From b436cd173daa367e15951f0c1f84f8b842a1e347 Mon Sep 17 00:00:00 2001 From: "Determe, Sebastien (sd378r)" Date: Tue, 8 Aug 2017 03:04:02 -0700 Subject: [PATCH] Rework the authentication Add more granularity in the default authentication mechanism + Add some unit tests with Json to validate the json decoder Change-Id: I89d0ef94e99fc8aa0c1e8c6432b5aa30a0a5ac88 Issue-Id: CLAMP-1 Signed-off-by: Determe, Sebastien (sd378r) --- .../onap/clamp/clds/config/CldsConfiguration.java | 64 ++++++-- .../onap/clamp/clds/config/CldsSecurityConfig.java | 99 +++++------- .../clamp/clds/config/CldsUserJsonDecoder.java | 46 ++++++ .../java/org/onap/clamp/clds/service/CldsUser.java | 84 +++++++++++ .../clamp/clds/service/DefaultUserNameHandler.java | 47 ++++++ .../onap/clamp/clds/service/LogServiceImpl.java | 166 ++++++++++++--------- .../onap/clamp/clds/service/UserNameHandler.java | 31 ++++ .../org/onap/clamp/clds/service/UserService.java | 54 +++++++ .../onap/clamp/clds/service/UserServiceImpl.java | 46 ++++++ src/main/resources/clds/clds-users.json | 15 ++ src/main/resources/clds/clds-users.properties | 7 - .../clamp/clds/config/CldsUserJsonDecoderTest.java | 85 +++++++++++ .../clds/clds-users-incomplete-permissions.json | 14 ++ .../resources/clds/clds-users-no-permission.json | 9 ++ src/test/resources/clds/clds-users-two-users.json | 28 ++++ 15 files changed, 635 insertions(+), 160 deletions(-) create mode 100644 src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java create mode 100644 src/main/java/org/onap/clamp/clds/service/CldsUser.java create mode 100644 src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java create mode 100644 src/main/java/org/onap/clamp/clds/service/UserNameHandler.java create mode 100644 src/main/java/org/onap/clamp/clds/service/UserService.java create mode 100644 src/main/java/org/onap/clamp/clds/service/UserServiceImpl.java create mode 100644 src/main/resources/clds/clds-users.json delete mode 100644 src/main/resources/clds/clds-users.properties create mode 100644 src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java create mode 100644 src/test/resources/clds/clds-users-incomplete-permissions.json create mode 100644 src/test/resources/clds/clds-users-no-permission.json create mode 100644 src/test/resources/clds/clds-users-two-users.json diff --git a/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java b/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java index 814d2c6a..19c91643 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java @@ -23,9 +23,27 @@ package org.onap.clamp.clds.config; -import com.att.ajsc.common.AjscProvider; -import com.att.ajsc.common.AjscService; -import org.onap.clamp.clds.client.*; +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import javax.sql.DataSource; +import javax.xml.transform.TransformerConfigurationException; + +import org.onap.clamp.clds.client.CldsEventDelegate; +import org.onap.clamp.clds.client.DcaeDispatcherServices; +import org.onap.clamp.clds.client.DcaeInventoryServices; +import org.onap.clamp.clds.client.DcaeReqDelegate; +import org.onap.clamp.clds.client.DcaeReqDeleteDelegate; +import org.onap.clamp.clds.client.OperationalPolicyDelegate; +import org.onap.clamp.clds.client.OperationalPolicyDeleteDelegate; +import org.onap.clamp.clds.client.PolicyClient; +import org.onap.clamp.clds.client.SdcCatalogServices; +import org.onap.clamp.clds.client.SdcSendReqDelegate; +import org.onap.clamp.clds.client.StringMatchPolicyDelegate; +import org.onap.clamp.clds.client.StringMatchPolicyDeleteDelegate; +import org.onap.clamp.clds.client.TcaPolicyDelegate; +import org.onap.clamp.clds.client.TcaPolicyDeleteDelegate; import org.onap.clamp.clds.dao.CldsDao; import org.onap.clamp.clds.model.refprop.RefProp; import org.onap.clamp.clds.transform.XslTransformer; @@ -37,11 +55,8 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; -import javax.sql.DataSource; -import javax.xml.transform.TransformerConfigurationException; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; +import com.att.ajsc.common.AjscProvider; +import com.att.ajsc.common.AjscService; @Configuration @Profile("clamp-default") @@ -54,20 +69,18 @@ public class CldsConfiguration { * Clds Identity databse DataSource configuration */ @Bean(name = "cldsDataSource") - @ConfigurationProperties(prefix = "spring.cldsdatasource") + @ConfigurationProperties(prefix = "spring.datasource.cldsdb") public DataSource cldsDataSource() { - return DataSourceBuilder - .create() - .build(); + return DataSourceBuilder.create().build(); } @Bean(name = "jaxrsProviders") - public List jaxrsProviders() { + public List jaxrsProviders() { return new ArrayList(context.getBeansWithAnnotation(AjscProvider.class).values()); } @Bean(name = "jaxrsServices") - public List jaxrsServices() { + public List jaxrsServices() { return new ArrayList(context.getBeansWithAnnotation(AjscService.class).values()); } @@ -136,7 +149,28 @@ public class CldsConfiguration { } @Bean(name = "sdcCatalogServices") - public SdcCatalogServices getAsdcCatalogServices() { + public SdcCatalogServices getSdcCatalogServices() { return new SdcCatalogServices(); } + + @Bean(name = "dcaeDispatcherServices") + public DcaeDispatcherServices getDcaeDispatcherServices() { + return new DcaeDispatcherServices(); + } + + @Bean(name = "dcaeInventoryServices") + public DcaeInventoryServices getDcaeInventoryServices() { + return new DcaeInventoryServices(); + } + + @Bean(name = "tcaPolicyDelegate") + public TcaPolicyDelegate getTcaPolicyDelegate() { + return new TcaPolicyDelegate(); + } + + @Bean(name = "tcaPolicyDeleteDelegate") + public TcaPolicyDeleteDelegate getTcaPolicyDeleteDelegate() { + return new TcaPolicyDeleteDelegate(); + } + } \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java b/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java index 571ad4b4..7e6021c2 100644 --- a/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java +++ b/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java @@ -5,16 +5,16 @@ * Copyright (C) 2017 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== @@ -23,95 +23,64 @@ package org.onap.clamp.clds.config; +import org.onap.clamp.clds.service.CldsUser; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Configuration; -import org.springframework.core.io.Resource; +import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import java.io.BufferedReader; -import java.io.InputStreamReader; -import java.util.LinkedList; -import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; @Configuration @EnableWebSecurity +@Profile("clamp-spring-authentication") public class CldsSecurityConfig extends WebSecurityConfigurerAdapter { - private static final Logger logger = Logger.getLogger(CldsSecurityConfig.class.getName()); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsSecurityConfig.class); + protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger(); @Autowired - private ApplicationContext appContext; + private ApplicationContext appContext; - @Value("${org.onap.clamp.config.files.cldsUsers:'classpath:etc/config/clds/clds-users.properties'}") - private String cldsUsers; + @Value("${org.onap.clamp.config.files.cldsUsers:'classpath:etc/config/clds/clds-users.json'}") + private String cldsUsersFile; - private final static String ROLEPREFIX = "null|null|"; + @Value("${CLDS_PERMISSION_TYPE_CL:permission-type-cl}") + private String cldsPersmissionTypeCl; + + @Value("${CLDS_PERMISSION_INSTANCE:dev}") + private String cldsPermissionInstance; @Override protected void configure(HttpSecurity http) throws Exception { - http - .csrf().disable() - .authorizeRequests() - .anyRequest().authenticated() - .and() - .formLogin() - .loginPage("/login.html") - .permitAll() - .and() - .logout() - .permitAll(); + http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**") + .authenticated().anyRequest().permitAll().and().logout(); } @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { - List userList = loadUsers(); + CldsUser[] usersList = loadUsers(); // no users defined - if (null == userList || userList.isEmpty()) { - logger.log(Level.SEVERE, "No users defined. Users should be defined under clds/clds-users.properties."); + if (null == usersList) { + logger.warn("No users defined. Users should be defined under " + cldsUsersFile); return; } - for (String user : userList) { - String[] userInfo = user.split("[|]"); - if (userInfo.length != 3) { - logger.log(Level.SEVERE, "Defined User(" + user + ") is not in good format. User format should be:||. Role should be eiother 'read' or 'all'."); - continue; - } - - auth - .inMemoryAuthentication() - .withUser(userInfo[0]).password(userInfo[1]).roles(ROLEPREFIX + ("all".equalsIgnoreCase(userInfo[2]) ? "*" : userInfo[2])); - + for (CldsUser user : usersList) { + auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword()) + .roles(user.getPermissionsString()); } } - private boolean validUser(String[] userInfo) { - return ((userInfo != null) && (userInfo.length == 3) && (("all".equals(userInfo[2])) || ("read".equals(userInfo[2])))); - } - - private List loadUsers() throws Exception { + private CldsUser[] loadUsers() throws Exception { logger.info("Load from clds-users.properties"); - - Resource resource = appContext.getResource(cldsUsers); - BufferedReader input = new BufferedReader(new InputStreamReader(resource.getInputStream())); - - List userList = new LinkedList<>(); - - String line; - while ((line = input.readLine()) != null) { - if (!line.contains("#")) { - userList.add(line); - } - logger.info("line read:" + line); - } - return userList; + return CldsUserJsonDecoder.decodeJson(appContext.getResource(cldsUsersFile).getInputStream()); } -} \ No newline at end of file +} diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java new file mode 100644 index 00000000..997a20f0 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java @@ -0,0 +1,46 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.config; + +import java.io.IOException; +import java.io.InputStream; + +import org.onap.clamp.clds.service.CldsUser; + +import com.fasterxml.jackson.databind.ObjectMapper; + +public class CldsUserJsonDecoder { + + /** + * This method decodes the JSON file provided to a CldsUser Array. The + * stream is closed after this call, this is not possible to reuse it. + * + * @return CldsUser[] Array containing a list of the user defined in the + * JSON file + */ + public static CldsUser[] decodeJson(InputStream cldsUsersFile) throws IOException { + // the ObjectMapper readValue method closes the stream no need to do it + return new ObjectMapper().readValue(cldsUsersFile, CldsUser[].class); + } +} diff --git a/src/main/java/org/onap/clamp/clds/service/CldsUser.java b/src/main/java/org/onap/clamp/clds/service/CldsUser.java new file mode 100644 index 00000000..9db1e607 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/service/CldsUser.java @@ -0,0 +1,84 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.service; + +import java.util.Arrays; + +public class CldsUser { + + private String user; + + private String password; + + private SecureServicePermission[] permissions; + + /** + * @return the user + */ + public String getUser() { + return user; + } + + /** + * @param user + * the user to set + */ + public void setUser(String user) { + this.user = user; + } + + /** + * @return the password + */ + public String getPassword() { + return password; + } + + /** + * @param password + * the password to set + */ + public void setPassword(String password) { + this.password = password; + } + + /** + * @return the permissions + */ + public SecureServicePermission[] getPermissions() { + return permissions; + } + + public String[] getPermissionsString() { + return Arrays.stream(getPermissions()).map(perm -> perm.getKey()).toArray(String[]::new); + } + + /** + * @param permissions + * the permissions to set + */ + public void setPermissions(SecureServicePermission[] permissions) { + this.permissions = permissions; + } +} diff --git a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java new file mode 100644 index 00000000..511cafe1 --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java @@ -0,0 +1,47 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.service; + +import java.security.Principal; + +import javax.ws.rs.core.SecurityContext; + +public class DefaultUserNameHandler implements UserNameHandler { + + public DefaultUserNameHandler() { + } + + /* + * (non-Javadoc) + * + * @see + * org.onap.clamp.clds.service.PrincipalNameHandler#handleName(javax.ws.rs. + * core.SecurityContext) + */ + @Override + public String retrieveUserName(SecurityContext securityContext) { + Principal p = securityContext.getUserPrincipal(); + return (p == null ? "Not found" : p.getName()); + } +} diff --git a/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java b/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java index e7ee93a4..f38e129b 100644 --- a/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java +++ b/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java @@ -5,16 +5,16 @@ * Copyright (C) 2017 AT&T Intellectual Property. All rights * reserved. * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END============================================ * =================================================================== @@ -23,12 +23,19 @@ package org.onap.clamp.clds.service; -import com.att.ajsc.camunda.core.AttCamundaHistoryEvent; -import com.att.ajsc.camunda.core.AttCamundaService; -import com.att.ajsc.logging.AjscEelfManager; -import com.att.eelf.configuration.EELFLogger; -import com.google.gson.Gson; -import org.onap.clamp.clds.common.LogMessages; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import javax.mail.Message; +import javax.mail.MessagingException; +import javax.mail.Session; +import javax.mail.Transport; +import javax.mail.internet.InternetAddress; +import javax.mail.internet.MimeMessage; +import javax.ws.rs.core.Context; + import org.apache.commons.mail.Email; import org.apache.commons.mail.SimpleEmail; import org.apache.cxf.jaxrs.ext.MessageContext; @@ -37,33 +44,32 @@ import org.camunda.bpm.engine.RuntimeService; import org.camunda.bpm.engine.history.HistoricActivityInstance; import org.camunda.bpm.engine.impl.history.event.HistoricActivityInstanceEventEntity; import org.camunda.bpm.engine.runtime.ProcessInstance; +import org.onap.clamp.clds.common.LogMessages; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mail.MailException; import org.springframework.mail.SimpleMailMessage; import org.springframework.mail.javamail.JavaMailSenderImpl; import org.springframework.stereotype.Service; -import javax.mail.Message; -import javax.mail.MessagingException; -import javax.mail.Session; -import javax.mail.Transport; -import javax.mail.internet.InternetAddress; -import javax.mail.internet.MimeMessage; -import javax.ws.rs.core.Context; -import java.util.*; +import com.att.ajsc.camunda.core.AttCamundaHistoryEvent; +import com.att.ajsc.camunda.core.AttCamundaService; +import com.att.eelf.configuration.EELFLogger; +import com.att.eelf.configuration.EELFManager; +import com.google.gson.Gson; @Service public class LogServiceImpl implements LogService { - private static final EELFLogger logger = AjscEelfManager.getInstance().getLogger(LogServiceImpl.class); + protected static final EELFLogger logger = EELFManager.getInstance().getLogger(LogServiceImpl.class); + protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger(); @Autowired - private RuntimeService runtimeService; + private RuntimeService runtimeService; @Autowired - private HistoryService historyService; + private HistoryService historyService; @Context - private MessageContext context; + private MessageContext context; public void setRuntimeService(RuntimeService runtimeService) { this.runtimeService = runtimeService; @@ -93,7 +99,9 @@ public class LogServiceImpl implements LogService { } // BEGIN - added for send mail testing - // also added the following to the method signature: , @QueryParam("javamail") String javamail, @QueryParam("springmail") String springmail, @QueryParam("commonsmail") String commonsmail + // also added the following to the method signature: , + // @QueryParam("javamail") String javamail, @QueryParam("springmail") + // String springmail, @QueryParam("commonsmail") String commonsmail // if javamail parameter provided, assume it contains an email address. // use Java Mail to send an email from that address, to that address if (javamail != null && javamail.length() > 0) { @@ -104,11 +112,11 @@ public class LogServiceImpl implements LogService { Session session = Session.getInstance(props); MimeMessage msg = new MimeMessage(session); - msg.setFrom(new InternetAddress(javamail)); //eMail.setFrom + msg.setFrom(new InternetAddress(javamail)); // eMail.setFrom - InternetAddress[] fromAddresses = {new InternetAddress(javamail)}; - msg.setReplyTo(fromAddresses); //eMail.addReplyTo - msg.setSubject("test message using javax.mail"); //eMail.setSubject + InternetAddress[] fromAddresses = { new InternetAddress(javamail) }; + msg.setReplyTo(fromAddresses); // eMail.addReplyTo + msg.setSubject("test message using javax.mail"); // eMail.setSubject msg.setText(logMessageText); // eMail.setMsg msg.addRecipient(Message.RecipientType.TO, new InternetAddress(javamail)); // eMail.addTo @@ -118,7 +126,8 @@ public class LogServiceImpl implements LogService { } } - // if springmail parameter provided, assume it contains an email address. + // if springmail parameter provided, assume it contains an email + // address. // use Spring Mail to send an email from that address, to that address if (springmail != null && springmail.length() > 0) { variables.put("springmail", springmail); @@ -127,9 +136,9 @@ public class LogServiceImpl implements LogService { try { sender.setHost("smtp.sbc.com"); // eMail.setHostName - smsg.setFrom(springmail); //eMail.setFrom - smsg.setReplyTo(springmail); //eMail.addReplyTo - smsg.setSubject("test message using spring mail"); //eMail.setSubject + smsg.setFrom(springmail); // eMail.setFrom + smsg.setReplyTo(springmail); // eMail.addReplyTo + smsg.setSubject("test message using spring mail"); // eMail.setSubject smsg.setText(logMessageText); // eMail.setMsg smsg.setTo(springmail); // eMail.addTo sender.send(smsg); @@ -138,18 +147,20 @@ public class LogServiceImpl implements LogService { } } - // if commonsmail parameter provided, assume it contains an email address. - // use Apache Commons Mail to send an email from that address, to that address + // if commonsmail parameter provided, assume it contains an email + // address. + // use Apache Commons Mail to send an email from that address, to that + // address if (commonsmail != null && commonsmail.length() > 0) { variables.put("commonsmail", commonsmail); - Email eMail = new SimpleEmail(); + Email email = new SimpleEmail(); try { - eMail.setHostName("smtp.sbc.com"); - eMail.setFrom(commonsmail); - eMail.addReplyTo(commonsmail); - eMail.setSubject("test message using commons mail"); - eMail.setMsg(logMessageText); - eMail.addTo(commonsmail); + email.setHostName("smtp.sbc.com"); + email.setFrom(commonsmail); + email.addReplyTo(commonsmail); + email.setSubject("test message using commons mail"); + email.setMsg(logMessageText); + email.addTo(commonsmail); java.net.URL classUrl = this.getClass().getResource("com.sun.mail.util.TraceInputStream"); if (classUrl != null) { logger.info(LogMessages.LOGSERVICE_EMAIL_CLASS, classUrl.getFile()); @@ -157,7 +168,7 @@ public class LogServiceImpl implements LogService { logger.info(LogMessages.LOGSERVICE_EMAIL_CLASS, classUrl.getFile()); logger.info(LogMessages.LOGSERVICE_EMAIL_CLASS_NULL); } - eMail.send(); + email.send(); } catch (Exception e) { logger.error(LogMessages.LOGSERVICE_EMAIL_ERROR, e); } @@ -168,7 +179,8 @@ public class LogServiceImpl implements LogService { ProcessInstance pi = runtimeService.startProcessInstanceByKey("log-message-wf", variables); AttCamundaService.setHttpRequest(null); // return text message of what was done - return "Started processDefinitionId=" + pi.getProcessDefinitionId() + ", processInstanceId=" + pi.getProcessInstanceId() + ", to log message: " + logMessageText; + return "Started processDefinitionId=" + pi.getProcessDefinitionId() + ", processInstanceId=" + + pi.getProcessInstanceId() + ", to log message: " + logMessageText; } @Override @@ -179,13 +191,17 @@ public class LogServiceImpl implements LogService { AttCamundaHistoryEvent attCamundaHistoryEvent = gson.fromJson(histEventList, AttCamundaHistoryEvent.class); if (attCamundaHistoryEvent != null && attCamundaHistoryEvent.getProcInstId() != null) { logger.info(LogMessages.PROCESS_INSTANCE_ID, attCamundaHistoryEvent.getProcInstId()); - if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { + if (context != null && context.getHttpServletRequest() != null + && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { context.getHttpServletRequest().setAttribute("CALL_TYPE", "Testing"); - List histActInstList = historyService.createHistoricActivityInstanceQuery().processInstanceId(attCamundaHistoryEvent.getProcInstId()).list(); + List histActInstList = historyService.createHistoricActivityInstanceQuery() + .processInstanceId(attCamundaHistoryEvent.getProcInstId()).list(); if (histActInstList != null && histActInstList.size() > 0) { for (HistoricActivityInstance currHistoricActivityInstance : histActInstList) { - if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null && currHistoricActivityInstance.getStartTime() != null + if (currHistoricActivityInstance != null + && currHistoricActivityInstance.getActivityName() != null + && currHistoricActivityInstance.getStartTime() != null && currHistoricActivityInstance.getEndTime() != null) { logger.info("value of serviceTrack:" + currHistoricActivityInstance); message = "Log Entry Created"; @@ -193,10 +209,13 @@ public class LogServiceImpl implements LogService { } } } - if (attCamundaHistoryEvent.getHistoryEventList() != null && attCamundaHistoryEvent.getHistoryEventList().size() > 0) { - List historyEventList = attCamundaHistoryEvent.getHistoryEventList(); + if (attCamundaHistoryEvent.getHistoryEventList() != null + && attCamundaHistoryEvent.getHistoryEventList().size() > 0) { + List historyEventList = attCamundaHistoryEvent + .getHistoryEventList(); for (HistoricActivityInstanceEventEntity actiEvent : historyEventList) { - // resolve null pointer exception if actiEvent.getActivityName() + // resolve null pointer exception if + // actiEvent.getActivityName() message = "Log Entry Created"; } } @@ -209,12 +228,17 @@ public class LogServiceImpl implements LogService { public String createLogMessage(String startTime, String endTime, String serviceName) { String message = "no logs Created"; - if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { + if (context != null && context.getHttpServletRequest() != null + && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { context.getHttpServletRequest().setAttribute("X-CSI-ClientApp", "AJSC-CSI~sdsds"); - /*PerformanceTrackingBean trackingBean =(PerformanceTrackingBean) context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN"); - PerformanceTracking.addInvokeServiceTrack(trackingBean, - serviceName, Long.valueOf(startTime), Long.valueOf(endTime), "Completed", - 500, 1000) ;*/ + /* + * PerformanceTrackingBean trackingBean =(PerformanceTrackingBean) + * context.getHttpServletRequest().getAttribute( + * "PERFORMANCE_TRACKER_BEAN"); + * PerformanceTracking.addInvokeServiceTrack(trackingBean, + * serviceName, Long.valueOf(startTime), Long.valueOf(endTime), + * "Completed", 500, 1000) ; + */ message = "Log Entry Created"; } // return text message of what was done @@ -226,13 +250,16 @@ public class LogServiceImpl implements LogService { String message = "no logs Created"; logger.info("value of history events:" + histEventList); logger.info("value of events:" + histEventList + ":" + histEventList); - if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { + if (context != null && context.getHttpServletRequest() != null + && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { context.getHttpServletRequest().setAttribute("CALL_TYPE", "Testing"); - List histActInstList = historyService.createHistoricActivityInstanceQuery().processInstanceId(procInstId).list(); + List histActInstList = historyService.createHistoricActivityInstanceQuery() + .processInstanceId(procInstId).list(); if (histActInstList != null && histActInstList.size() > 0) { for (HistoricActivityInstance currHistoricActivityInstance : histActInstList) { - if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null && currHistoricActivityInstance.getStartTime() != null + if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null + && currHistoricActivityInstance.getStartTime() != null && currHistoricActivityInstance.getEndTime() != null) { logger.info("value of serviceTrack:" + currHistoricActivityInstance); message = "Log Entry Created"; @@ -247,12 +274,15 @@ public class LogServiceImpl implements LogService { @Override public String CreateHistLog(String procInstId) { String message = "no logs Created"; - if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { - List histActInstList = historyService.createHistoricActivityInstanceQuery().processInstanceId(procInstId).list(); + if (context != null && context.getHttpServletRequest() != null + && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) { + List histActInstList = historyService.createHistoricActivityInstanceQuery() + .processInstanceId(procInstId).list(); if (histActInstList != null && histActInstList.size() > 0) { for (HistoricActivityInstance currHistoricActivityInstance : histActInstList) { - if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null && currHistoricActivityInstance.getStartTime() != null + if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null + && currHistoricActivityInstance.getStartTime() != null && currHistoricActivityInstance.getEndTime() != null) { logger.info("value