Update oauth-provider to use new OSGi APIs

author Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>

Tue, 14 Mar 2023 13:14:49 +0000 (18:44 +0530)

committer Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>

Tue, 14 Mar 2023 13:15:05 +0000 (18:45 +0530)
author Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
Tue, 14 Mar 2023 13:14:49 +0000 (18:44 +0530)
committer Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
Tue, 14 Mar 2023 13:15:05 +0000 (18:45 +0530)
diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/provider-jar/pom.xml

index 24489d4..6c8f72e 100644 (file)
--- a/sdnr/wt/oauth-provider/provider-jar/pom.xml
+++ b/sdnr/wt/oauth-provider/provider-jar/pom.xml
@@ -22,6 +22,7 @@
    ~ ============LICENSE_END=======================================================
    ~
    -->
+
  <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
      <modelVersion>4.0.0</modelVersion>
  
@@ -133,8 +134,8 @@
              <scope>provided</scope>
          </dependency>
          <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
+            <groupId>jakarta.servlet</groupId>
+            <artifactId>jakarta.servlet-api</artifactId>
              <scope>provided</scope>
          </dependency>
          <dependency>
@@ -178,5 +179,11 @@
              <artifactId>org.osgi.core</artifactId>
              <scope>test</scope>
          </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>osgi.cmpn</artifactId>
+            <version>7.0.0</version>
+            <scope>compile</scope>
+        </dependency>
      </dependencies>
  </project>
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java

new file mode 100644 (file)

index 0000000..38947a1
--- /dev/null
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java
@@ -0,0 +1,66 @@
+package org.onap.ccsdk.features.sdnr.wt.oauthprovider;
+
+import org.jolokia.osgi.security.Authenticator;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet;
+import org.opendaylight.aaa.api.IdMService;
+import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
+import org.osgi.service.http.HttpService;
+import org.osgi.service.http.NamespaceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.ServletException;
+import java.io.IOException;
+
+public class Helper {
+
+    private static final Logger LOG = LoggerFactory.getLogger(Helper.class);
+    private AuthHttpServlet authServlet;
+
+    public Helper() throws UnableToConfigureOAuthService, IOException, InvalidConfigurationException {
+        this.authServlet = new AuthHttpServlet();
+
+    }
+
+    public void onUnbindService(HttpService httpService) {
+        httpService.unregister(AuthHttpServlet.BASEURI);
+        this.authServlet = null;
+    }
+
+    public void onBindService(HttpService httpService)
+            throws ServletException, NamespaceException {
+        if (httpService == null) {
+            LOG.warn("Unable to inject HttpService into loader.");
+        } else {
+            httpService.registerServlet(AuthHttpServlet.BASEURI, authServlet, null, null);
+            LOG.info("auth servlet registered.");
+        }
+    }
+
+    public void setOdlAuthenticator(Authenticator odlAuthenticator) {
+        authServlet.setOdlAuthenticator(odlAuthenticator);
+    }
+
+    public void setOdlIdentityService(IdMService odlIdentityService) {
+        this.authServlet.setOdlIdentityService(odlIdentityService);
+    }
+
+    public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) {
+        this.authServlet.setShiroConfiguration(shiroConfiguration);
+    }
+
+    public void setDataBroker(DataBroker dataBroker) {
+        this.authServlet.setDataBroker(dataBroker);
+    }
+
+    public void init() {
+
+    }
+
+    public void close() {
+
+    }
+}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java

index 6798026..1caec63 100644 (file)
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
@@ -242,14 +242,14 @@ public class Config {
          boolean found = false;
          if (isEnvExpression(key)) {
  
