From 907af9b57aa0db3ace5dc8fdaef9fb84c1392ec9 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Michael=20D=C3=BCrre?= Date: Thu, 14 Mar 2024 11:54:26 +0100 Subject: [PATCH] fix oauth code MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit split oauth to realm and web functionality Issue-ID: CCSDK-3394 Change-Id: I245a30a9df4e9a5c40af5dfe3e0d5318bceed9dc Signed-off-by: Michael Dürre --- docs/requirements-docs.txt | 1 + docs/tox.ini | 6 +- sdnr/wt/featureaggregator/feature-oauth/pom.xml | 16 +- sdnr/wt/featureaggregator/installer/pom.xml | 4 +- sdnr/wt/featureaggregator/pom.xml | 2 +- .../{provider-jar => oauth-core}/pom.xml | 45 +-- .../sdnr/wt/oauthprovider/OAuth2Realm.java | 0 .../sdnr/wt/oauthprovider/data/Config.java | 4 +- .../wt/oauthprovider/data/CustomObjectMapper.java | 0 .../data/InvalidConfigurationException.java | 0 .../sdnr/wt/oauthprovider/data/KeycloakRole.java | 0 .../data/KeycloakUserTokenPayload.java | 0 .../data/NoDefinitionFoundException.java | 0 .../wt/oauthprovider/data/OAuthProviderConfig.java | 0 .../wt/oauthprovider/data/OAuthResponseData.java | 0 .../sdnr/wt/oauthprovider/data/OAuthToken.java | 0 .../sdnr/wt/oauthprovider/data/OdlPolicy.java | 0 .../oauthprovider/data/OdlShiroConfiguration.java | 67 ++++ .../sdnr/wt/oauthprovider/data/OdlXmlMapper.java | 44 +++ .../data/OpenIdConfigResponseData.java | 0 .../data/UnableToConfigureOAuthService.java | 0 .../wt/oauthprovider/data/UserTokenPayload.java | 0 .../filters/AnyRoleHttpAuthenticationFilter.java | 0 .../BearerAndBasicHttpAuthenticationFilter.java | 59 +++- .../CustomizedMDSALDynamicAuthorizationFilter.java | 57 ++-- .../wt/oauthprovider/http/AuthHttpServlet.java | 136 ++++---- .../http/HeadersOnlyHttpServletRequest.java | 0 .../http/client/MappedBaseHttpResponse.java | 0 .../http/client/MappingBaseHttpClient.java | 0 .../wt/oauthprovider/providers/AuthService.java | 0 .../providers/GitlabProviderService.java | 2 +- .../providers/KeycloakProviderService.java | 0 .../providers/MdSalAuthorizationStore.java | 0 .../providers/NextcloudProviderService.java | 0 .../providers/OAuthProviderFactory.java | 0 .../sdnr/wt/oauthprovider/providers/PemUtils.java | 0 .../wt/oauthprovider/providers/RSAKeyReader.java | 0 .../wt/oauthprovider/providers/TokenCreator.java | 20 +- .../wt/oauthprovider/test/TestAuthHttpServlet.java | 53 +++- .../sdnr/wt/oauthprovider/test/TestConfig.java | 0 .../wt/oauthprovider/test/TestDeserializer.java | 0 .../oauthprovider/test/TestGitlabAuthService.java | 0 .../test/TestKeycloakAuthService.java | 0 .../sdnr/wt/oauthprovider/test/TestPolicy.java | 0 .../sdnr/wt/oauthprovider/test/TestProperty.java | 0 .../wt/oauthprovider/test/TestRSAAlgorithms.java | 0 .../sdnr/wt/oauthprovider/test/TestRealm.java | 52 ++- .../oauthprovider/test/helper/OdlJsonMapper.java | 8 +- .../wt/oauthprovider/test/helper/OdlXmlMapper.java | 0 .../src/test/resources/aaa-app-config.test.xml | 77 +++++ .../src/test/resources/jwtRS256.key | 0 .../src/test/resources/jwtRS256.key.pub | 0 .../src/test/resources/jwtRS512.key | 0 .../src/test/resources/jwtRS512.key.pub | 0 .../src/test/resources/mdsalDynAuthData.json | 0 .../resources/oauth/gitlab-groups-response.json | 0 .../resources/oauth/gitlab-token-response.json | 0 .../test/resources/oauth/gitlab-user-response.json | 0 .../resources/oauth/keycloak-token-response.json | 0 .../src/test/resources/oom.test.config.json | 0 .../src/test/resources/test.config.json | 0 .../test/resources/test.configRS256-invalid.json | 0 .../src/test/resources/test.configRS256.json | 0 .../src/test/resources/test.configRS512.json | 0 .../{provider-osgi => oauth-realm}/pom.xml | 22 +- sdnr/wt/oauth-provider/oauth-web/pom.xml | 155 +++++++++ .../org/opendaylight/blueprint/impl-blueprint.xml | 30 +- sdnr/wt/oauth-provider/pom.xml | 7 +- .../features/sdnr/wt/oauthprovider/Helper.java | 66 ---- .../src/test/resources/aaa-app-config.test.xml | 353 --------------------- sdnr/wt/odlux/apps/mediatorApp/pom.xml | 2 +- sdnr/wt/pom.xml | 2 +- 72 files changed, 645 insertions(+), 645 deletions(-) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/pom.xml (94%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java (98%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java (100%) create mode 100644 sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java create mode 100644 sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java (73%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java (87%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java (82%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java (98%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java (94%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java (92%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java (90%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java (93%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java (100%) create mode 100644 sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/jwtRS256.key (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/jwtRS256.key.pub (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/jwtRS512.key (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/jwtRS512.key.pub (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/mdsalDynAuthData.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/oauth/gitlab-groups-response.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/oauth/gitlab-token-response.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/oauth/gitlab-user-response.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/oauth/keycloak-token-response.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/oom.test.config.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/test.config.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/test.configRS256-invalid.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/test.configRS256.json (100%) rename sdnr/wt/oauth-provider/{provider-jar => oauth-core}/src/test/resources/test.configRS512.json (100%) rename sdnr/wt/oauth-provider/{provider-osgi => oauth-realm}/pom.xml (89%) create mode 100644 sdnr/wt/oauth-provider/oauth-web/pom.xml rename sdnr/wt/oauth-provider/{provider-osgi => oauth-web}/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml (57%) delete mode 100644 sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java delete mode 100644 sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml diff --git a/docs/requirements-docs.txt b/docs/requirements-docs.txt index 71df2ab0d..097282b97 100644 --- a/docs/requirements-docs.txt +++ b/docs/requirements-docs.txt @@ -5,3 +5,4 @@ sphinxcontrib-seqdiag # BSD sphinxcontrib-swaggerdoc sphinxcontrib-spelling sphinxcontrib-plantuml +six diff --git a/docs/tox.ini b/docs/tox.ini index 8e5325ed1..ae83b7f6f 100644 --- a/docs/tox.ini +++ b/docs/tox.ini @@ -7,7 +7,7 @@ skipsdist = true basepython = python3.8 deps = -r{toxinidir}/requirements-docs.txt - -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt + -chttps://releases.openstack.org/constraints/upper/yoga -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt commands = sphinx-build -W -b html -n -d {envtmpdir}/doctrees ./ {toxinidir}/_build/html @@ -16,7 +16,7 @@ commands = basepython = python3.8 deps = -r{toxinidir}/requirements-docs.txt - -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt + -chttps://releases.openstack.org/constraints/upper/yoga -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master commands = sphinx-build -W -q -b linkcheck -d {envtmpdir}/doctrees {toxinidir} {toxinidir}/_build/linkcheck @@ -25,7 +25,7 @@ commands = basepython = python3.8 deps = -r{toxinidir}/requirements-docs.txt - -chttps://raw.githubusercontent.com/openstack/requirements/stable/yoga/upper-constraints.txt + -chttps://releases.openstack.org/constraints/upper/yoga -chttps://git.onap.org/doc/plain/etc/upper-constraints.onap.txt?h=master commands = sphinx-build -W -q -b spelling -d {envtmpdir}/doctrees {toxinidir} {toxinidir}/_build/spellcheck diff --git a/sdnr/wt/featureaggregator/feature-oauth/pom.xml b/sdnr/wt/featureaggregator/feature-oauth/pom.xml index b79b320e6..9ec7189fb 100644 --- a/sdnr/wt/featureaggregator/feature-oauth/pom.xml +++ b/sdnr/wt/featureaggregator/feature-oauth/pom.xml @@ -22,6 +22,7 @@ ~ ============LICENSE_END======================================================= ~ --> + 4.0.0 @@ -34,7 +35,7 @@ org.onap.ccsdk.features.sdnr.wt sdnr-wt-feature-aggregator-oauth - 1.6.0-SNAPSHOT + 1.6.3-SNAPSHOT feature ccsdk-features :: ${project.artifactId} @@ -47,14 +48,13 @@ ${project.groupId} - sdnr-wt-oauth-provider + sdnr-wt-oauth-web + ${project.version} + + + ${project.groupId} + sdnr-wt-oauth-realm ${project.version} - - - ${project.groupId} - sdnr-wt-oauth-provider-jar - - diff --git a/sdnr/wt/featureaggregator/installer/pom.xml b/sdnr/wt/featureaggregator/installer/pom.xml index e857ae56d..76c3a6238 100755 --- a/sdnr/wt/featureaggregator/installer/pom.xml +++ b/sdnr/wt/featureaggregator/installer/pom.xml @@ -65,13 +65,13 @@ xml features - + ${project.groupId} sdnr-wt-data-provider-setup diff --git a/sdnr/wt/featureaggregator/pom.xml b/sdnr/wt/featureaggregator/pom.xml index e67663872..89870f32a 100755 --- a/sdnr/wt/featureaggregator/pom.xml +++ b/sdnr/wt/featureaggregator/pom.xml @@ -41,7 +41,7 @@ feature - + feature-oauth feature-devicemanager feature-devicemanager-base installer diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/oauth-core/pom.xml similarity index 94% rename from sdnr/wt/oauth-provider/provider-jar/pom.xml rename to sdnr/wt/oauth-provider/oauth-core/pom.xml index 6ad79ef8f..4fe9c6b10 100644 --- a/sdnr/wt/oauth-provider/provider-jar/pom.xml +++ b/sdnr/wt/oauth-provider/oauth-core/pom.xml @@ -22,6 +22,7 @@ ~ ============LICENSE_END======================================================= ~ --> + 4.0.0 @@ -33,8 +34,8 @@ org.onap.ccsdk.features.sdnr.wt - sdnr-wt-oauth-provider-jar - 1.6.0-SNAPSHOT + sdnr-wt-oauth-core + 1.6.3-SNAPSHOT jar ccsdk-features :: ${project.artifactId} @@ -133,8 +134,27 @@ provided - jakarta.servlet - jakarta.servlet-api + org.osgi + org.osgi.core + provided + + + com.fasterxml.jackson.dataformat + jackson-dataformat-xml + + + ${project.groupId} + sdnr-wt-yang-utils + ${project.version} + + + org.osgi + osgi.cmpn + compile + + + javax.servlet + javax.servlet-api provided @@ -152,17 +172,6 @@ jetty-servlet test - - com.fasterxml.jackson.dataformat - jackson-dataformat-xml - test - - - ${project.groupId} - sdnr-wt-yang-utils - ${project.version} - test - org.opendaylight.mdsal.binding.model.ietf rfc6991-ietf-yang-types @@ -178,11 +187,5 @@ org.osgi.core test - - org.osgi - osgi.cmpn - 7.0.0 - compile - diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java similarity index 98% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java index 1caec63e0..6798026f3 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java @@ -242,14 +242,14 @@ public class Config { boolean found = false; if (isEnvExpression(key)) { - LOG.debug("try to find env var(s) for {}", key); + LOG.info("try to find env var(s) for {}", key); final Matcher matcher = pattern.matcher(key); String tmp = new String(key); while (matcher.find() && matcher.groupCount() > 0) { final String mkey = matcher.group(1); if (mkey != null) { try { - LOG.debug("match found for v={} and env key={}", key, mkey); + LOG.info("match found for v={} and env key={}", key, mkey); String envvar = mkey.substring(2, mkey.length() - 1); String env = System.getenv(envvar); tmp = tmp.replace(mkey, env == null ? "" : env); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java new file mode 100644 index 000000000..f5e067450 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java @@ -0,0 +1,67 @@ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data; + +import java.util.List; + +public class OdlShiroConfiguration { + + private List main; + private List urls; + + + + public List getMain() { + return main; + } + + public void setMain(List main) { + this.main = main; + } + public List getUrls() { + return urls; + } + public void setUrls(List urls) { + this.urls = urls; + } + public OdlShiroConfiguration(){ + + } + + public static class BaseItem{ + private String pairKey; + private String pairValue; + + public String getPairKey() { + return pairKey; + } + + public void setPairKey(String pairKey) { + this.pairKey = pairKey; + } + + public String getPairValue() { + return pairValue; + } + + public void setPairValue(String pairValue) { + this.pairValue = pairValue; + } + + public BaseItem(){ + + } + + } + + public static class MainItem extends BaseItem{ + public MainItem(){ + super(); + } + + } + public static class UrlItem extends BaseItem{ + public UrlItem(){ + super(); + } + } + +} diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java new file mode 100644 index 000000000..cbdc1d0d9 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java @@ -0,0 +1,44 @@ +/* + * ============LICENSE_START======================================================= + * ONAP : ccsdk features + * ================================================================================ + * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property. + * All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + */ +package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data; + +import com.fasterxml.jackson.annotation.JsonInclude.Include; +import com.fasterxml.jackson.databind.DeserializationFeature; +import com.fasterxml.jackson.databind.MapperFeature; +import com.fasterxml.jackson.databind.PropertyNamingStrategy; +import com.fasterxml.jackson.dataformat.xml.XmlMapper; +import org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions.YangToolsBuilderAnnotationIntrospector; + +public class OdlXmlMapper extends XmlMapper { + + private static final long serialVersionUID = 1L; + + + public OdlXmlMapper() { + this.