From 279a9e751159e1b48366a69300997c6375a36424 Mon Sep 17 00:00:00 2001 From: sebdet Date: Wed, 19 Dec 2018 17:33:37 +0100 Subject: [PATCH] Add flexibility Add flexibility to the code for the authentication part Issue-ID: CLAMP-252 Change-Id: Id13275c37b44f6934057000743f40fb531313cca Signed-off-by: sebdet --- src/main/java/org/onap/clamp/clds/ClampServlet.java | 19 +++++++++++++++---- src/main/resources/application.properties | 1 + src/test/resources/application.properties | 5 +++-- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/src/main/java/org/onap/clamp/clds/ClampServlet.java b/src/main/java/org/onap/clamp/clds/ClampServlet.java index 516325cb..008a9c74 100644 --- a/src/main/java/org/onap/clamp/clds/ClampServlet.java +++ b/src/main/java/org/onap/clamp/clds/ClampServlet.java @@ -36,7 +36,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.camel.component.servlet.CamelHttpTransportServlet; -import org.onap.aaf.cadi.principal.X509Principal; import org.onap.clamp.clds.service.SecureServicePermission; import org.springframework.context.ApplicationContext; import org.springframework.http.HttpStatus; @@ -62,11 +61,24 @@ public class ClampServlet extends CamelHttpTransportServlet { public static final String PERM_VF = "clamp.config.security.permission.type.filter.vf"; public static final String PERM_MANAGE = "clamp.config.security.permission.type.cl.manage"; public static final String PERM_TOSCA = "clamp.config.security.permission.type.tosca"; + public static final String AUTHENTICATION_CLASS = "clamp.config.security.authentication.class"; private static List permissionList; + private synchronized Class loadDynamicAuthenticationClass() { + try { + String authenticationObject = WebApplicationContextUtils.getWebApplicationContext(getServletContext()) + .getEnvironment().getProperty(AUTHENTICATION_CLASS); + return Class.forName(authenticationObject); + } catch (ClassNotFoundException e) { + logger.error( + "Exception caught when attempting to create associated class of config:" + AUTHENTICATION_CLASS, e); + return Object.class; + } + } + private synchronized List getPermissionList() { if (permissionList == null) { - permissionList=new ArrayList<>(); + permissionList = new ArrayList<>(); ApplicationContext applicationContext = WebApplicationContextUtils .getWebApplicationContext(getServletContext()); String cldsPermissionInstance = applicationContext.getEnvironment().getProperty(PERM_INSTANCE); @@ -97,9 +109,8 @@ public class ClampServlet extends CamelHttpTransportServlet { @Override protected void doService(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { - Principal p = request.getUserPrincipal(); - if (p instanceof X509Principal) { + if (loadDynamicAuthenticationClass().isInstance(p)) { // When AAF is enabled, there is a need to provision the permissions to Spring // system List grantedAuths = new ArrayList<>(); diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties index e44ba750..c492f74d 100644 --- a/src/main/resources/application.properties +++ b/src/main/resources/application.properties @@ -232,6 +232,7 @@ clamp.config.security.permission.type.template=org.onap.clamp.clds.template clamp.config.security.permission.type.tosca=org.onap.clamp.clds.tosca #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties clamp.config.security.permission.instance=dev +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal #AAF related parameters clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile diff --git a/src/test/resources/application.properties b/src/test/resources/application.properties index 7116940f..d75c6086 100644 --- a/src/test/resources/application.properties +++ b/src/test/resources/application.properties @@ -191,7 +191,7 @@ clamp.config.sdc.locationArtifactType=DCAE_INVENTORY_JSON clamp.config.sdc.InstanceID=X-ECOMP-InstanceID clamp.config.sdc.header.requestId = X-ECOMP-RequestID # -clamp.config.sdc.csarFolder = /tmp/sdc-tests +clamp.config.sdc.csarFolder = ${project.build.directory}/sdc-tests clamp.config.sdc.blueprint.parser.mapping = classpath:/clds/blueprint-parser-mapping.json # clamp.config.ui.location.default=classpath:/clds/templates/ui-location-default.json @@ -221,4 +221,5 @@ clamp.config.security.permission.type.filter.vf=permission-type-filter-vf clamp.config.security.permission.type.template=permission-type-template clamp.config.security.permission.type.tosca=permission-type-tosca #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties -clamp.config.security.permission.instance=dev \ No newline at end of file +clamp.config.security.permission.instance=dev +clamp.config.security.authentication.class=org.onap.aaf.cadi.principal.X509Principal \ No newline at end of file -- 2.16.6