-            LOG.info("try to find env var(s) for {}", key);
+            LOG.debug("try to find env var(s) for {}", key);
              final Matcher matcher = pattern.matcher(key);
              String tmp = new String(key);
              while (matcher.find() && matcher.groupCount() > 0) {
                  final String mkey = matcher.group(1);
                  if (mkey != null) {
                      try {
-                        LOG.info("match found for v={} and env key={}", key, mkey);
+                        LOG.debug("match found for v={} and env key={}", key, mkey);
                          String envvar = mkey.substring(2, mkey.length() - 1);
                          String env = System.getenv(envvar);
                          tmp = tmp.replace(mkey, env == null ? "" : env);
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java

index 7953f31..b84543a 100644 (file)
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
@@ -39,19 +39,26 @@ import javax.servlet.http.HttpServletRequest;
  import javax.servlet.http.HttpServletResponse;
  import org.apache.shiro.SecurityUtils;
  import org.apache.shiro.ShiroException;
+import org.apache.shiro.authc.BearerToken;
  import org.apache.shiro.codec.Base64;
  import org.apache.shiro.session.Session;
  import org.apache.shiro.subject.Subject;
  import org.jolokia.osgi.security.Authenticator;
  import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
  import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
  import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig;
  import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore;
  import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFactory;
  import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
  import org.opendaylight.aaa.api.IdMService;
-import org.apache.shiro.authc.BearerToken;
  import org.opendaylight.mdsal.binding.api.DataBroker;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
  import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
@@ -63,7 +70,7 @@ public class AuthHttpServlet extends HttpServlet {
  
      private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName());
      private static final long serialVersionUID = 1L;
-    private static final String BASEURI = "/oauth";
+    public static final String BASEURI = "/oauth";
      private static final String LOGINURI = BASEURI + "/login";
      private static final String LOGOUTURI = BASEURI + "/logout";
      private static final String PROVIDERSURI = BASEURI + "/providers";
@@ -107,7 +114,6 @@ public class AuthHttpServlet extends HttpServlet {
              this.providerStore.put(pc.getId(), OAuthProviderFactory.create(pc.getType(), pc,
                      this.config.getRedirectUri(), TokenCreator.getInstance(this.config)));
          }
-
      }
  
      public void setOdlAuthenticator(Authenticator odlAuthenticator2) {
@@ -148,20 +154,27 @@ public class AuthHttpServlet extends HttpServlet {
  
      private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
          final String bearerToken = this.tokenCreator.getBearerToken(req, true);
+        String redirectUrl = req.getParameter(LOGOUT_REDIRECT_URL_PARAMETER);
+        if (redirectUrl == null) {
+            redirectUrl = this.config.getPublicUrl();
+        }
+        // if nothing configured and nothing from request
+        if(redirectUrl == null || redirectUrl.isBlank()){
+            redirectUrl="/";
+        }
          UserTokenPayload userInfo = this.tokenCreator.decode(bearerToken);
-        if (bearerToken != null && userInfo!=null && !userInfo.isInternal()) {
+        if (bearerToken != null && userInfo != null && !userInfo.isInternal()) {
              AuthService provider = this.providerStore.getOrDefault(userInfo.getProviderId(), null);
+
              if (provider != null) {
-                String redirectUrl = req.getParameter(LOGOUT_REDIRECT_URL_PARAMETER);
-                if (redirectUrl == null) {
-                    redirectUrl = this.config.getPublicUrl();
-                }
                  provider.sendLogoutRedirectResponse(bearerToken, resp, redirectUrl);
+                this.logout();
                  return;
              }
          }
          this.logout();
-        this.sendResponse(resp, HttpServletResponse.SC_OK);
+        resp.sendRedirect(redirectUrl);
+
      }
  
      private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException {
@@ -386,7 +399,7 @@ public class AuthHttpServlet extends HttpServlet {
                  hostUrl = matcher.group(1);
              }
          }
-        LOG.info("host={}", hostUrl);
+        LOG.debug("host={}", hostUrl);
          return hostUrl;
  
      }
@@ -424,7 +437,7 @@ public class AuthHttpServlet extends HttpServlet {
      protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
  
          LOG.debug("POST request for {}", req.getRequestURI());
-        if (this.config.loginActive() &&  this.config.doSupportOdlUsers() && LOGINURI.equals(req.getRequestURI())) {
+        if (this.config.loginActive() && this.config.doSupportOdlUsers() && LOGINURI.equals(req.getRequestURI())) {
              final String username = req.getParameter("username");
              final String domain = req.getParameter("domain");
              BearerToken token =
@@ -466,6 +479,7 @@ public class AuthHttpServlet extends HttpServlet {
      private void sendResponse(HttpServletResponse resp, int code) throws IOException {
          this.sendResponse(resp, code, null);
      }
+
      private void sendResponse(HttpServletResponse resp, int code, Object data) throws IOException {
          byte[] output = data != null ? mapper.writeValueAsString(data).getBytes() : new byte[0];
          // output
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java

index d271948..fc68697 100644 (file)
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
@@ -102,7 +102,7 @@ public class GitlabProviderService extends AuthService {
  
