From 7ff5c083a25dd6704dd2074128f669b0fa668ed7 Mon Sep 17 00:00:00 2001 From: "Lee, Tian (tl5884)" Date: Thu, 3 Jan 2019 11:15:46 +0000 Subject: [PATCH 01/16] Upversion Spring Boot for NexusIQ Upversion to latest 2.1.1.RELEASE to fix new NexusIQ security vulnerabilities Change-Id: I8d7759d5f5dbdf70b1056bc4b6875caf8c25893d Issue-ID: AAF-693 Signed-off-by: Lee, Tian (tl5884) --- sidecar/pom.xml | 51 +++++++++++++--------- .../src/main/resources/application.properties | 5 ++- 2 files changed, 34 insertions(+), 22 deletions(-) diff --git a/sidecar/pom.xml b/sidecar/pom.xml index 424f29c..dd5ae52 100644 --- a/sidecar/pom.xml +++ b/sidecar/pom.xml @@ -15,8 +15,7 @@ * limitations under the License. * ============LICENSE_END==================================================== * --> - org.onap.aaf.cadi @@ -53,12 +52,12 @@ - 2.0.5.RELEASE - 3.0.4.RELEASE + 2.1.1.RELEASE + 5.1.3.RELEASE ${basedir}/target - + @@ -78,49 +77,61 @@ javax.servlet-api 3.1.0 - - org.aspectj - aspectjrt - 1.9.2 + org.aspectj + aspectjrt + 1.9.2 - com.google.code.gson gson 2.8.5 - org.apache.commons commons-lang3 3.8.1 - org.springframework.boot spring-boot-starter-jetty ${spring.boot.version} - org.springframework.boot spring-boot-starter-aop ${spring.boot.version} - org.springframework.boot spring-boot-starter-web ${spring.boot.version} - org.springframework.boot spring-boot-starter-test ${spring.boot.version} - + + org.springframework + spring-core + ${spring.web.version} + + + org.springframework + spring-expression + ${spring.web.version} + + + org.springframework + spring-web + ${spring.web.version} + + + org.springframework + spring-webmvc + ${spring.web.version} + @@ -136,18 +147,18 @@ - + maven-surefire-plugin 2.17 + unit tests --> - - + + com.mycila license-maven-plugin diff --git a/sidecar/rproxy/src/main/resources/application.properties b/sidecar/rproxy/src/main/resources/application.properties index 5c2dffb..0f111dc 100644 --- a/sidecar/rproxy/src/main/resources/application.properties +++ b/sidecar/rproxy/src/main/resources/application.properties @@ -7,7 +7,6 @@ server.ssl.protocol=TLS server.ssl.enabled-protocols=TLSv1.2 server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore server.ssl.client-auth=want - server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12 server.servlet.contextPath=/ @@ -16,4 +15,6 @@ uri.authorization.configuration-file=${CONFIG_HOME}/auth/uri-authorization.json logging.config=${CONFIG_HOME}/logback-spring.xml -spring.profiles.default=secure,cadi \ No newline at end of file +spring.profiles.default=secure,cadi + +spring.main.allow-bean-definition-overriding=true \ No newline at end of file -- 2.16.6 From 3e50733288604e3367b535c18963f28ba3dc7bc6 Mon Sep 17 00:00:00 2001 From: "Lee, Tian (tl5884)" Date: Fri, 4 Jan 2019 17:27:11 +0000 Subject: [PATCH 02/16] Replace Jackson Spring-Boot dependencies with GSON Submodule: FProxy service By default, Spring-Boot uses Jackson dependencies to marshall/unmarshall JSON. However, all current releases of Jackson contain security vulnerabilities. This change will configure Spring-Boot to use the GSON library instead of Jackson, which contains no security vulnerabilities. Change-Id: Ifd36d2ddb79fa5da9310e1872f8936ab7ae91073 Issue-ID: AAF-693 Signed-off-by: Lee, Tian (tl5884) --- sidecar/fproxy/pom.xml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml index 2608254..e0395b8 100644 --- a/sidecar/fproxy/pom.xml +++ b/sidecar/fproxy/pom.xml @@ -70,13 +70,22 @@ org.springframework.boot spring-boot-starter-tomcat - + + org.springframework.boot + spring-boot-starter-json + + org.springframework.boot spring-boot-starter-test + + + com.google.code.gson + gson + -- 2.16.6 From ea7e24513918dbc96ec5d6210239d84c5b3e0c2c Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Tue, 8 Jan 2019 13:44:06 -0600 Subject: [PATCH 03/16] Add missing shiro logging Issue-ID: AAF-655 Change-Id: If0dc4a11e2166f8ac9413aa7ab1f826c30d2f063 Signed-off-by: Sai Gandham --- .../onap/aaf/cadi/shiro/AAFAuthenticationInfo.java | 9 +++-- .../onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 11 +++--- .../java/org/onap/aaf/cadi/shiro/AAFRealm.java | 40 +++++++++++++++++----- 3 files changed, 44 insertions(+), 16 deletions(-) diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index a1d304b..4e5d59b 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -24,16 +24,19 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; +import org.apache.log4j.Logger; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.PrincipalCollection; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Hash; -import org.onap.aaf.cadi.Access.Level; public class AAFAuthenticationInfo implements AuthenticationInfo { private static final long serialVersionUID = -1502704556864321020L; + + final static Logger logger = Logger.getLogger(AAFAuthenticationInfo.class); + // We assume that Shiro is doing Memory Only, and this salt is not needed cross process private final static int salt = new SecureRandom().nextInt(); @@ -48,13 +51,13 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { } @Override public byte[] getCredentials() { - access.log(Level.DEBUG, "AAFAuthenticationInfo.getCredentials"); + logger.debug("AAFAuthenticationInfo.getCredentials"); return hash; } @Override public PrincipalCollection getPrincipals() { - access.log(Level.DEBUG, "AAFAuthenticationInfo.getPrincipals"); + logger.debug( "AAFAuthenticationInfo.getPrincipals"); return apc; } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index 0a9dab9..60ea11f 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -25,10 +25,10 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; +import org.apache.log4j.Logger; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.Access.Level; /** * We treat "roles" and "permissions" in a similar way for first pass. @@ -37,6 +37,9 @@ import org.onap.aaf.cadi.Access.Level; * */ public class AAFAuthorizationInfo implements AuthorizationInfo { + + final static Logger logger = Logger.getLogger(AuthorizationInfo.class); + private static final long serialVersionUID = -4805388954462426018L; private Access access; private Principal bait; @@ -58,7 +61,7 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection getObjectPermissions() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); + logger.debug("AAFAuthorizationInfo.getObjectPermissions"); synchronized(bait) { if(oPerms == null) { oPerms = new ArrayList(); @@ -72,14 +75,14 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection getRoles() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles"); + logger.debug("AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection getStringPermissions() { - access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions"); + logger.debug("AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList(); diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 05b4d78..b7f0c29 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -21,6 +21,7 @@ package org.onap.aaf.cadi.shiro; import java.io.IOException; +import java.io.PrintStream; import java.security.Principal; import java.util.ArrayList; import java.util.HashSet; @@ -29,6 +30,8 @@ import java.util.Map; import java.util.Map.Entry; import java.util.TreeMap; +import org.apache.log4j.Logger; +import org.apache.log4j.PropertyConfigurator; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -48,8 +51,10 @@ import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; - public class AAFRealm extends AuthorizingRealm { + + final static Logger logger = Logger.getLogger(AAFRealm.class); + public static final String AAF_REALM = "AAFRealm"; private PropAccess access; @@ -76,6 +81,15 @@ public class AAFRealm extends AuthorizingRealm { access.log(Level.INIT,msg); throw new RuntimeException(msg); } else { + try { + String log4jConfigFile = "./etc/org.onap.cadi.logging.cfg"; + PropertyConfigurator.configure(log4jConfigFile); + System.setOut(createLoggingProxy(System.out)); + System.setErr(createLoggingProxy(System.err)); + } catch(Exception e) { + e.printStackTrace(); + } + //System.out.println("Configuration done"); try { acon = AAFCon.newInstance(access); authn = acon.newAuthn(); @@ -85,7 +99,7 @@ public class AAFRealm extends AuthorizingRealm { if(csv!