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); + this.setSerializationInclusion(Include.NON_NULL); + this.setPropertyNamingStrategy(PropertyNamingStrategy.KEBAB_CASE); + this.enable(MapperFeature.USE_GETTERS_AS_SETTERS); + YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector(); + this.setAnnotationIntrospector(introspector); + } +} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java similarity index 73% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java index 6fb41d799..51c064819 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java @@ -21,17 +21,19 @@ */ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters; +import java.util.Locale; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.apache.shiro.authc.AuthenticationToken; +import org.apache.shiro.codec.Base64; +import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter; import org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter; import org.apache.shiro.web.util.WebUtils; -import org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter{ +public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter { // defined in lower-case for more efficient string comparison private static final Logger LOG = LoggerFactory.getLogger(BearerAndBasicHttpAuthenticationFilter.class); @@ -74,14 +76,16 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { final HttpServletRequest httpRequest = WebUtils.toHttp(request); final String httpMethod = httpRequest.getMethod(); + //always allow options requests if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) { return true; - } else { - if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) { - LOG.debug("isAccessAllowed succeeded on basicAuth"); - return true; - } } + + if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) { + LOG.debug("isAccessAllowed succeeded on basicAuth"); + return true; + } + return super.isAccessAllowed(request, response, mappedValue); } @@ -111,24 +115,47 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica return createToken(username, password, request, response); } + private static class ODLHttpAuthenticationHelperFilter extends BasicHttpAuthenticationFilter { + + private static final Logger LOG = LoggerFactory.getLogger(ODLHttpAuthenticationHelperFilter.class); - private static class ODLHttpAuthenticationHelperFilter extends ODLHttpAuthenticationFilter{ + // defined in lower-case for more efficient string comparison + protected static final String BEARER_SCHEME = "bearer"; - ODLHttpAuthenticationHelperFilter(){ - super(); + protected static final String OPTIONS_HEADER = "OPTIONS"; + + public ODLHttpAuthenticationHelperFilter() { + LOG.info("Creating the ODLHttpAuthenticationFilter"); } @Override - protected boolean isLoginAttempt(String authzHeader) { - return super.isLoginAttempt(authzHeader); + protected String[] getPrincipalsAndCredentials(String scheme, String encoded) { + final String decoded = Base64.decodeToString(encoded); + // attempt to decode username/password; otherwise decode as token + if (decoded.contains(":")) { + return decoded.split(":"); + } + return new String[]{encoded}; } + @Override - protected String[] getPrincipalsAndCredentials(String scheme, String encoded) { - return super.getPrincipalsAndCredentials(scheme, encoded); + protected boolean isLoginAttempt(String authzHeader) { + final String authzScheme = getAuthzScheme().toLowerCase(Locale.ROOT); + final String authzHeaderLowerCase = authzHeader.toLowerCase(Locale.ROOT); + return authzHeaderLowerCase.startsWith(authzScheme) + || authzHeaderLowerCase.startsWith(BEARER_SCHEME); } + @Override - protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) { - return super.isAccessAllowed(request, response, mappedValue); + protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, + Object mappedValue) { + final HttpServletRequest httpRequest = WebUtils.toHttp(request); + final String httpMethod = httpRequest.getMethod(); + if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) { + return true; + } else { + return super.isAccessAllowed(httpRequest, response, mappedValue); + } } } } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java similarity index 87% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java index 26cdbe773..27ca3b3f9 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java @@ -1,11 +1,28 @@ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters; +import static com.google.common.base.Preconditions.checkArgument; +import static java.util.Objects.requireNonNull; + import com.google.common.collect.Iterables; import com.google.common.util.concurrent.Futures; import com.google.common.util.concurrent.ListenableFuture; + +import java.io.IOException; +import java.util.*; +import java.util.concurrent.ExecutionException; +import javax.servlet.Filter; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.apache.shiro.subject.Subject; import org.apache.shiro.web.filter.authz.AuthorizationFilter; -import org.opendaylight.mdsal.binding.api.*; +import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener; +import org.opendaylight.mdsal.binding.api.DataBroker; +import org.opendaylight.mdsal.binding.api.DataTreeIdentifier; +import org.opendaylight.mdsal.binding.api.DataTreeModification; +import org.opendaylight.mdsal.binding.api.ReadTransaction; import org.opendaylight.mdsal.common.api.LogicalDatastoreType; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization; import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies; @@ -15,18 +32,7 @@ import org.opendaylight.yangtools.yang.binding.InstanceIdentifier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import javax.servlet.Filter; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.*; -import java.util.concurrent.ExecutionException; - -import static com.google.common.base.Preconditions.checkArgument; -import static java.util.Objects.requireNonNull; - +@SuppressWarnings("checkstyle:AbbreviationAsWordInName") public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilter implements ClusteredDataTreeChangeListener { @@ -35,22 +41,24 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt private static final DataTreeIdentifier AUTHZ_CONTAINER = DataTreeIdentifier.create( LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(HttpAuthorization.class)); - private final DataBroker dataBroker; + private static DataBroker dataBroker; + public static void setDataBroker(DataBroker dataBroker2){ + dataBroker = dataBroker2; + } private ListenerRegistration reg; private volatile ListenableFuture> authContainer; - private static final ThreadLocal DATABROKER_TL = new ThreadLocal<>(); public CustomizedMDSALDynamicAuthorizationFilter() { - dataBroker = requireNonNull(DATABROKER_TL.get()); + } @Override public Filter processPathConfig(final String path, final String config) { - try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) { - authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier()); - } - this.reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this); + /*if (dataBroker == null){ + throw new RuntimeException("dataBroker is not initialized"); + }*/ + return super.processPathConfig(path, config); } @@ -73,6 +81,15 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt @Override public boolean