of serviceTrack:" + currHistoricActivityInstance); context.getHttpServletRequest().setAttribute("X-CSI-ClientApp", "AJSC-CSI~sdsds"); @@ -263,14 +293,4 @@ public class LogServiceImpl implements LogService { } return message; } - - private String getActivityInstanceState(int activityInstanceState) { - String activityState = "Default"; - if (activityInstanceState == 1) { - activityState = "Complete"; - } else if (activityInstanceState == 2) { - activityState = "Cancelled"; - } - return activityState; - } } diff --git a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java new file mode 100644 index 00000000..cadf334e --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java @@ -0,0 +1,31 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.service; + +import javax.ws.rs.core.SecurityContext; + +public interface UserNameHandler { + + public String retrieveUserName(SecurityContext securityContext); +} diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java new file mode 100644 index 00000000..6f3e480a --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/service/UserService.java @@ -0,0 +1,54 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.service; + +import javax.ws.rs.GET; +import javax.ws.rs.Path; +import javax.ws.rs.PathParam; +import javax.ws.rs.Produces; +import javax.ws.rs.core.MediaType; + +import io.swagger.annotations.Api; + +/** + * User service used for authorization verification at the login page. Do not + * remove this class. + */ +@Api(value = "/user") +@Path("/user") +@Produces({ MediaType.TEXT_PLAIN }) +public interface UserService { + + /** + * REST service that returns the username. + * + * @param userName + * @return the user name + */ + @GET + @Path("/{userName}") + @Produces(MediaType.TEXT_PLAIN) + String getUser(@PathParam("userName") String userName); + +} \ No newline at end of file diff --git a/src/main/java/org/onap/clamp/clds/service/UserServiceImpl.java b/src/main/java/org/onap/clamp/clds/service/UserServiceImpl.java new file mode 100644 index 00000000..7d0fda0a --- /dev/null +++ b/src/main/java/org/onap/clamp/clds/service/UserServiceImpl.java @@ -0,0 +1,46 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.service; + +import com.att.ajsc.common.AjscService; + +/** + * User service used for authorization verification at the login page. Do not + * remove this class. + */ +@AjscService +public class UserServiceImpl implements UserService { + + /** + * REST service that returns the username. + * + * @param userName + * @return the user name + */ + @Override + public String getUser(String userName) { + return userName; + } + +} \ No newline at end of file diff --git a/src/main/resources/clds/clds-users.json b/src/main/resources/clds/clds-users.json new file mode 100644 index 00000000..b569f9d3 --- /dev/null +++ b/src/main/resources/clds/clds-users.json @@ -0,0 +1,15 @@ + [{ + "user":"admin", + "password":"5f4dcc3b5aa765d61d8327deb882cf99", + "permissions": + [ + "permission-type-cl|dev|read", + "permission-type-cl|dev|update", + "permission-type-cl-manage|dev|*", + "permission-type-filter-vf|dev|*", + "permission-type-template|dev|read", + "permission-type-template|dev|update" + ] + } + +] \ No newline at end of file diff --git a/src/main/resources/clds/clds-users.properties b/src/main/resources/clds/clds-users.properties deleted file mode 100644 index f4b11e82..00000000 --- a/src/main/resources/clds/clds-users.properties +++ /dev/null @@ -1,7 +0,0 @@ -# Please define the CLDS users here -# The format is || -# Two types of roles are used:read, all -# - read: can only read template and closed loop design -# - all: can read and update template and closed loop related design -# -user|password|all \ No newline at end of file diff --git a/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java b/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java new file mode 100644 index 00000000..fa8adc76 --- /dev/null +++ b/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java @@ -0,0 +1,85 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP CLAMP + * ================================================================================ + * Copyright (C) 2017 AT&T Intellectual Property. All rights + * reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ + +package org.onap.clamp.clds.config; + +import static org.junit.Assert.assertArrayEquals; +import static org.junit.Assert.assertEquals; + +import org.junit.Test; +import org.onap.clamp.clds.service.CldsUser; + +public class CldsUserJsonDecoderTest { + + private String user1 = "admin1"; + private String user2 = "admin2"; + + private String password = "5f4dcc3b5aa765d61d8327deb882cf99"; + private String[] normalPermissionsArray = { "permission-type-cl|dev|read", "permission-type-cl|dev|update", + "permission-type-cl-manage|dev|*", "permission-type-filter-vf|dev|*", "permission-type-template|dev|read", + "permission-type-template|dev|update" }; + + private String[] incompletePermissionsArray = { "permission-type-cl|dev|*", "permission-type-cl|dev|*", + "permission-type-cl-manage|dev|*", "permission-type-filter-vf|dev|*", "permission-type-template|dev|read", + "permission-type-template|dev|update" }; + + @Test + public void testDecodingDoubleUsers() throws Exception { + CldsUser[] usersArray = CldsUserJsonDecoder + .decodeJson(CldsUserJsonDecoderTest.class.getResourceAsStream("/clds/clds-users-two-users.json")); + + assertEquals(usersArray.length, 2); + + assertEquals(usersArray[0].getUser(), user1); + assertEquals(usersArray[1].getUser(), user2); + + assertEquals(usersArray[0].getPassword(), password); + assertEquals(usersArray[1].getPassword(), password); + + assertArrayEquals(usersArray[0].getPermissionsString(), normalPermissionsArray); + assertArrayEquals(usersArray[1].getPermissionsString(), normalPermissionsArray); + } + + @Test + public void testDecodingNoPermission() throws Exception { + CldsUser[] usersArray = CldsUserJsonDecoder + .decodeJson(this.getClass().getResourceAsStream("/clds/clds-users-no-permission.json")); + + assertEquals(usersArray.length, 1); + assertEquals(usersArray[0].getUser(), user1); + assertEquals(usersArray[0].getPassword(), null); + assertArrayEquals(usersArray[0].getPermissionsString(), new String[0]); + } + + @Test + public void testDecodingIncompletePermissions() throws Exception { + CldsUser[] usersArray = CldsUserJsonDecoder + .decodeJson(this.getClass().getResourceAsStream("/clds/clds-users-incomplete-permissions.json")); + + assertEquals(usersArray.length, 1); + assertEquals(usersArray[0].getUser(), user1); + assertEquals(usersArray[0].getPassword(), password); + assertArrayEquals(usersArray[0].getPermissionsString(), incompletePermissionsArray); + } + +} diff --git a/src/test/resources/clds/clds-users-incomplete-permissions.json b/src/test/resources/clds/clds-users-incomplete-permissions.json new file mode 100644 index 00000000..a642511c --- /dev/null +++ b/src/test/resources/clds/clds-users-incomplete-permissions.json @@ -0,0 +1,14 @@ + [{ + "user":"admin1", + "password":"5f4dcc3b5aa765d61d8327deb882cf99", + "permissions": + [ + "permission-type-cl|dev|", + "permission-type-cl|dev", + "permission-type-cl-manage|dev|*", + "permission-type-filter-vf|dev|*", + "permission-type-template|dev|read", + "permission-type-template|dev|update" + ] + } +] \ No newline at end of file diff --git a/src/test/resources/clds/clds-users-no-permission.json b/src/test/resources/clds/clds-users-no-permission.json new file mode 100644 index 00000000..77f16c38 --- /dev/null +++ b/src/test/resources/clds/clds-users-no-permission.json @@ -0,0 +1,9 @@ + [{ + "user":"admin1", + "permissions": + [ + + ] + } + +] \ No newline at end of file diff --git a/src/test/resources/clds/clds-users-two-users.json b/src/test/resources/clds/clds-users-two-users.json new file mode 100644 index 00000000..8c8d7278 --- /dev/null +++ b/src/test/resources/clds/clds-users-two-users.json @@ -0,0 +1,28 @@ + [{ + "user":"admin1", + "password":"5f4dcc3b5aa765d61d8327deb882cf99", + "permissions": + [ + "permission-type-cl|dev|read", + "permission-type-cl|dev|update", + "permission-type-cl-manage|dev|*", + "permission-type-filter-vf|dev|*", + "permission-type-template|dev|read", + "permission-type-template|dev|update" + ] + } + , + {"user":"admin2", + "password":"5f4dcc3b5aa765d61d8327deb882cf99", + "permissions": + [ + "permission-type-cl|dev|read", + "permission-type-cl|dev|update", + "permission-type-cl-manage|dev|*", + "permission-type-filter-vf|dev|*", + "permission-type-template|dev|read", + "permission-type-template|dev|update" + ] + + } +] \ No newline at end of file -- 2.16.6