=null) { try { mbc = new MapBathConverter(access, new CSV(csv)); - access.printf(Level.INIT, "MapBathConversion enabled with file %s\n",csv); + logger.info("MapBathConversion enabled with file "+csv); idMap = new TreeMap(); // Load for(Entry es : mbc.map().entrySet()) { @@ -108,22 +122,30 @@ public class AAFRealm extends AuthorizingRealm { idMap.put(oldID,newID); } } catch (IOException e) { - access.log(e); + logger.error(e.getMessage(), e); } } } catch (APIException | CadiException | LocatorException e) { String msg = "Cannot initiate AAFRealm"; - access.log(Level.INIT,msg,e.getMessage()); + logger.info(msg + " "+ e.getMessage(), e); throw new RuntimeException(msg,e); } } supports = new HashSet>(); supports.add(UsernamePasswordToken.class); } + public static PrintStream createLoggingProxy(final PrintStream realPrintStream) { + return new PrintStream(realPrintStream) { + public void print(final String string) { + realPrintStream.print(string); + logger.info(string); + } + }; + } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenticationInfo",token); + logger.debug("AAFRealm.doGetAuthenticationInfo :"+token); final UsernamePasswordToken upt = (UsernamePasswordToken)token; final String user = upt.getUsername(); @@ -143,7 +165,7 @@ public class AAFRealm extends AuthorizingRealm { } } } catch (IOException e) { - access.log(e); + logger.error(e.getMessage(), e); } } String err; @@ -151,11 +173,11 @@ public class AAFRealm extends AuthorizingRealm { err = authn.validate(authUser,authPassword); } catch (IOException e) { err = "Credential cannot be validated"; - access.log(e, err); + logger.error(err, e); } if(err != null) { - access.log(Level.DEBUG, err); + logger.debug(err); throw new AuthenticationException(err); } @@ -180,7 +202,7 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - access.log(Level.DEBUG, "AAFRealm.doGetAuthenthorizationInfo"); + logger.debug("AAFRealm.doGetAuthenthorizationInfo"); Principal bait = (Principal)principals.getPrimaryPrincipal(); Principal newBait = bait; if(idMap!=null) { -- 2.16.6 From 965dac7a82d2962a9c6d0c1dfc1d52f4b7e05916 Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Tue, 8 Jan 2019 14:03:18 -0600 Subject: [PATCH 04/16] Add few more debug statements for logging Issue-ID: AAF-655 Change-Id: Ib429e035dc6b217498bb88b7aa9153e58f01fddb Signed-off-by: Sai Gandham --- .../java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index 60ea11f..7633670 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -25,10 +25,10 @@ import java.util.ArrayList; import java.util.Collection; import java.util.List; -import org.apache.log4j.Logger; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; /** * We treat "roles" and "permissions" in a similar way for first pass. @@ -37,9 +37,6 @@ import org.onap.aaf.cadi.Access; * */ public class AAFAuthorizationInfo implements AuthorizationInfo { - - final static Logger logger = Logger.getLogger(AuthorizationInfo.class); - private static final long serialVersionUID = -4805388954462426018L; private Access access; private Principal bait; @@ -61,12 +58,13 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection getObjectPermissions() { - logger.debug("AAFAuthorizationInfo.getObjectPermissions"); +// access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); synchronized(bait) { if(oPerms == null) { oPerms = new ArrayList(); for(final org.onap.aaf.cadi.Permission p : pond) { oPerms.add(new AAFShiroPermission(p)); + System.out.println("List user" + p); } } } @@ -75,19 +73,20 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection getRoles() { - logger.debug("AAFAuthorizationInfo.getRoles"); +// access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection getStringPermissions() { - logger.debug("AAFAuthorizationInfo.getStringPermissions"); +// access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); + System.out.println("Replacing | to :" + p.getKey().replace("|",":")); } } } -- 2.16.6 From 01deccbf0cc5c1cadc2d5d25e76ccb3dde676cea Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Wed, 16 Jan 2019 13:18:56 -0600 Subject: [PATCH 05/16] update logging path for shiro Issue-ID: AAF-655 Change-Id: I12cab0cff0e8244cd6d477fb5cb6aa64ad353bf5 Signed-off-by: Sai Gandham --- pom.xml | 2 +- shiro-osgi-bundle/pom.xml | 2 +- shiro/pom.xml | 2 +- shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java | 2 +- sidecar/fproxy/pom.xml | 2 +- sidecar/pom.xml | 2 +- sidecar/rproxy/pom.xml | 2 +- sidecar/tproxy-config/pom.xml | 2 +- version.properties | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) diff --git a/pom.xml b/pom.xml index 706da1d..99a6645 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 4.0.0 org.onap.aaf.cadi parent - 2.1.9-SNAPSHOT + 2.1.10-SNAPSHOT CADI Plugins Parent pom diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml index d4fb829..47caf16 100644 --- a/shiro-osgi-bundle/pom.xml +++ b/shiro-osgi-bundle/pom.xml @@ -22,7 +22,7 @@ org.onap.aaf.cadi parent - 2.1.9-SNAPSHOT + 2.1.10-SNAPSHOT .. diff --git a/shiro/pom.xml b/shiro/pom.xml index ff08c39..60a3de5 100644 --- a/shiro/pom.xml +++ b/shiro/pom.xml @@ -22,7 +22,7 @@ org.onap.aaf.cadi parent - 2.1.9-SNAPSHOT + 2.1.10-SNAPSHOT .. diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index b7f0c29..091c22b 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -82,7 +82,7 @@ public class AAFRealm extends AuthorizingRealm { throw new RuntimeException(msg); } else { try { - String log4jConfigFile = "./etc/org.onap.cadi.logging.cfg"; + String log4jConfigFile = "./etc/org.ops4j.pax.logging.cfg"; PropertyConfigurator.configure(log4jConfigFile); System.setOut(createLoggingProxy(System.out)); System.setErr(createLoggingProxy(System.err)); diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml index e0395b8..97c470d 100644 --- a/sidecar/fproxy/pom.xml +++ b/sidecar/fproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.9-SNAPSHOT + 2.1.10-SNAPSHOT fproxy diff --git a/sidecar/pom.xml b/sidecar/pom.xml index dd5ae52..0345abb 100644 --- a/sidecar/pom.xml +++ b/sidecar/pom.xml @@ -20,7 +20,7 @@ org.onap.aaf.cadi parent - 2.1.9-SNAPSHOT + 2.1.10-SNAPSHOT .. 4.0.0 diff --git a/sidecar/rproxy/pom.xml b/sidecar/rproxy/pom.xml index ffa6a5a..dd7a07e 100644 --- a/sidecar/rproxy/pom.xml +++ b/sidecar/rproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.9-SNAPSHOT + 2.1.10-SNAPSHOT rproxy diff --git a/sidecar/tproxy-config/pom.xml b/sidecar/tproxy-config/pom.xml index 6a918d2..fdac4fb 100644 --- a/sidecar/tproxy-config/pom.xml +++ b/sidecar/tproxy-config/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.9-SNAPSHOT + 2.1.10-SNAPSHOT tproxy-config diff --git a/version.properties b/version.properties index d77c884..1e3a49e 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=2 minor=1 -patch=9 +patch=10 base_version=${major}.${minor}.