isAccessAllowed(final ServletRequest request, final ServletResponse response, final Object mappedValue) { + if (dataBroker == null){ + throw new RuntimeException("dataBroker is not initialized"); + } + if(reg == null){ + try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) { + authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier()); + } + reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this); + } checkArgument(request instanceof HttpServletRequest, "Expected HttpServletRequest, received {}", request); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java similarity index 82% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java index 338da179a..562fe5472 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java @@ -22,6 +22,7 @@ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.http; import com.fasterxml.jackson.databind.ObjectMapper; +import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; @@ -43,26 +44,23 @@ import org.apache.shiro.authc.BearerToken; import org.apache.shiro.codec.Base64; import org.apache.shiro.session.Session; import org.apache.shiro.subject.Subject; -import org.jolokia.osgi.security.Authenticator; -import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.MainItem; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.UrlItem; +import org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.CustomizedMDSALDynamicAuthorizationFilter; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFactory; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; -import org.opendaylight.aaa.api.IdMService; +import org.opendaylight.aaa.api.AuthenticationException; +import org.opendaylight.aaa.api.Claim; +import org.opendaylight.aaa.api.PasswordCredentialAuth; +import org.opendaylight.aaa.api.PasswordCredentials; +import org.opendaylight.aaa.tokenauthrealm.auth.PasswordCredentialBuilder; import org.opendaylight.mdsal.binding.api.DataBroker; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Main; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Urls; +import org.osgi.service.http.HttpService; +import org.osgi.service.http.NamespaceException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -70,7 +68,7 @@ public class AuthHttpServlet extends HttpServlet { private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName()); private static final long serialVersionUID = 1L; - public static final String BASEURI = "/oauth"; + private static final String BASEURI = "/oauth"; private static final String LOGINURI = BASEURI + "/login"; private static final String LOGOUTURI = BASEURI + "/logout"; private static final String PROVIDERSURI = BASEURI + "/providers"; @@ -93,20 +91,26 @@ public class AuthHttpServlet extends HttpServlet { private static final String CLASSNAME_ODLMDSALAUTH = "org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter"; public static final String LOGIN_REDIRECT_FORMAT = LOGINURI + "/%s"; + private static final String URI_PRE = BASEURI; + private static final String CONFIGFILE ="/opt/opendaylight/etc/opendaylight/datastore/initial/config/aaa-app-config.xml"; private final ObjectMapper mapper; /* state <=> AuthProviderService> */ private final Map providerStore; private final TokenCreator tokenCreator; private final Config config; - private static Authenticator odlAuthenticator; - private static IdMService odlIdentityService; - private static ShiroConfiguration shiroConfiguration; private static MdSalAuthorizationStore mdsalAuthStore; + private PasswordCredentialAuth passwordCredentialAuth; + private OdlShiroConfiguration shiroConfiguration; public AuthHttpServlet() throws IllegalArgumentException, IOException, InvalidConfigurationException, UnableToConfigureOAuthService { + this(CONFIGFILE); + } + public AuthHttpServlet(String shiroconfigfile) throws IllegalArgumentException, IOException, InvalidConfigurationException, + UnableToConfigureOAuthService { this.config = Config.getInstance(); + this.shiroConfiguration = loadShiroConfig(shiroconfigfile); this.tokenCreator = TokenCreator.getInstance(this.config); this.mapper = new ObjectMapper(); this.providerStore = new HashMap<>(); @@ -116,20 +120,33 @@ public class AuthHttpServlet extends HttpServlet { } } - public void setOdlAuthenticator(Authenticator odlAuthenticator2) { - odlAuthenticator = odlAuthenticator2; + public void setDataBroker(DataBroker dataBroker) { + CustomizedMDSALDynamicAuthorizationFilter.setDataBroker(dataBroker); + mdsalAuthStore = new MdSalAuthorizationStore(dataBroker); } - public void setOdlIdentityService(IdMService odlIdentityService2) { - odlIdentityService = odlIdentityService2; + public void setPasswordCredentialAuth(PasswordCredentialAuth passwordCredentialAuth) { + this.passwordCredentialAuth = passwordCredentialAuth; } - public void setShiroConfiguration(ShiroConfiguration shiroConfiguration2) { - shiroConfiguration = shiroConfiguration2; + + public void onUnbindService(HttpService httpService) { + httpService.unregister(AuthHttpServlet.URI_PRE); + } - public void setDataBroker(DataBroker dataBroker) { - mdsalAuthStore = new MdSalAuthorizationStore(dataBroker); + public void onBindService(HttpService httpService) + throws ServletException, NamespaceException { + if (httpService == null) { + LOG.warn("Unable to inject HttpService into loader."); + } else { + httpService.registerServlet(AuthHttpServlet.URI_PRE, this, null, null); + LOG.info("oauth servlet registered."); + } + } + private static OdlShiroConfiguration loadShiroConfig(String filename) throws IOException { + OdlXmlMapper mapper = new OdlXmlMapper(); + return mapper.readValue(new File(filename), OdlShiroConfiguration.class); } @Override @@ -158,10 +175,6 @@ public class AuthHttpServlet extends HttpServlet { if (redirectUrl == null) { redirectUrl = this.config.getPublicUrl(); } - // if nothing configured and nothing from request - if(redirectUrl == null || redirectUrl.isBlank()){ - redirectUrl="/"; - } UserTokenPayload userInfo = this.tokenCreator.decode(bearerToken); if (bearerToken != null && userInfo != null && !userInfo.isInternal()) { AuthService provider = this.providerStore.getOrDefault(userInfo.getProviderId(), null); @@ -194,27 +207,26 @@ public class AuthHttpServlet extends HttpServlet { /** * find out what urls can be accessed by user and which are forbidden - * + *

