]) { - return - } else { - return; - } - } - renderReadModelPermission() { - if (this.state.userInfo["permissionReadCl"]) { - return - } else { - return; - } - } - renderReadToscaPermission() { - if (this.state.userInfo["permissionReadTosca"]) { - return - } else { - return; - } - } - renderUpdateTemplatePermission() { - if (this.state.userInfo["permissionUpdateTemplate"]) { - return - } else { - return; - } - } - renderUpdateModelPermission() { - if (this.state.userInfo["permissionUpdateCl"]) { - return - } else { - return; - } - } - renderUpdateToscaPermission() { - if (this.state.userInfo["permissionUpdateTosca"]) { - return - } else { - return; - } - } + renderPermissions() { + if (this.state.userInfo["allPermissions"]) { + var listOfPermissions = this.state.userInfo["allPermissions"].map(function(perm) { + return ; + }) + return listOfPermissions; + } else { + return; + } + } renderUserName() { if (this.state.userInfo["userName"]) { return @@ -134,12 +97,7 @@ export default class UserInfoModal extends React.Component { User Permissions: - {this.renderReadTemplatePermission()} - {this.renderReadModelPermission()} - {this.renderReadToscaPermission()} - {this.renderUpdateTemplatePermission()} - {this.renderUpdateModelPermission()} - {this.renderUpdateToscaPermission()} + {this.renderPermissions()} diff --git a/ui-react/src/components/dialogs/UserInfoModal.test.js b/ui-react/src/components/dialogs/UserInfoModal.test.js index b5a2b272..f5ed0ae1 100644 --- a/ui-react/src/components/dialogs/UserInfoModal.test.js +++ b/ui-react/src/components/dialogs/UserInfoModal.test.js @@ -46,12 +46,7 @@ describe('Verify UserInfoModal', () => { component.setState({ userInfo: { "userName": "test", "cldsVersion": "1.0.0", - "permissionReadCl": true, - "permissionReadTemplate" : true, - "permissionReadTosca" : true, - "permissionUpdateTemplate" : true, - "permissionUpdateCl" : true, - "permissionUpdateTosca": true + "allPermissions": ["permission1","permission2"] }}); expect(component).toMatchSnapshot(); }); @@ -69,18 +64,15 @@ describe('Verify UserInfoModal', () => { component.setState({ userInfo: { "userName": "test", "cldsVersion": "1.0.0", - "permissionReadCl": true, - "permissionReadTemplate" : true, - "permissionReadTosca" : true + "allPermissions": ["permission1","permission2"] }}); - expect(component.find('FormControl').length).toEqual(5); + expect(component.find('FormControl').length).toEqual(4); const forms = component.find('FormControl'); expect(forms.get(0).props.defaultValue).toEqual("test"); expect(forms.get(1).props.defaultValue).toEqual("1.0.0"); - expect(forms.get(2).props.defaultValue).toEqual("Read Template"); - expect(forms.get(3).props.defaultValue).toEqual("Read Model"); - expect(forms.get(4).props.defaultValue).toEqual("Read Tosca"); + expect(forms.get(2).props.defaultValue).toEqual("permission1"); + expect(forms.get(3).props.defaultValue).toEqual("permission2"); }); }); diff --git a/ui-react/src/components/dialogs/__snapshots__/UserInfoModal.test.js.snap b/ui-react/src/components/dialogs/__snapshots__/UserInfoModal.test.js.snap index fdb24a43..bd05e863 100644 --- a/ui-react/src/components/dialogs/__snapshots__/UserInfoModal.test.js.snap +++ b/ui-react/src/components/dialogs/__snapshots__/UserInfoModal.test.js.snap @@ -90,32 +90,12 @@ exports[`Verify UserInfoModal Test the render method full permission 1`] = ` - - - -