${patch} -- 2.16.6 From af9711a6c683776a9954c46ad67eded0ed143489 Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Mon, 21 Jan 2019 09:23:27 -0600 Subject: [PATCH 06/16] Import log4j in shiro bundle Issue-ID: AAF-655 Change-Id: I4d2794c20aad2e09b463e89363de25b84a961404 Signed-off-by: Sai Gandham --- shiro-osgi-bundle/pom.xml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml index 47caf16..d72a75e 100644 --- a/shiro-osgi-bundle/pom.xml +++ b/shiro-osgi-bundle/pom.xml @@ -53,6 +53,7 @@ javax.servlet, javax.servlet.http, org.osgi.service.blueprint;version="[1.0.0,2.0.0)", + org.osgi.framework, javax.net.ssl, javax.crypto, javax.crypto.spec, @@ -71,7 +72,12 @@ javax.xml.namespace, org.w3c.dom, org.xml.sax, - javax.xml.transform.stream + javax.xml.transform.stream, + org.apache.log4j, + javax.inject, + org.slf4j.impl, + org.slf4j, + org.slf4j.spi, *;scope=compile|runtime;inline=false -- 2.16.6 From 63424b027355ca83453a066559fa4a479bb9aa01 Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Mon, 21 Jan 2019 10:25:11 -0600 Subject: [PATCH 07/16] Import sl4j in shiro bundle Bundle updated Issue-ID: AAF-655 Change-Id: Id66ad2181853dae8569329d0c6373f15c5b254a3 Signed-off-by: Sai Gandham --- shiro-osgi-bundle/pom.xml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml index d72a75e..7478ebf 100644 --- a/shiro-osgi-bundle/pom.xml +++ b/shiro-osgi-bundle/pom.xml @@ -74,10 +74,9 @@ org.xml.sax, javax.xml.transform.stream, org.apache.log4j, - javax.inject, org.slf4j.impl, org.slf4j, - org.slf4j.spi, + org.slf4j.spi *;scope=compile|runtime;inline=false -- 2.16.6 From 3bcde263088b6a729cb7a99404a7617643f66423 Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Mon, 21 Jan 2019 11:01:42 -0600 Subject: [PATCH 08/16] Import osgi fragments in shiro bundle Update bundle with import packages Issue-ID: AAF-655 Change-Id: I05285b3c5b42d010e135d93d06cf5b1fa2fae30e Signed-off-by: Sai Gandham --- shiro-osgi-bundle/pom.xml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml index 7478ebf..2081be5 100644 --- a/shiro-osgi-bundle/pom.xml +++ b/shiro-osgi-bundle/pom.xml @@ -53,7 +53,6 @@ javax.servlet, javax.servlet.http, org.osgi.service.blueprint;version="[1.0.0,2.0.0)", - org.osgi.framework, javax.net.ssl, javax.crypto, javax.crypto.spec, @@ -73,10 +72,7 @@ org.w3c.dom, org.xml.sax, javax.xml.transform.stream, - org.apache.log4j, - org.slf4j.impl, - org.slf4j, - org.slf4j.spi + org.apache.log4j *;scope=compile|runtime;inline=false -- 2.16.6 From 4112b15f72846c60b054b57b17a10738d78dd2ae Mon Sep 17 00:00:00 2001 From: Instrumental Date: Wed, 23 Jan 2019 17:25:28 -0600 Subject: [PATCH 09/16] Committer Changes Issue-ID: AAF-729 Change-Id: I24d2205dd3c7da6bf43981bc4212e6fffb9b4cf1 Signed-off-by: Instrumental --- INFO.yaml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/INFO.yaml b/INFO.yaml index 18cb4c0..ffe9e96 100644 --- a/INFO.yaml +++ b/INFO.yaml @@ -28,6 +28,16 @@ committers: company: 'AT&T' id: 'Instrumental' timezone: 'America/Chicago' + - name: 'Kiran Kamineni' + email: 'kiran.k.kamineni@intel.com' + company: 'Intel' + id: 'kirankamineni' + timezone: 'America/Santa Clara' + - name: 'Sai Gandham' + email: 'sai.gandham@att.com' + company: 'ATT' + id: 'Sai Gandham' + timezone: 'America/Dallas' - name: 'Girish Havaldar' email: 'hg0071052@techmahindra.com' company: 'Techmahindra' @@ -38,15 +48,5 @@ committers: company: 'ZTE' id: 'Huabing_Zhao' timezone: 'China/Chengdu' - - name: 'Kiran Kamineni' - email: 'kiran.k.kamineni@intel.com' - company: 'Intel' - id: 'kirankamineni' - timezone: 'America/Santa Clara' - - name: 'Varun Gudisena' - email: 'vg411h@att.com' - company: 'ATT' - id: 'vg411h' - timezone: 'America/Dallas' tsc: approval: 'https://lists.onap.org/pipermail/onap-tsc' -- 2.16.6 From 179f92f44f374c1a4e913adaa348ed22244fa0a3 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Tue, 29 Jan 2019 07:20:39 -0600 Subject: [PATCH 10/16] Update INFO.yaml Issue-ID: AAF-729 Change-Id: I7bf73ba69f1098535ded0aeb5036e45422d1d9b2 Signed-off-by: Instrumental --- INFO.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/INFO.yaml b/INFO.yaml index ffe9e96..872ef1b 100644 --- a/INFO.yaml +++ b/INFO.yaml @@ -36,7 +36,7 @@ committers: - name: 'Sai Gandham' email: 'sai.gandham@att.com' company: 'ATT' - id: 'Sai Gandham' + id: 'sg481n' timezone: 'America/Dallas' - name: 'Girish Havaldar' email: 'hg0071052@techmahindra.com' -- 2.16.6 From a649fd1b3c8308b4c7cc2018965c93bff9d7eb54 Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Wed, 30 Jan 2019 08:44:44 -0600 Subject: [PATCH 11/16] Update shiro logging and sl4j init Issue-ID: AAF-655 Change-Id: I1e1439efbee5900c82a6065a0581faae15622581 Signed-off-by: Sai Gandham --- pom.xml | 2 +- shiro-osgi-bundle/pom.xml | 2 +- shiro/pom.xml | 2 +- .../onap/aaf/cadi/shiro/AAFAuthenticationInfo.java | 9 +++--- .../onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 12 ++++---- .../java/org/onap/aaf/cadi/shiro/AAFRealm.java | 33 ++++++++++++---------- sidecar/fproxy/pom.xml | 2 +- sidecar/pom.xml | 2 +- sidecar/rproxy/pom.xml | 2 +- sidecar/tproxy-config/pom.xml | 2 +- version.properties | 2 +- 11 files changed, 37 insertions(+), 33 deletions(-) diff --git a/pom.xml b/pom.xml index 99a6645..7e111ff 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 4.0.0 org.onap.aaf.cadi parent - 2.1.10-SNAPSHOT + 2.1.11-SNAPSHOT CADI Plugins Parent pom diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml index 2081be5..d7459ce 100644 --- a/shiro-osgi-bundle/pom.xml +++ b/shiro-osgi-bundle/pom.xml @@ -22,7 +22,7 @@ org.onap.aaf.cadi parent - 2.1.10-SNAPSHOT + 2.1.11-SNAPSHOT .. diff --git a/shiro/pom.xml b/shiro/pom.xml index 60a3de5..1d435b0 100644 --- a/shiro/pom.xml +++ b/shiro/pom.xml @@ -22,7 +22,7 @@ org.onap.aaf.cadi parent - 2.1.10-SNAPSHOT + 2.1.11-SNAPSHOT .. diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index 4e5d59b..45bdadc 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -24,7 +24,8 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import org.apache.log4j.Logger; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; @@ -35,7 +36,7 @@ import org.onap.aaf.cadi.Hash; public class AAFAuthenticationInfo implements AuthenticationInfo { private static final long serialVersionUID = -1502704556864321020L; - final static Logger logger = Logger.getLogger(AAFAuthenticationInfo.class); + final static Logger logger = LoggerFactory.getLogger(AAFAuthenticationInfo.class); // We assume that Shiro is doing Memory Only, and this salt is not needed cross process private final static int salt = new SecureRandom().nextInt(); @@ -50,14 +51,12 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { hash = getSaltedCred(password); } @Override - public byte[] getCredentials() { - logger.debug("AAFAuthenticationInfo.getCredentials"); + public byte[] getCredentials() { return hash; } @Override public PrincipalCollection getPrincipals() { - logger.debug( "AAFAuthenticationInfo.getPrincipals"); return apc; } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java index 7633670..f1bfd3c 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java @@ -29,7 +29,8 @@ import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.Access.Level; - +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; /** * We treat "roles" and "permissions" in a similar way for first pass. * @@ -38,6 +39,9 @@ import org.onap.aaf.cadi.Access.Level; */ public class AAFAuthorizationInfo implements AuthorizationInfo { private static final long serialVersionUID = -4805388954462426018L; + + final static Logger logger = LoggerFactory.getLogger(AAFAuthorizationInfo.class); + private Access access; private Principal bait; private List pond; @@ -50,6 +54,7 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { this.pond = pond; sPerms=null; oPerms=null; + } public Principal principal() { @@ -64,7 +69,6 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { oPerms = new ArrayList(); for(final org.onap.aaf.cadi.Permission p : pond) { oPerms.add(new AAFShiroPermission(p)); - System.out.println("List user" + p); } } } @@ -73,20 +77,18 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection getRoles() { -// access.log(Level.DEBUG, "AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection getStringPermissions() { -// access.log(Level.DEBUG, "AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); - System.out.println("Replacing | to :" + p.getKey().replace("|",":")); +// System.out.println("Replacing | to :" + p.getKey().replace("|",":")); } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 091c22b..4b24c70 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -30,7 +30,6 @@ import java.util.Map; import java.util.Map.Entry; import java.util.TreeMap; -import org.apache.log4j.Logger; import org.apache.log4j.PropertyConfigurator; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -51,9 +50,12 @@ import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.filter.MapBathConverter; import org.onap.aaf.cadi.util.CSV; import org.onap.aaf.misc.env.APIException; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + public class AAFRealm extends AuthorizingRealm { - final static Logger logger = Logger.getLogger(AAFRealm.class); + final static Logger logger = LoggerFactory.getLogger(AAFRealm.class); public static final String AAF_REALM = "AAFRealm"; @@ -78,11 +80,12 @@ public class AAFRealm extends AuthorizingRealm { String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); if(cadi_prop_files==null) { String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; - access.log(Level.INIT,msg); + access.log(Level.DEBUG,msg); throw new RuntimeException(msg); } else { try { String log4jConfigFile = "./etc/org.ops4j.pax.logging.cfg"; + PropertyConfigurator.configure(log4jConfigFile); System.setOut(createLoggingProxy(System.out)); System.setErr(createLoggingProxy(System.err)); @@ -94,7 +97,6 @@ public class AAFRealm extends AuthorizingRealm { acon = AAFCon.newInstance(access); authn = acon.newAuthn(); authz = acon.newLur(authn); - final String csv = access.getProperty(Config.CADI_BATH_CONVERT); if(csv!