* urlEntries: "anon" -> any access allowed "authcXXX" -> no grouping rule -> any access for user allowed "authcXXX, * roles[abc] -> user needs to have role abc "authcXXX, roles["abc,def"] -> user needs to have roles abc AND def * "authcXXX, anyroles[abc] -> user needs to have role abc "authcXXX, anyroles["abc,def"] -> user needs to have * roles abc OR def * - * * @param req * @return */ private List getPoliciesForUser(HttpServletRequest req) { - List urlRules = shiroConfiguration.getUrls(); - UserTokenPayload data = this.getUserInfo(req); List policies = new ArrayList<>(); + List urlRules = this.shiroConfiguration.getUrls(); + UserTokenPayload data = this.getUserInfo(req); if (urlRules != null) { LOG.debug("try to find rules for user {} with roles {}", data == null ? "null" : data.getPreferredUsername(), data == null ? "null" : data.getRoles()); final String regex = "^([^,]+)[,]?[\\ ]?([anyroles]+)?(\\[\"?([a-zA-Z,]+)\"?\\])?"; final Pattern pattern = Pattern.compile(regex); Matcher matcher; - for (Urls urlRule : urlRules) { + for (UrlItem urlRule : urlRules) { matcher = pattern.matcher(urlRule.getPairValue()); if (matcher.find()) { try { @@ -223,7 +235,7 @@ public class AuthHttpServlet extends HttpServlet { //anon access allowed if (authClass == null) { policy = Optional.of(OdlPolicy.allowAll(urlRule.getPairKey())); - } else if (authClass.equals(CLASSNAME_ODLBASICAUTH)) { + } else if (authClass.equals(CLASSNAME_ODLBASICAUTH) || "authcBasic".equals(urlRule.getPairKey())) { policy = isBasic(req) ? this.getTokenBasedPolicy(urlRule, matcher, data) : Optional.of(OdlPolicy.denyAll(urlRule.getPairKey())); } else if (authClass.equals(CLASSNAME_ODLBEARERANDBASICAUTH)) { @@ -259,7 +271,7 @@ public class AuthHttpServlet extends HttpServlet { * @param data * @return */ - private Optional getMdSalBasedPolicy(Urls urlRule, UserTokenPayload data) { + private Optional getMdSalBasedPolicy(UrlItem urlRule, UserTokenPayload data) { if (mdsalAuthStore != null) { return data != null ? mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles()) : Optional.of(OdlPolicy.denyAll(urlRule.getPairKey())); @@ -275,7 +287,8 @@ public class AuthHttpServlet extends HttpServlet { * @param data * @return */ - private Optional getTokenBasedPolicy(Urls urlRule, Matcher matcher, UserTokenPayload data) { + private Optional getTokenBasedPolicy(UrlItem urlRule, Matcher matcher, + UserTokenPayload data) { final String url = urlRule.getPairKey(); final String rule = urlRule.getPairValue(); if (!rule.contains(",")) { @@ -312,8 +325,11 @@ public class AuthHttpServlet extends HttpServlet { if ("anon".equals(key)) { return null; } - List

list = shiroConfiguration.getMain(); - Optional
main = + if("authcBasic".equals(key)){ + return CLASSNAME_ODLBASICAUTH; + } + List list = shiroConfiguration.getMain(); + Optional main = list == null ? Optional.empty() : list.stream().filter(e -> e.getPairKey().equals(key)).findFirst(); if (main.isPresent()) { return main.get().getPairValue(); @@ -334,7 +350,7 @@ public class AuthHttpServlet extends HttpServlet { if (!username.contains("@")) { username = String.format("%s@%s", username, domain); } - List roles = odlIdentityService.listRoles(username, domain); + List roles = List.of();// odlIdentityService.listRoles(username, domain); return UserTokenPayload.createInternal(username, roles); } } @@ -361,12 +377,12 @@ public class AuthHttpServlet extends HttpServlet { private static boolean isBasic(HttpServletRequest req) { final String header = req.getHeader(HEAEDER_AUTHORIZATION); - return header == null ? false : header.startsWith("Basic"); + return header != null && header.startsWith("Basic"); } private static boolean isBearer(HttpServletRequest req) { final String header = req.getHeader(HEAEDER_AUTHORIZATION); - return header == null ? false : header.startsWith("Bearer"); + return header != null && header.startsWith("Bearer"); } private boolean rolesMatch(List userRoles, List policyRoles, boolean any) { @@ -399,7 +415,7 @@ public class AuthHttpServlet extends HttpServlet { hostUrl = matcher.group(1); } } - LOG.debug("host={}", hostUrl); + LOG.info("host={}", hostUrl); return hostUrl; } @@ -451,17 +467,21 @@ public class AuthHttpServlet extends HttpServlet { } } - resp.sendError(HttpServletResponse.SC_NOT_FOUND); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST); } private BearerToken doLogin(String username, String password, String domain) { - if (!username.contains("@")) { - username = String.format("%s@%s", username, domain); + + PasswordCredentials pc = + (new PasswordCredentialBuilder()).setUserName(username).setPassword(password).setDomain(domain).build(); + Claim claim = null; + try { + claim = this.passwordCredentialAuth.authenticate(pc); + } catch (AuthenticationException e) { + LOG.warn("unable to authentication user {} for domain {}: ", username, domain, e); } - HttpServletRequest req = new HeadersOnlyHttpServletRequest( - Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue(username, password))); - if (odlAuthenticator.authenticate(req)) { - List roles = odlIdentityService.listRoles(username, domain); + if (claim != null) { + List roles = claim.roles().stream().toList();//odlIdentityService.listRoles(username, domain); UserTokenPayload data = new UserTokenPayload(); data.setPreferredUsername(username); data.setFamilyName(""); @@ -470,15 +490,16 @@ public class AuthHttpServlet extends HttpServlet { data.setExp(this.tokenCreator.getDefaultExp()); data.setRoles(roles); return this.tokenCreator.createNewJWT(data); - + } else { + LOG.info("unable to read auth from authservice"); } return null; } - private void sendResponse(HttpServletResponse resp, int code) throws IOException { +/* private void sendResponse(HttpServletResponse resp, int code) throws IOException { this.sendResponse(resp, code, null); - } + }*/ private void sendResponse(HttpServletResponse resp, int code, Object data) throws IOException { byte[] output = data != null ? mapper.writeValueAsString(data).getBytes() : new byte[0]; @@ -486,14 +507,13 @@ public class AuthHttpServlet extends HttpServlet { resp.setStatus(code); resp.setContentLength(output.length); resp.setContentType("application/json"); - ServletOutputStream os = null; - os = resp.getOutputStream(); + ServletOutputStream os = resp.getOutputStream(); os.write(output); } private void logout() { - final Subject subject = SecurityUtils.getSubject(); + /* final Subject subject = SecurityUtils.getSubject(); try { subject.logout(); Session session = subject.getSession(false); @@ -502,6 +522,6 @@ public class AuthHttpServlet extends HttpServlet { } } catch (ShiroException e) { LOG.debug("Couldn't log out {}", subject, e); - } + }*/ } } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java similarity index 98% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java index fc6869751..d271948c2 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java @@ -102,7 +102,7 @@ public class GitlabProviderService extends AuthService { @Override protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) { - LOG.debug("reqesting user roles with token={}", access_token); + LOG.info("reqesting user roles with token={}", access_token); Map authHeaders = new HashMap<>(); authHeaders.put("Authorization", String.format("Bearer %s", access_token)); Optional> userInfo = diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java similarity index 94% rename from sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java rename to sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java index 436d47827..d8720e823 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java @@ -157,18 +157,16 @@ public class TokenCreator { public String getBearerToken(HttpServletRequest req, boolean checkCookie) { final String authHeader = req.getHeader("Authorization"); if ((authHeader == null || !authHeader.startsWith("Bearer")) && checkCookie) { - if(req!=null) { - Cookie[] cookies = req.getCookies(); - Optional ocookie = Optional.empty(); - if (cookies != null) { - ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName())) - .findFirst(); - } - if (ocookie.isEmpty()) { - return null; - } - return ocookie.get().getValue(); + Cookie[] cookies = req.getCookies(); + Optional ocookie = Optional.empty(); + if (cookies != null) { + ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName())) + .findFirst(); } + if (ocookie.isEmpty()) { + return null; + } + return ocookie.get().getValue(); } return authHeader.substring(7); } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java similarity index 92% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java index 7b4adefda..3e9205733 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java @@ -21,9 +21,11 @@ */ package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test; +import java.util.Set; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.fail; +import org.junit.Ignore; import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.verify; @@ -45,6 +47,7 @@ import org.jolokia.osgi.security.Authenticator; import org.json.JSONArray; import org.junit.BeforeClass; import org.junit.Test; +import org.mockito.internal.matchers.Any; import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient; import org.onap.ccsdk.features.sdnr.wt.common.test.ServletOutputStreamToByteArrayOutputStream; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config; @@ -57,8 +60,12 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.HeadersOnlyHttpServlet import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlJsonMapper; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlXmlMapper; +import org.opendaylight.aaa.api.Claim; import org.opendaylight.aaa.api.IdMService; import org.apache.shiro.authc.BearerToken; +import org.opendaylight.aaa.api.PasswordCredentialAuth; +import org.opendaylight.aaa.api.PasswordCredentials; +import org.opendaylight.aaa.shiro.web.env.AAAShiroWebEnvironment; import org.opendaylight.mdsal.binding.api.DataBroker; import org.opendaylight.mdsal.binding.api.ReadTransaction; import org.opendaylight.mdsal.common.api.LogicalDatastoreType; @@ -79,7 +86,7 @@ public class TestAuthHttpServlet { private static DataBroker dataBroker = loadDynamicMdsalAuthDataBroker(); private static Authenticator odlAuthenticator = mock(Authenticator.class); private static IdMService odlIdentityService = mock(IdMService.class); - private static ShiroConfiguration shiroConfiguration = null; + private static PasswordCredentialAuth passwordCredentialAuth; private static TokenCreator tokenCreator; // private static final HttpServletRequest authreq = new HeadersOnlyHttpServletRequest( // Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue("admin@sdn", "admin"))); @@ -91,14 +98,13 @@ public class TestAuthHttpServlet { Config config = createConfigFile(); tokenCreator = TokenCreator.getInstance(config); servlet = new TestServlet(); - shiroConfiguration = loadShiroConfig(TESTSHIROCONFIGFILE); } catch (IOException | InvalidConfigurationException e) { fail(e.getMessage()); } servlet.setDataBroker(dataBroker); - servlet.setOdlAuthenticator(odlAuthenticator); - servlet.setOdlIdentityService(odlIdentityService); - servlet.setShiroConfiguration(shiroConfiguration); + passwordCredentialAuth = mock(PasswordCredentialAuth.class); + + servlet.setPasswordCredentialAuth(passwordCredentialAuth); } private static DataBroker loadDynamicMdsalAuthDataBroker() { @@ -170,7 +176,33 @@ public class TestAuthHttpServlet { when(req.getRequestURI()).thenReturn("/oauth/login"); when(req.getParameter("username")).thenReturn("admin"); when(req.getParameter("password")).thenReturn("admin"); - when(odlAuthenticator.authenticate(any(HeadersOnlyHttpServletRequest.class))).thenReturn(true); + Claim claim = new Claim() { + @Override + public String clientId() { + return "admin"; + } + + @Override + public String userId() { + return "admin"; + } + + @Override + public String user() { + return null; + } + + @Override + public String domain() { + return "sdn"; + } + + @Override + public Set roles() { + return Set.of("admin"); + } + }; + when(passwordCredentialAuth.authenticate(any(PasswordCredentials.class))).thenReturn(claim); HttpServletResponse resp = mock(HttpServletResponse.class); ServletOutputStreamToByteArrayOutputStream printOut = new ServletOutputStreamToByteArrayOutputStream(); try { @@ -207,6 +239,9 @@ public class TestAuthHttpServlet { } @Test +/* + @Ignore +*/ public void testPoliciesAnon() { HttpServletRequest req = mock(HttpServletRequest.class); @@ -267,13 +302,13 @@ public class TestAuthHttpServlet { assertEquals(9, anonPolicies.length); OdlPolicy pApidoc = find(anonPolicies, "/apidoc/**"); assertNotNull(pApidoc); - assertAllEquals(true, pApidoc); + assertAllEquals(false, pApidoc); OdlPolicy pOauth = find(anonPolicies, "/oauth/**"); assertNotNull(pOauth); assertAllEquals(true, pOauth); OdlPolicy pRestconf = find(anonPolicies, "/rests/**"); assertNotNull(pRestconf); - assertAllEquals(true, pRestconf); + assertAllEquals(false, pRestconf); } @Test @@ -353,7 +388,7 @@ public class TestAuthHttpServlet { private static final long serialVersionUID = 1L; public TestServlet() throws IllegalArgumentException, Exception { - super(); + super(TESTSHIROCONFIGFILE); } @Override diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java similarity index 90% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java index c1d3fd1ea..ebf01a1ba 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java @@ -31,8 +31,6 @@ import java.io.IOException; import java.util.Arrays; import java.util.HashSet; import java.util.List; -import java.util.function.Supplier; - import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -48,50 +46,44 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService; import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator; import org.opendaylight.aaa.api.Authentication; -import org.opendaylight.aaa.api.AuthenticationService; import org.opendaylight.aaa.api.TokenStore; import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal; import org.opendaylight.aaa.shiro.realm.TokenAuthRealm; import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager; import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators; -import org.opendaylight.mdsal.binding.api.DataBroker; public class TestRealm { private static OAuth2RealmToTest realm; private static TokenCreator tokenCreator; - private static final AuthenticationManager authManager = new AuthenticationManager(); - private static final TokenAuthenticators tokenAuth = new TokenAuthenticators(); - - private static final TokenStore tokenStore = new TokenStore(){ - - @Override - public void put(String token, Authentication auth) { - - } - - @Override - public Authentication get(String token) { - return null; - } - - @Override - public boolean delete(String token) { - return