=null) { try { @@ -122,12 +124,12 @@ public class AAFRealm extends AuthorizingRealm { idMap.put(oldID,newID); } } catch (IOException e) { - logger.error(e.getMessage(), e); +// access.log(e); } } } catch (APIException | CadiException | LocatorException e) { String msg = "Cannot initiate AAFRealm"; - logger.info(msg + " "+ e.getMessage(), e); + access.log(Level.INIT,msg,e.getMessage()); throw new RuntimeException(msg,e); } } @@ -145,15 +147,14 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - logger.debug("AAFRealm.doGetAuthenticationInfo :"+token); - final UsernamePasswordToken upt = (UsernamePasswordToken)token; final String user = upt.getUsername(); String authUser = user; final String password=new String(upt.getPassword()); String authPassword = password; - if(mbc!=null) { + if(mbc!=null) { try { + final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password); String bath = mbc.convert(access, oldBath); if(bath!=oldBath) { @@ -161,11 +162,13 @@ public class AAFRealm extends AuthorizingRealm { int colon = bath.indexOf(':'); if(colon>=0) { authUser = bath.substring(0, colon); - authPassword = bath.substring(colon+1); + authPassword = bath.substring(colon+1); + access.log(Level.DEBUG, authUser,"user authenticated"); + access.log(Level.DEBUG, authn.validate(authUser,authPassword)); } } } catch (IOException e) { - logger.error(e.getMessage(), e); + access.log(e); } } String err; @@ -173,11 +176,11 @@ public class AAFRealm extends AuthorizingRealm { err = authn.validate(authUser,authPassword); } catch (IOException e) { err = "Credential cannot be validated"; - logger.error(err, e); + access.log(Level.DEBUG, e, err); } if(err != null) { - logger.debug(err); + access.log(Level.DEBUG, err, " - Credential cannot be validated"); throw new AuthenticationException(err); } @@ -185,7 +188,9 @@ public class AAFRealm extends AuthorizingRealm { access, user, password + ); + } @Override @@ -202,7 +207,6 @@ public class AAFRealm extends AuthorizingRealm { @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { - logger.debug("AAFRealm.doGetAuthenthorizationInfo"); Principal bait = (Principal)principals.getPrimaryPrincipal(); Principal newBait = bait; if(idMap!=null) { @@ -218,7 +222,6 @@ public class AAFRealm extends AuthorizingRealm { } List pond = new ArrayList<>(); authz.fishAll(newBait,pond); - return new AAFAuthorizationInfo(access,bait,pond); } diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml index 97c470d..1a63ea5 100644 --- a/sidecar/fproxy/pom.xml +++ b/sidecar/fproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.10-SNAPSHOT + 2.1.11-SNAPSHOT fproxy diff --git a/sidecar/pom.xml b/sidecar/pom.xml index 0345abb..2d5f678 100644 --- a/sidecar/pom.xml +++ b/sidecar/pom.xml @@ -20,7 +20,7 @@ org.onap.aaf.cadi parent - 2.1.10-SNAPSHOT + 2.1.11-SNAPSHOT .. 4.0.0 diff --git a/sidecar/rproxy/pom.xml b/sidecar/rproxy/pom.xml index dd7a07e..ce105a9 100644 --- a/sidecar/rproxy/pom.xml +++ b/sidecar/rproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.10-SNAPSHOT + 2.1.11-SNAPSHOT rproxy diff --git a/sidecar/tproxy-config/pom.xml b/sidecar/tproxy-config/pom.xml index fdac4fb..d981797 100644 --- a/sidecar/tproxy-config/pom.xml +++ b/sidecar/tproxy-config/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.10-SNAPSHOT + 2.1.11-SNAPSHOT tproxy-config diff --git a/version.properties b/version.properties index 1e3a49e..91423b2 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=2 minor=1 -patch=10 +patch=11 base_version=${major}.${minor}.${patch} -- 2.16.6 From ac7cd3ac1cd79eff3a8e20e23e5a550fb68b8af2 Mon Sep 17 00:00:00 2001 From: Sai Gandham Date: Fri, 15 Feb 2019 10:06:31 -0600 Subject: [PATCH 12/16] fix shiro logs looping issue Issue-ID: AAF-655 Change-Id: I6719683718ec8dc2695df1eb14b6b490df5976c5 Signed-off-by: Sai Gandham --- pom.xml | 2 +- shiro-osgi-bundle/pom.xml | 2 +- shiro/pom.xml | 2 +- .../onap/aaf/cadi/shiro/AAFAuthenticationInfo.java | 5 ++- .../onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 13 ++++-- .../aaf/cadi/shiro/AAFPrincipalCollection.java | 5 +++ .../java/org/onap/aaf/cadi/shiro/AAFRealm.java | 52 +++++++++------------- sidecar/fproxy/pom.xml | 2 +- sidecar/pom.xml | 2 +- sidecar/rproxy/pom.xml | 2 +- sidecar/tproxy-config/pom.xml | 2 +- version.properties | 2 +- 12 files changed, 48 insertions(+), 43 deletions(-) diff --git a/pom.xml b/pom.xml index 7e111ff..07b98f9 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 4.0.0 org.onap.aaf.cadi parent - 2.1.11-SNAPSHOT + 2.1.12-SNAPSHOT CADI Plugins Parent pom diff --git a/shiro-osgi-bundle/pom.xml b/shiro-osgi-bundle/pom.xml index d7459ce..3a8647e 100644 --- a/shiro-osgi-bundle/pom.xml +++ b/shiro-osgi-bundle/pom.xml @@ -22,7 +22,7 @@ org.onap.aaf.cadi parent - 2.1.11-SNAPSHOT + 2.1.12-SNAPSHOT .. diff --git a/shiro/pom.xml b/shiro/pom.xml index 1d435b0..09078cc 100644 --- a/shiro/pom.xml +++ b/shiro/pom.xml @@ -22,7 +22,7 @@ org.onap.aaf.cadi parent - 2.1.11-SNAPSHOT + 2.1.12-SNAPSHOT .. diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index 45bdadc..beb9707 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -36,7 +36,7 @@ import org.onap.aaf.cadi.Hash; public class AAFAuthenticationInfo implements AuthenticationInfo { private static final long serialVersionUID = -1502704556864321020L; - final static Logger logger = LoggerFactory.getLogger(AAFAuthenticationInfo.class); + final static Logger logger = LoggerFactory.getLogger(AAFAuthenticationInfo.class); // We assume that Shiro is doing Memory Only, and this salt is not needed cross process private final static int salt = new SecureRandom().nextInt(); @@ -52,11 +52,13 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { } @Override public byte[] getCredentials() { +// logger.info("AAFAuthenticationInfo.getCredentials"); return hash; } @Override public PrincipalCollection getPrincipals() { +// logger.info( "AAFAuthenticationInfo.getPrincipals"); return apc; } @@ -65,6 +67,7 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { UsernamePasswordToken upt = (UsernamePasswordToken)atoken; if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { byte[] newhash = getSaltedCred(new String(upt.getPassword())); + logger.info("Successful authentication attempt by " +upt.getPrincipal()); if(newhash.length==hash.length) { for(int i=0;i getObjectPermissions() { -// access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); +// logger.info("AAFAuthorizationInfo.getObjectPermissions"); synchronized(bait) { if(oPerms == null) { oPerms = new ArrayList(); @@ -72,23 +73,29 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { } } } + + return oPerms; } @Override public Collection getRoles() { +// logger.info("AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection getStringPermissions() { + +// logger.info("AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); -// System.out.println("Replacing | to :" + p.getKey().replace("|",":")); + logger.info("the user has " +p.getKey()); + } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java index 145968d..15fad53 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java @@ -27,11 +27,15 @@ import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Set; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.apache.shiro.subject.PrincipalCollection; public class AAFPrincipalCollection implements PrincipalCollection { + private static final long serialVersionUID = 558246013419818831L; + private static final Logger logger = LoggerFactory.getLogger(AAFPrincipalCollection.class); private static final Set realmSet; private final Principal principal; private List list=null; @@ -44,6 +48,7 @@ public class AAFPrincipalCollection implements PrincipalCollection { public AAFPrincipalCollection(Principal p) { principal = p; + } public AAFPrincipalCollection(final String principalName) { diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 4b24c70..0fc962f 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -30,6 +30,7 @@ import java.util.Map; import java.util.Map.Entry; import java.util.TreeMap; + import org.apache.log4j.PropertyConfigurator; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -55,7 +56,7 @@ import org.slf4j.LoggerFactory; public class AAFRealm extends AuthorizingRealm { - final static Logger logger = LoggerFactory.getLogger(AAFRealm.class); + final static Logger logger = LoggerFactory.getLogger(AAFRealm.class); public static final String AAF_REALM = "AAFRealm"; @@ -80,23 +81,14 @@ public class AAFRealm extends AuthorizingRealm { String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); if(cadi_prop_files==null) { String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; - access.log(Level.DEBUG,msg); + logger.info(msg); throw new RuntimeException(msg); } else { - try { - String log4jConfigFile = "./etc/org.ops4j.pax.logging.cfg"; - - PropertyConfigurator.configure(log4jConfigFile); - System.setOut(createLoggingProxy(System.out)); - System.setErr(createLoggingProxy(System.err)); - } catch(Exception e) { - e.printStackTrace(); - } - //System.out.println("Configuration done"); try { acon = AAFCon.newInstance(access); authn = acon.newAuthn(); authz = acon.newLur(authn); + final String csv = access.getProperty(Config.CADI_BATH_CONVERT); if(csv!=null) { try { @@ -122,39 +114,32 @@ public class AAFRealm extends AuthorizingRealm { } } idMap.put(oldID,newID); + } } catch (IOException e) { -// access.log(e); + logger.info(e.getMessage(), e); } } } catch (APIException | CadiException | LocatorException e) { String msg = "Cannot initiate AAFRealm"; - access.log(Level.INIT,msg,e.getMessage()); + logger.info(msg + " "+ e.getMessage(), e); throw new RuntimeException(msg,e); } } supports = new HashSet>(); supports.add(UsernamePasswordToken.class); } - public static PrintStream createLoggingProxy(final PrintStream realPrintStream) { - return new PrintStream(realPrintStream) { - public void print(final String string) { - realPrintStream.print(string); - logger.info(string); - } - }; - } @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { + logger.info("AAFRealm.doGetAuthenticationInfo :"+token); final UsernamePasswordToken upt = (UsernamePasswordToken)token; final String user = upt.getUsername(); String authUser = user; final String password=new String(upt.getPassword()); String authPassword = password; - if(mbc!=null) { + if(mbc!=null) { try { - final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password); String bath = mbc.convert(access, oldBath); if(bath!=oldBath) { @@ -163,12 +148,12 @@ public class AAFRealm extends AuthorizingRealm { if(colon>=0) { authUser = bath.substring(0, colon); authPassword = bath.substring(colon+1); - access.log(Level.DEBUG, authUser,"user authenticated"); - access.log(Level.DEBUG, authn.validate(authUser,authPassword)); } } } catch (IOException e) { - access.log(e); + + logger.info(e.getMessage(), e); + } } String err; @@ -176,11 +161,11 @@ public class AAFRealm extends AuthorizingRealm { err = authn.validate(authUser,authPassword); } catch (IOException e) { err = "Credential cannot be validated"; - access.log(Level.DEBUG, e, err); + logger.info(e.getMessage(), e); } if(err != null) { - access.log(Level.DEBUG, err, " - Credential cannot be validated"); + logger.info(err); throw new AuthenticationException(err); } @@ -188,29 +173,34 @@ public class AAFRealm extends AuthorizingRealm { access, user, password - ); - } @Override protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException { + if(ai instanceof AAFAuthenticationInfo) { if(!((AAFAuthenticationInfo)ai).matches(atoken)) { throw new AuthenticationException("Credentials do not match"); + } + } else { throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo"); + } } + + @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Principal bait = (Principal)principals.getPrimaryPrincipal(); Principal newBait = bait; if(idMap!=null) { final String newID = idMap.get(bait.getName()); + logger.info("Successful authentication attempt by " +bait.getName()); if(newID!=null) { newBait = new Principal() { @Override diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml index 1a63ea5..cebcafd 100644 --- a/sidecar/fproxy/pom.xml +++ b/sidecar/fproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.11-SNAPSHOT + 2.1.12-SNAPSHOT fproxy diff --git a/sidecar/pom.xml b/sidecar/pom.xml index 2d5f678..00daa15 100644 --- a/sidecar/pom.xml +++ b/sidecar/pom.xml @@ -20,7 +20,7 @@ org.onap.aaf.cadi parent - 2.1.11-SNAPSHOT + 2.1.12-SNAPSHOT .. 4.0.0 diff --git a/sidecar/rproxy/pom.xml b/sidecar/rproxy/pom.xml index ce105a9..6a313c1 100644 --- a/sidecar/rproxy/pom.xml +++ b/sidecar/rproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.11-SNAPSHOT + 2.1.12-SNAPSHOT rproxy diff --git a/sidecar/tproxy-config/pom.xml b/sidecar/tproxy-config/pom.xml index d981797..561f9fa 100644 --- a/sidecar/tproxy-config/pom.xml +++ b/sidecar/tproxy-config/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.11-SNAPSHOT + 2.1.12-SNAPSHOT tproxy-config diff --git a/version.properties b/version.properties index 91423b2..d6fc8bd 100644 --- a/version.properties +++ b/version.properties @@ -27,7 +27,7 @@ major=2 minor=1 -patch=11 +patch=12 base_version=${major}.${minor}.${patch} -- 2.16.6 From 4a698c2e3d926fd69673eea8b15a78bc7770a29c Mon Sep 17 00:00:00 2001 From: Instrumental Date: Fri, 22 Feb 2019 13:52:58 -0600 Subject: [PATCH 13/16] Add Multi-Realm class handling Also, improve Logging Issue-ID: AAF-771 Change-Id: I4cf286b5c474596f5e824e5204598cf0c1bb014c Signed-off-by: Instrumental --- pom.xml | 10 +- shiro-osgi-bundle/pom.xml | 2 +- shiro/pom.xml | 18 +- .../onap/aaf/cadi/shiro/AAFAuthenticationInfo.java | 14 +- .../onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 17 +- .../aaf/cadi/shiro/AAFPrincipalCollection.java | 3 - .../java/org/onap/aaf/cadi/shiro/AAFRealm.java | 270 ++++++++++++++------- .../org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java | 8 +- sidecar/fproxy/pom.xml | 2 +- sidecar/pom.xml | 2 +- sidecar/rproxy/pom.xml | 2 +- sidecar/tproxy-config/pom.xml | 2 +- 12 files changed, 219 insertions(+), 131 deletions(-) diff --git a/pom.xml b/pom.xml index 07b98f9..c88f47a 100644 --- a/pom.xml +++ b/pom.xml @@ -22,7 +22,7 @@ 4.0.0 org.onap.aaf.cadi parent - 2.1.12-SNAPSHOT + 2.1.13-SNAPSHOT CADI Plugins Parent pom @@ -214,6 +214,14 @@ ${cadi.version} + + org.apache.shiro + shiro-core + 1.3.2 + + + + org.apache.shiro shiro-core - 1.3.2 + + org.slf4j + slf4j-api + + + + ch.qos.logback + logback-classic + test + diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index beb9707..99e387d 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -24,20 +24,17 @@ import java.nio.ByteBuffer; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.subject.PrincipalCollection; import org.onap.aaf.cadi.Access; +import org.onap.aaf.cadi.Access.Level; import