false; - } - - @Override - public long tokenExpiration() { - return 0; - } - }; @BeforeClass public static void init() throws IllegalArgumentException, Exception { - TokenAuthRealm.prepareForLoad(authManager,tokenAuth,tokenStore); + try { Config config = Config.getInstance(TestConfig.TEST_CONFIG_FILENAME); tokenCreator = TokenCreator.getInstance(config); + TokenAuthRealm.prepareForLoad(new AuthenticationManager(), new TokenAuthenticators(), new TokenStore() { + @Override + public void put(String token, Authentication auth) { + + } + + @Override + public Authentication get(String token) { + return null; + } + + @Override + public boolean delete(String token) { + return false; + } + + @Override + public long tokenExpiration() { + return 0; + } + }); realm = new OAuth2RealmToTest(); } catch (IOException e) { fail(e.getMessage()); diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java similarity index 93% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java index b0cc0253b..7d51b2fe8 100644 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java @@ -42,12 +42,12 @@ public class OdlJsonMapper extends ObjectMapper { this.enable(MapperFeature.USE_GETTERS_AS_SETTERS); YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector(); //introspector.addDeserializer(Main.class, ShiroMainBuilder.class.getName()); - introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName()); + //introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName()); this.setAnnotationIntrospector(introspector); this.registerModule(new YangToolsModule()); } - public static class PermissionsBuilder { + /* public static class PermissionsBuilder implements Builder { private Permissions _value; public PermissionsBuilder() { @@ -57,9 +57,9 @@ public class OdlJsonMapper extends ObjectMapper { this._value = value; } - + @Override public Permissions build() { return this._value; } - } + }*/ } diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java rename to sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java diff --git a/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml new file mode 100644 index 000000000..e46508d68 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml @@ -0,0 +1,77 @@ + + + + + + +
+ tokenAuthRealm + org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm +
+ +
+ securityManager.realms + $tokenAuthRealm +
+ +
+ anyroles + org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter +
+
+ authcBearer + org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2 +
+ +
+ accountingListener + org.opendaylight.aaa.shiro.filters.AuthenticationListener +
+
+ securityManager.authenticator.authenticationListeners + $accountingListener +
+ +
+ dynamicAuthorization + org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter +
+ + + /**/operations/cluster-admin** + dynamicAuthorization + + + /**/v1/** + authcBearer, roles[admin] + + + /**/config/aaa*/** + authcBearer, roles[admin] + + + /oauth/** + anon + + + /odlux/** + anon + + + /apidoc/** + authcBasic, roles[admin] + + + /test123/** + authcBasic + + + /rests/** + authcBearer, anyroles["admin,provision"] + + + /** + authcBearer, anyroles["admin,provision"] + + + diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json similarity index 100% rename from sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json rename to sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json diff --git a/sdnr/wt/oauth-provider/provider-osgi/pom.xml b/sdnr/wt/oauth-provider/oauth-realm/pom.xml similarity index 89% rename from sdnr/wt/oauth-provider/provider-osgi/pom.xml rename to sdnr/wt/oauth-provider/oauth-realm/pom.xml index 99634cbeb..7cd840cbc 100644 --- a/sdnr/wt/oauth-provider/provider-osgi/pom.xml +++ b/sdnr/wt/oauth-provider/oauth-realm/pom.xml @@ -22,6 +22,7 @@ ~ ============LICENSE_END======================================================= ~ --> + 4.0.0 @@ -33,8 +34,8 @@ org.onap.ccsdk.features.sdnr.wt - sdnr-wt-oauth-provider - 1.6.0-SNAPSHOT + sdnr-wt-oauth-realm + 1.6.3-SNAPSHOT bundle ccsdk-features :: ${project.artifactId} @@ -53,7 +54,7 @@ ${project.groupId} - sdnr-wt-oauth-provider-jar + sdnr-wt-oauth-core ${project.version} @@ -88,8 +89,6 @@ org.onap.ccsdk.features.sdnr.wt.oauthprovider;version=${project.version}, org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;version=${project.version}, - org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version}, - org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version}, org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;version=${project.version}, org.onap.ccsdk.features.sdnr.wt.oauthprovider.services;version=${project.version} @@ -108,22 +107,22 @@ javax.xml.parsers, javax.xml.namespace, javax.xml.transform.stream, + org.apache.commons.codec.binary, + org.apache.shiro, org.apache.shiro.authc, org.apache.shiro.authz, org.apache.shiro.realm, org.apache.shiro.subject, + org.apache.shiro.web.filter.authc, org.apache.shiro.web.filter.authz, + org.apache.shiro.web.util, org.jolokia.osgi.security, org.onap.ccsdk.features.sdnr.wt.common.http, org.opendaylight.aaa.api, org.opendaylight.aaa.api.shiro.principal, org.opendaylight.aaa.shiro.realm, - org.opendaylight.aaa.shiro.filters, - org.opendaylight.aaa.shiro.web.env, org.opendaylight.mdsal.binding.api, org.opendaylight.mdsal.common.api, - org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619, - org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration, org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214, org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization, org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies, @@ -131,7 +130,7 @@ org.opendaylight.yangtools.concepts, org.opendaylight.yangtools.yang.binding, org.opendaylight.yangtools.yang.common, - org.osgi.service.http, + org.slf4j, com.fasterxml.jackson.databind, com.fasterxml.jackson.databind.deser.std, com.fasterxml.jackson.databind.ser.std, @@ -139,7 +138,6 @@ com.fasterxml.jackson.annotation, com.fasterxml.jackson.core.type, com.fasterxml.jackson.core, - org.apache.commons.codec.binary, com.google.common.base, com.google.common.collect, com.google.common.util.concurrent @@ -147,7 +145,7 @@ *;scope=compile|runtime;inline=false *;scope=compile|runtime;artifactId=!shiro-core;inline=false true - org.opendaylight.aaa.repackaged-shiro + org.opendaylight.aaa.shiro diff --git a/sdnr/wt/oauth-provider/oauth-web/pom.xml b/sdnr/wt/oauth-provider/oauth-web/pom.xml new file mode 100644 index 000000000..668f92fd8 --- /dev/null +++ b/sdnr/wt/oauth-provider/oauth-web/pom.xml @@ -0,0 +1,155 @@ + + + + + 4.0.0 + + + org.onap.ccsdk.parent + binding-parent + 2.6.1 + + + + org.onap.ccsdk.features.sdnr.wt + sdnr-wt-oauth-web + 1.6.3-SNAPSHOT + bundle + + ccsdk-features :: ${project.artifactId} + + + Apache License, Version 2.0 + http://www.apache.org/licenses/LICENSE-2.0 + + + + + true + true + + + + ${project.groupId} + sdnr-wt-oauth-core + ${project.version} + + + org.opendaylight.aaa + aaa-shiro + + + org.opendaylight.aaa + aaa-shiro + + + org.apache.shiro + shiro-web + + + ${project.groupId} + sdnr-wt-common + + + + + + + + org.apache.felix + maven-bundle-plugin + true + + + ${project.artifactId} + ${project.version} + + org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version}, + org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version} + + + javax.servlet, + javax.servlet.http, + javax.net.ssl, + javax.crypto, + javax.crypto.spec, + javax.xml.transform, + javax.xml.datatype, + javax.management, + javax.security.auth, + javax.security.auth.login, + javax.security.auth.callback, + javax.xml.parsers, + javax.xml.namespace, + javax.xml.transform.stream, + org.apache.commons.codec.binary, + org.apache.shiro, + org.apache.shiro.authc, + org.apache.shiro.authz, + org.apache.shiro.config, + org.apache.shiro.realm, + org.apache.shiro.subject, + org.apache.shiro.web.env, + org.apache.shiro.web.filter.authz, + org.jolokia.osgi.security, + org.onap.ccsdk.features.sdnr.wt.common.http, + org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions, + org.opendaylight.aaa.api, + org.opendaylight.aaa.api.shiro.principal, + org.opendaylight.aaa.shiro.realm, + org.opendaylight.aaa.shiro.web.env, + org.opendaylight.aaa.tokenauthrealm.auth, + org.opendaylight.mdsal.binding.api, + org.opendaylight.mdsal.common.api, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies, + org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission, + org.opendaylight.yangtools.concepts, + org.opendaylight.yangtools.yang.binding, + org.opendaylight.yangtools.yang.common, + org.osgi.service.http, + org.slf4j, + com.fasterxml.jackson.databind, + com.fasterxml.jackson.databind.deser.std, + com.fasterxml.jackson.databind.ser.std, + com.fasterxml.jackson.databind.module, + com.fasterxml.jackson.dataformat.xml, + com.fasterxml.jackson.annotation, + com.fasterxml.jackson.core.type, + com.fasterxml.jackson.core, + com.google.common.base, + com.google.common.collect, + com.google.common.util.concurrent + + + *;scope=compile|runtime;artifactId=sdnr-wt-oauth-core,java-jwt,bcprov-jdk15on,aaa-shiro;inline=false + true + + + + + + diff --git a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml similarity index 57% rename from sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml rename to sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml index a8258dc8b..c782e3ee1 100644 --- a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml +++ b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml @@ -26,32 +26,16 @@ - - - - - - - - - - - - - + + - + - - - - - - - + + + diff --git a/sdnr/wt/oauth-provider/pom.xml b/sdnr/wt/oauth-provider/pom.xml index 587d9679f..764c50c8d 100755 --- a/sdnr/wt/oauth-provider/pom.xml +++ b/sdnr/wt/oauth-provider/pom.xml @@ -34,14 +34,15 @@ org.onap.ccsdk.features.sdnr.wt sdnr-wt-oauth-provider-top - 1.6.0-SNAPSHOT + 1.6.3-SNAPSHOT pom ccsdk-features :: ${project.artifactId} - provider-jar - provider-osgi + oauth-core + oauth-realm + oauth-web diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java deleted file mode 100644 index 38947a124..000000000 --- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java +++ /dev/null @@ -1,66 +0,0 @@ -package org.onap.ccsdk.features.sdnr.wt.oauthprovider; - -import org.jolokia.osgi.security.Authenticator; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService; -import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet; -import org.opendaylight.aaa.api.IdMService; -import org.opendaylight.mdsal.binding.api.DataBroker; -import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration; -import org.osgi.service.http.HttpService; -import org.osgi.service.http.NamespaceException; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import javax.servlet.ServletException; -import java.io.IOException; - -public class Helper { - - private static final Logger LOG = LoggerFactory.getLogger(Helper.class); - private AuthHttpServlet authServlet; - - public Helper() throws UnableToConfigureOAuthService, IOException, InvalidConfigurationException { - this.authServlet = new AuthHttpServlet(); - - } - - public void onUnbindService(HttpService httpService) { - httpService.unregister(AuthHttpServlet.BASEURI); - this.authServlet = null; - } - - public void onBindService(HttpService httpService) - throws ServletException, NamespaceException { - if (httpService == null) { - LOG.warn("Unable to inject HttpService into loader."); - } else { - httpService.registerServlet(AuthHttpServlet.BASEURI, authServlet, null, null); - LOG.info("auth servlet registered."); - } - } - - public void setOdlAuthenticator(Authenticator odlAuthenticator) { - authServlet.setOdlAuthenticator(odlAuthenticator); - } - - public void setOdlIdentityService(IdMService odlIdentityService) { - this.authServlet.setOdlIdentityService(odlIdentityService); - } - - public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) { - this.authServlet.setShiroConfiguration(shiroConfiguration); - } - - public void setDataBroker(DataBroker dataBroker) { - this.authServlet.setDataBroker(dataBroker); - } - - public void init() { - - } - - public void close() { - - } -} diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml deleted file mode 100644 index 1929fde8e..000000000 --- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml +++ /dev/null @@ -1,353 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - -
- tokenAuthRealm - org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm -
- - - - - - - - - - - -
- securityManager.realms - $tokenAuthRealm -
- -
- authcBasic - org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter -
-
- anyroles - org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter -
-
- authcBearer - org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2 -
- - - - -
- accountingListener - org.opendaylight.aaa.shiro.filters.AuthenticationListener -
-
- securityManager.authenticator.authenticationListeners - $accountingListener -
- - -
- dynamicAuthorization - org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter -
- - - - - - - - - /**/operations/cluster-admin** - dynamicAuthorization - - - /**/v1/** - authcBearer, roles[admin] - - - /**/config/aaa*/** - authcBearer, roles[admin] - - - /oauth/** - anon - - - /odlux/** - anon - - - /apidoc/** - authcBasic, roles[admin] - - - /test123/** - authcBasic - - - /rests/** - authcBearer, anyroles["admin,provision"] - - - /** - authcBearer, anyroles["admin,provision"] - - - diff --git a/sdnr/wt/odlux/apps/mediatorApp/pom.xml b/sdnr/wt/odlux/apps/mediatorApp/pom.xml index 86b61ca46..d9735cb07 100644 --- a/sdnr/wt/odlux/apps/mediatorApp/pom.xml +++ b/sdnr/wt/odlux/apps/mediatorApp/pom.xml @@ -31,7 +31,7 @@ org.onap.ccsdk.features.sdnr.wt sdnr-wt-odlux-app-mediatorApp - 1.6.0-SNAPSHOT + 1.6.3-SNAPSHOT bundle ccsdk-features :: ${project.artifactId} diff --git a/sdnr/wt/pom.xml b/sdnr/wt/pom.xml index ccd263ec8..9031e8b96 100644 --- a/sdnr/wt/pom.xml +++ b/sdnr/wt/pom.xml @@ -49,7 +49,7 @@ odlux netconfnode-state-service mountpoint-state-provider - + oauth-provider featureaggregator -- 2.16.6