org.onap.aaf.cadi.Hash; public class AAFAuthenticationInfo implements AuthenticationInfo { private static final long serialVersionUID = -1502704556864321020L; - final static Logger logger = LoggerFactory.getLogger(AAFAuthenticationInfo.class); - // We assume that Shiro is doing Memory Only, and this salt is not needed cross process private final static int salt = new SecureRandom().nextInt(); @@ -50,15 +47,16 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { apc = new AAFPrincipalCollection(username); hash = getSaltedCred(password); } + @Override public byte[] getCredentials() { -// logger.info("AAFAuthenticationInfo.getCredentials"); + access.log(Level.DEBUG, "AAFAuthenticationInfo.getCredentials"); return hash; } @Override public PrincipalCollection getPrincipals() { -// logger.info( "AAFAuthenticationInfo.getPrincipals"); + access.log(Level.DEBUG, "AAFAuthenticationInfo.getPrincipals"); return apc; } @@ -67,7 +65,7 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { UsernamePasswordToken upt = (UsernamePasswordToken)atoken; if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { byte[] newhash = getSaltedCred(new String(upt.getPassword())); - logger.info("Successful authentication attempt by " +upt.getPrincipal()); + access.printf(Level.INFO,"Successful authentication attempt by %s",upt.getPrincipal()); if(newhash.length==hash.length) { for(int i=0;i pond; @@ -55,7 +51,6 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { this.pond = pond; sPerms=null; oPerms=null; - } public Principal principal() { @@ -64,7 +59,7 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { @Override public Collection getObjectPermissions() { -// logger.info("AAFAuthorizationInfo.getObjectPermissions"); + access.log(Level.DEBUG, "AAFAuthorizationInfo.getObjectPermissions"); synchronized(bait) { if(oPerms == null) { oPerms = new ArrayList(); @@ -73,29 +68,25 @@ public class AAFAuthorizationInfo implements AuthorizationInfo { } } } - - return oPerms; } @Override public Collection getRoles() { -// logger.info("AAFAuthorizationInfo.getRoles"); + access.log(Level.INFO,"AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection getStringPermissions() { - -// logger.info("AAFAuthorizationInfo.getStringPermissions"); + access.log(Level.INFO,"AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); - logger.info("the user has " +p.getKey()); - + access.printf(Level.INFO,"the user has %s",p.getKey()); } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java index 15fad53..3998aa5 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFPrincipalCollection.java @@ -27,15 +27,12 @@ import java.util.HashSet; import java.util.Iterator; import java.util.List; import java.util.Set; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.apache.shiro.subject.PrincipalCollection; public class AAFPrincipalCollection implements PrincipalCollection { private static final long serialVersionUID = 558246013419818831L; - private static final Logger logger = LoggerFactory.getLogger(AAFPrincipalCollection.class); private static final Set realmSet; private final Principal principal; private List list=null; diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 0fc962f..52bf354 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -21,17 +21,15 @@ package org.onap.aaf.cadi.shiro; import java.io.IOException; -import java.io.PrintStream; import java.security.Principal; import java.util.ArrayList; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.TreeMap; +import java.util.Set; +import java.util.concurrent.ConcurrentHashMap; +import java.util.concurrent.ConcurrentSkipListSet; - -import org.apache.log4j.PropertyConfigurator; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; @@ -55,93 +53,186 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; public class AAFRealm extends AuthorizingRealm { - - final static Logger logger = LoggerFactory.getLogger(AAFRealm.class); - public static final String AAF_REALM = "AAFRealm"; + private static final Logger logger = LoggerFactory.getLogger(AAFRealm.class); + private static Singleton singleton = Singleton.singleton(); - private PropAccess access; - private AAFCon acon; - private AAFAuthn authn; - private HashSet> supports; - private AAFLurPerm authz; - private MapBathConverter mbc; - private Map idMap; - - - /** - * - * There appears to be no configuration objects or references available for CADI to start with. - * - */ - public AAFRealm () { - access = new PropAccess(); // pick up cadi_prop_files from VM_Args - mbc = null; - idMap = null; - String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); - if(cadi_prop_files==null) { - String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; - logger.info(msg); - throw new RuntimeException(msg); - } else { - try { - acon = AAFCon.newInstance(access); - authn = acon.newAuthn(); - authz = acon.newLur(authn); - - final String csv = access.getProperty(Config.CADI_BATH_CONVERT); - if(csv!=null) { - try { - mbc = new MapBathConverter(access, new CSV(csv)); - logger.info("MapBathConversion enabled with file "+csv); - idMap = new TreeMap(); - // Load - for(Entry es : mbc.map().entrySet()) { - String oldID = es.getKey(); - if(oldID.startsWith("Basic ")) { - oldID = Symm.base64noSplit.decode(oldID.substring(6)); - int idx = oldID.indexOf(':'); - if(idx>=0) { - oldID = oldID.substring(0, idx); + private static class Singleton { + private AAFCon acon; + private AAFAuthn authn; + private Set> supports; + private AAFLurPerm authz; + private MapBathConverter mbc; + private Map idMap; + private Singleton() { + mbc = null; + idMap = null; + String cadi_prop_files = access.getProperty(Config.CADI_PROP_FILES); + if(cadi_prop_files==null) { + String msg = Config.CADI_PROP_FILES + " in VM Args is required to initialize AAFRealm."; + access.log(Level.INFO,msg); + throw new RuntimeException(msg); + } else { + try { + acon = AAFCon.newInstance(access); + authn = acon.newAuthn(); + authz = acon.newLur(authn); + + final String csv = access.getProperty(Config.CADI_BATH_CONVERT); + if(csv!=null) { + try { + mbc = new MapBathConverter(access, new CSV(csv)); + access.log(Level.INFO, "MapBathConversion enabled with file ",csv); + idMap = new ConcurrentHashMap(); + // Load + for(Entry es : mbc.map().entrySet()) { + String oldID = es.getKey(); + if(oldID.startsWith("Basic ")) { + oldID = Symm.base64noSplit.decode(oldID.substring(6)); + int idx = oldID.indexOf(':'); + if(idx>=0) { + oldID = oldID.substring(0, idx); + } } - } - String newID = es.getValue(); - if(newID.startsWith("Basic ")) { - newID = Symm.base64noSplit.decode(newID.substring(6)); - int idx = newID.indexOf(':'); - if(idx>=0) { - newID = newID.substring(0, idx); + String newID = es.getValue(); + if(newID.startsWith("Basic ")) { + newID = Symm.base64noSplit.decode(newID.substring(6)); + int idx = newID.indexOf(':'); + if(idx>=0) { + newID = newID.substring(0, idx); + } } + idMap.put(oldID,newID); + } - idMap.put(oldID,newID); - + } catch (IOException e) { + access.log(e); } - } catch (IOException e) { - logger.info(e.getMessage(), e); } + } catch (APIException | CadiException | LocatorException e) { + String msg = "Cannot initiate AAFRealm"; + access.log(Level.ERROR,e,msg); + throw new RuntimeException(msg,e); } - } catch (APIException | CadiException | LocatorException e) { - String msg = "Cannot initiate AAFRealm"; - logger.info(msg + " "+ e.getMessage(), e); - throw new RuntimeException(msg,e); } + supports = new ConcurrentSkipListSet<>(); + supports.add(UsernamePasswordToken.class); } - supports = new HashSet>(); - supports.add(UsernamePasswordToken.class); - } + + public static synchronized Singleton singleton() { + if(singleton==null) { + singleton = new Singleton(); + } + return singleton; + } + + // pick up cadi_prop_files from VM_Args + private final PropAccess access = new PropAccess() { + @Override + public void log(Exception e, Object... elements) { + logger.error(buildMsg(Level.ERROR, elements).toString(),e); + } + + @Override + public void log(Level level, Object... elements) { + if(willLog(level)) { + String str = buildMsg(level, elements).toString(); + switch(level) { + case WARN: + case AUDIT: + logger.warn(str); + break; + case DEBUG: + logger.debug(str); + break; + case ERROR: + logger.warn(str); + break; + case INFO: + case INIT: + logger.info(str); + break; + case NONE: + break; + case TRACE: + logger.trace(str); + break; + } + } + } + + @Override + public void printf(Level level, String fmt, Object... elements) { + if(willLog(level)) { + String str = String.format(fmt, elements); + switch(level) { + case WARN: + case AUDIT: + logger.warn(str); + break; + case DEBUG: + logger.debug(str); + break; + case ERROR: + logger.warn(str); + break; + case INFO: + case INIT: + logger.info(str); + break; + case NONE: + break; + case TRACE: + logger.trace(str); + break; + } + } + } + + @Override + public boolean willLog(Level level) { + if(super.willLog(level)) { + switch(level) { + case AUDIT: + return logger.isWarnEnabled(); + case DEBUG: + return logger.isDebugEnabled(); + case ERROR: + return logger.isErrorEnabled(); + case INFO: + case INIT: + return logger.isInfoEnabled(); + case NONE: + return false; + case TRACE: + return logger.isTraceEnabled(); + case WARN: + return logger.isWarnEnabled(); + + } + } + return false; + } + }; + } + + /** + * + * There appears to be no configuration objects or references available for CADI to start with. + * + */ @Override protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException { - logger.info("AAFRealm.doGetAuthenticationInfo :"+token); final UsernamePasswordToken upt = (UsernamePasswordToken)token; final String user = upt.getUsername(); String authUser = user; final String password=new String(upt.getPassword()); String authPassword = password; - if(mbc!=null) { + if(singleton.mbc!=null) { try { final String oldBath = "Basic " + Symm.base64noSplit.encode(user+':'+password); - String bath = mbc.convert(access, oldBath); + String bath = singleton.mbc.convert(singleton.access, oldBath); if(bath!=oldBath) { bath = Symm.base64noSplit.decode(bath.substring(6)); int colon = bath.indexOf(':'); @@ -151,26 +242,23 @@ public class AAFRealm extends AuthorizingRealm { } } } catch (IOException e) { - - logger.info(e.getMessage(), e); - + singleton.access.log(e); } } String err; try { - err = authn.validate(authUser,authPassword); + err = singleton.authn.validate(authUser,authPassword); + if(err != null) { + singleton.access.log(Level.INFO, err); + throw new AuthenticationException(err); + } + } catch (IOException e) { - err = "Credential cannot be validated"; - logger.info(e.getMessage(), e); + singleton.access.log(e,"Credential cannot be validated"); } - if(err != null) { - logger.info(err); - throw new AuthenticationException(err); - } - return new AAFAuthenticationInfo( - access, + singleton.access, user, password ); @@ -182,7 +270,6 @@ public class AAFRealm extends AuthorizingRealm { if(ai instanceof AAFAuthenticationInfo) { if(!((AAFAuthenticationInfo)ai).matches(atoken)) { throw new AuthenticationException("Credentials do not match"); - } } else { @@ -198,9 +285,9 @@ public class AAFRealm extends AuthorizingRealm { protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Principal bait = (Principal)principals.getPrimaryPrincipal(); Principal newBait = bait; - if(idMap!=null) { - final String newID = idMap.get(bait.getName()); - logger.info("Successful authentication attempt by " +bait.getName()); + if(singleton.idMap!=null) { + final String newID = singleton.idMap.get(bait.getName()); + singleton.access.printf(Level.INFO,"Successful authentication attempt by %s",bait.getName()); if(newID!=null) { newBait = new Principal() { @Override @@ -211,14 +298,13 @@ public class AAFRealm extends AuthorizingRealm { } } List pond = new ArrayList<>(); - authz.fishAll(newBait,pond); - return new AAFAuthorizationInfo(access,bait,pond); - + singleton.authz.fishAll(newBait,pond); + return new AAFAuthorizationInfo(singleton.access,bait,pond); } @Override public boolean supports(AuthenticationToken token) { - return supports.contains(token.getClass()); + return singleton.supports.contains(token.getClass()); } @Override diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java index 281f8ad..f49ecb4 100644 --- a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java +++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java @@ -27,18 +27,20 @@ import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.apache.shiro.subject.PrincipalCollection; +import org.junit.Test; import org.onap.aaf.cadi.aaf.AAFPermission; +import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.shiro.AAFRealm; import org.onap.aaf.cadi.shiro.AAFShiroPermission; import junit.framework.Assert; public class JU_AAFRealm { -/* - @Test + public void test() { // NOTE This is a live test. This JUnit needs to be built with "Mock" before it can be // an official JUNIT + try { System.setProperty(Config.CADI_PROP_FILES, "/opt/app/osaaf/local/org.onap.aai.props"); TestAAFRealm ar = new TestAAFRealm(); @@ -61,7 +63,7 @@ public class JU_AAFRealm { Assert.fail(); } } - */ + private void testAPerm(boolean expect, AuthorizationInfo azi, String ns, String type, String instance, String action) { AAFShiroPermission testPerm = new AAFShiroPermission(new AAFPermission(ns,type,instance,action,new ArrayList())); diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml index cebcafd..5ad8b38 100644 --- a/sidecar/fproxy/pom.xml +++ b/sidecar/fproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.12-SNAPSHOT + 2.1.13-SNAPSHOT fproxy diff --git a/sidecar/pom.xml b/sidecar/pom.xml index 00daa15..0c9e5e3 100644 --- a/sidecar/pom.xml +++ b/sidecar/pom.xml @@ -20,7 +20,7 @@ org.onap.aaf.cadi parent - 2.1.12-SNAPSHOT + 2.1.13-SNAPSHOT .. 4.0.0 diff --git a/sidecar/rproxy/pom.xml b/sidecar/rproxy/pom.xml index 6a313c1..d1d7c22 100644 --- a/sidecar/rproxy/pom.xml +++ b/sidecar/rproxy/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.12-SNAPSHOT + 2.1.13-SNAPSHOT rproxy diff --git a/sidecar/tproxy-config/pom.xml b/sidecar/tproxy-config/pom.xml index 561f9fa..63643d3 100644 --- a/sidecar/tproxy-config/pom.xml +++ b/sidecar/tproxy-config/pom.xml @@ -24,7 +24,7 @@ org.onap.aaf.cadi.sidecar sidecar - 2.1.12-SNAPSHOT + 2.1.13-SNAPSHOT tproxy-config -- 2.16.6 From 004851a114cc06933368ffe55fd58f0d010debb0 Mon Sep 17 00:00:00 2001 From: Instrumental Date: Fri, 22 Feb 2019 16:19:44 -0600 Subject: [PATCH 14/16] Choose better Concurrency Object Issue-ID: AAF-771: Change-Id: I112120d380f34a86890b83889880337199e21f57 Signed-off-by: Instrumental --- .../onap/aaf/cadi/shiro/AAFAuthenticationInfo.java | 3 ++- .../org/onap/aaf/cadi/shiro/AAFAuthorizationInfo.java | 6 +++--- .../main/java/org/onap/aaf/cadi/shiro/AAFRealm.java | 19 +++++++++---------- .../org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java | 5 ++++- 4 files changed, 18 insertions(+), 15 deletions(-) diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java index 99e387d..d936794 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFAuthenticationInfo.java @@ -65,19 +65,20 @@ public class AAFAuthenticationInfo implements AuthenticationInfo { UsernamePasswordToken upt = (UsernamePasswordToken)atoken; if(apc.getPrimaryPrincipal().getName().equals(upt.getPrincipal())) { byte[] newhash = getSaltedCred(new String(upt.getPassword())); - access.printf(Level.INFO,"Successful authentication attempt by %s",upt.getPrincipal()); if(newhash.length==hash.length) { for(int i=0;i getRoles() { - access.log(Level.INFO,"AAFAuthorizationInfo.getRoles"); + access.log(Level.DEBUG,"AAFAuthorizationInfo.getRoles"); // Until we decide to make Roles available, tie into String based permissions. return getStringPermissions(); } @Override public Collection getStringPermissions() { - access.log(Level.INFO,"AAFAuthorizationInfo.getStringPermissions"); + access.log(Level.DEBUG,"AAFAuthorizationInfo.getStringPermissions"); synchronized(bait) { if(sPerms == null) { sPerms = new ArrayList(); for(org.onap.aaf.cadi.Permission p : pond) { sPerms.add(p.getKey().replace("|",":")); - access.printf(Level.INFO,"the user has %s",p.getKey()); + access.printf(Level.INFO,"%s has %s",bait.getName(),p.getKey()); } } } diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index 52bf354..dbc57d7 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -23,12 +23,13 @@ package org.onap.aaf.cadi.shiro; import java.io.IOException; import java.security.Principal; import java.util.ArrayList; +import java.util.Collections; +import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.Set; -import java.util.concurrent.ConcurrentHashMap; -import java.util.concurrent.ConcurrentSkipListSet; +import java.util.TreeMap; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; @@ -83,7 +84,7 @@ public class AAFRealm extends AuthorizingRealm { try { mbc = new MapBathConverter(access, new CSV(csv)); access.log(Level.INFO, "MapBathConversion enabled with file ",csv); - idMap = new ConcurrentHashMap(); + idMap = Collections.synchronizedMap(new TreeMap()); // Load for(Entry es : mbc.map().entrySet()) { String oldID = es.getKey(); @@ -115,7 +116,7 @@ public class AAFRealm extends AuthorizingRealm { throw new RuntimeException(msg,e); } } - supports = new ConcurrentSkipListSet<>(); + supports = Collections.synchronizedSet(new HashSet<>()); supports.add(UsernamePasswordToken.class); } @@ -146,7 +147,7 @@ public class AAFRealm extends AuthorizingRealm { logger.debug(str); break; case ERROR: - logger.warn(str); + logger.error(str); break; case INFO: case INIT: @@ -174,7 +175,7 @@ public class AAFRealm extends AuthorizingRealm { logger.debug(str); break; case ERROR: - logger.warn(str); + logger.error(str); break; case INFO: case INIT: @@ -193,6 +194,7 @@ public class AAFRealm extends AuthorizingRealm { public boolean willLog(Level level) { if(super.willLog(level)) { switch(level) { + case WARN: case AUDIT: return logger.isWarnEnabled(); case DEBUG: @@ -206,9 +208,6 @@ public class AAFRealm extends AuthorizingRealm { return false; case TRACE: return logger.isTraceEnabled(); - case WARN: - return logger.isWarnEnabled(); - } } return false; @@ -287,8 +286,8 @@ public class AAFRealm extends AuthorizingRealm { Principal newBait = bait; if(singleton.idMap!=null) { final String newID = singleton.idMap.get(bait.getName()); - singleton.access.printf(Level.INFO,"Successful authentication attempt by %s",bait.getName()); if(newID!=null) { + singleton.access.printf(Level.INFO,"Successful authentication Translation %s to %s",bait.getName(), newID); newBait = new Principal() { @Override public String getName() { diff --git a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java index f49ecb4..f159a8f 100644 --- a/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java +++ b/shiro/src/test/java/org/onap/aaf/cadi/shiro/test/JU_AAFRealm.java @@ -27,13 +27,14 @@ import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.Permission; import org.apache.shiro.subject.PrincipalCollection; +import org.junit.Assert; import org.junit.Test; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.aaf.cadi.config.Config; import org.onap.aaf.cadi.shiro.AAFRealm; import org.onap.aaf.cadi.shiro.AAFShiroPermission; -import junit.framework.Assert; + public class JU_AAFRealm { @@ -58,6 +59,8 @@ public class JU_AAFRealm { testAPerm(false,azi,"org.osaaf.nons","resources","something","get"); // testAPerm(true,azi,"name","org.access","something","*"); // testAPerm(false,azi,"org.accessX","something","*"); + + Assert.assertEquals(true,ar.supports(upt)); } catch (Throwable t) { t.printStackTrace(); Assert.fail(); -- 2.16.6 From b169754b801f8a7f8790796cf666f2c2ed6b5e1a Mon Sep 17 00:00:00 2001 From: Instrumental Date: Sat, 23 Feb 2019 09:21:01 -0600 Subject: [PATCH 15/16] Testing final edition, Shiro Issue-ID: AAF-771 Change-Id: Ia86066e986a92756ad5ac9210fbdb4002de0bb23 Signed-off-by: Instrumental --- pom.xml | 2 +- .../java/org/onap/aaf/cadi/shiro/AAFRealm.java | 23 +++++++++------------- 2 files changed, 10 insertions(+), 15 deletions(-) diff --git a/pom.xml b/pom.xml index c88f47a..4b9f5e7 100644 --- a/pom.xml +++ b/pom.xml @@ -34,7 +34,7 @@ - 2.1.8 + 2.1.10-SNAPSHOT UTF-8 diff --git a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java index dbc57d7..c455a4d 100644 --- a/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java +++ b/shiro/src/main/java/org/onap/aaf/cadi/shiro/AAFRealm.java @@ -24,11 +24,9 @@ import java.io.IOException; import java.security.Principal; import java.util.ArrayList; import java.util.Collections; -import java.util.HashSet; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.Set; import java.util.TreeMap; import org.apache.shiro.authc.AuthenticationException; @@ -61,7 +59,7 @@ public class AAFRealm extends AuthorizingRealm { private static class Singleton { private AAFCon acon; private AAFAuthn authn; - private Set> supports; +// private Set> supports; private AAFLurPerm authz; private MapBathConverter mbc; private Map idMap; @@ -82,7 +80,7 @@ public class AAFRealm extends AuthorizingRealm { final String csv = access.getProperty(Config.CADI_BATH_CONVERT); if(csv!=null) { try { - mbc = new MapBathConverter(access, new CSV(csv)); + mbc = new MapBathConverter(access, new CSV(access,csv)); access.log(Level.INFO, "MapBathConversion enabled with file ",csv); idMap = Collections.synchronizedMap(new TreeMap()); // Load @@ -104,7 +102,6 @@ public class AAFRealm extends AuthorizingRealm { } } idMap.put(oldID,newID); - } } catch (IOException e) { access.log(e); @@ -116,8 +113,10 @@ public class AAFRealm extends AuthorizingRealm { throw new RuntimeException(msg,e); } } - supports = Collections.synchronizedSet(new HashSet<>()); - supports.add(UsernamePasswordToken.class); + + // There is only one of these. If there are more, put back +// supports = Collections.synchronizedSet(new HashSet<>()); +// supports.add(UsernamePasswordToken.class); } public static synchronized Singleton singleton() { @@ -265,21 +264,15 @@ public class AAFRealm extends AuthorizingRealm { @Override protected void assertCredentialsMatch(AuthenticationToken atoken, AuthenticationInfo ai)throws AuthenticationException { - if(ai instanceof AAFAuthenticationInfo) { if(!((AAFAuthenticationInfo)ai).matches(atoken)) { throw new AuthenticationException("Credentials do not match"); } - } else { throw new AuthenticationException("AuthenticationInfo is not an AAFAuthenticationInfo"); - } } - - - @Override protected AAFAuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) { Principal bait = (Principal)principals.getPrimaryPrincipal(); @@ -303,7 +296,9 @@ public class AAFRealm extends AuthorizingRealm { @Override public boolean supports(AuthenticationToken token) { - return singleton.supports.contains(token.getClass()); + // Only one was being loaded. If more are needed uncomment the multi-class mode + return UsernamePasswordToken.class.equals(token); +// return singleton.supports.contains(token.getClass()); } @Override -- 2.16.6 From 4c9af8153a08505d9fed4b3bd1ccc8943090efbd Mon Sep 17 00:00:00 2001 From: Instrumental Date: Wed, 27 Feb 2019 19:05:42 -0600 Subject: [PATCH 16/16] Change version to use AAF 2.1.10 Issue-ID: AAF-771 Change-Id: I6c487e04c95f135c67399e2445a42a13c0dce9ae Signed-off-by: Instrumental --- pom.xml | 2 +- version.properties | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 4b9f5e7..d385804 100644 --- a/pom.xml +++ b/pom.xml @@ -34,7 +34,7 @@ - 2.1.10-SNAPSHOT + 2.1.10 UTF-8 diff --git a/version.properties b/version.properties index d6fc8bd..cb8a88f 100644 --- a/version.properties +++ b/version.properties @@ -25,9 +25,10 @@ # Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... ) # because they are used in Jenkins, whose plug-in doesn't support +# This TAG 2.1.13 is here to help remember to change this file. Keep it up to date with the following "real" entries: major=2 minor=1 -patch=12 +patch=13 base_version=${major}.${minor}.${patch} -- 2.16.6