      @Override
      protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) {
-        LOG.info("reqesting user roles with token={}", access_token);
+        LOG.debug("reqesting user roles with token={}", access_token);
          Map<String, String> authHeaders = new HashMap<>();
          authHeaders.put("Authorization", String.format("Bearer %s", access_token));
          Optional<MappedBaseHttpResponse<GitlabUserInfo>> userInfo =
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java

index d8720e8..436d478 100644 (file)
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
+++ b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
@@ -157,16 +157,18 @@ public class TokenCreator {
      public String getBearerToken(HttpServletRequest req, boolean checkCookie) {
          final String authHeader = req.getHeader("Authorization");
          if ((authHeader == null || !authHeader.startsWith("Bearer")) && checkCookie) {
-            Cookie[] cookies = req.getCookies();
-            Optional<Cookie> ocookie = Optional.empty();
-            if (cookies != null) {
-                ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
-                        .findFirst();
+            if(req!=null) {
+                Cookie[] cookies = req.getCookies();
+                Optional<Cookie> ocookie = Optional.empty();
+                if (cookies != null) {
+                    ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
+                            .findFirst();
+                }
+                if (ocookie.isEmpty()) {
+                    return null;
+                }
+                return ocookie.get().getValue();
              }
-            if (ocookie.isEmpty()) {
-                return null;
-            }
-            return ocookie.get().getValue();
          }
          return authHeader.substring(7);
      }
diff --git a/sdnr/wt/oauth-provider/provider-osgi/pom.xml b/sdnr/wt/oauth-provider/provider-osgi/pom.xml

index 98bc2ac..8768e92 100644 (file)
--- a/sdnr/wt/oauth-provider/provider-osgi/pom.xml
+++ b/sdnr/wt/oauth-provider/provider-osgi/pom.xml
@@ -22,6 +22,7 @@
    ~ ============LICENSE_END=======================================================
    ~
    -->
+
  <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
      <modelVersion>4.0.0</modelVersion>
  
@@ -131,6 +132,7 @@
                              org.opendaylight.yangtools.concepts,
                              org.opendaylight.yangtools.yang.binding,
                              org.opendaylight.yangtools.yang.common,
+                            org.osgi.service.http,
                              com.fasterxml.jackson.databind,
                              com.fasterxml.jackson.databind.deser.std,
                              com.fasterxml.jackson.databind.ser.std,
diff --git a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml b/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml

index ae11de6..a8258dc 100644 (file)
--- a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
+++ b/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
@@ -31,23 +31,27 @@
      <reference id="odlIdentityService" interface="org.opendaylight.aaa.api.IdMService" />
  
      <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker" />
-    
+
+    <bean id="provider" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.Helper" init-method="init" destroy-method="close">
+        <property ref="odlAuthenticator" name="odlAuthenticator" />
+        <property ref="odlIdentityService" name="odlIdentityService" />
+        <property ref="shiroConfiguration" name="shiroConfiguration" />
+        <property ref="dataBroker" name="dataBroker" />
+    </bean>
+
+    <reference id="onBindService" availability="mandatory" activation="eager" interface="org.osgi.service.http.HttpService">
+        <reference-listener ref="provider" bind-method="onBindService" unbind-method="onUnbindService"/>
+    </reference>
+
      <odl:clustered-app-config
            binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration"
            id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" />
            
-    <bean id="authServlet"
-          class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
+    <bean id="authServlet" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
            <property ref="odlAuthenticator" name="odlAuthenticator" />
            <property ref="odlIdentityService" name="odlIdentityService" />
            <property ref="shiroConfiguration" name="shiroConfiguration" />
            <property ref="dataBroker" name="dataBroker" />
      </bean>
  
-    <service interface="javax.servlet.http.HttpServlet" ref="authServlet">
-        <service-properties>
-            <entry key="alias" value="/oauth"/>
-        </service-properties>
-    </service>
-
  </blueprint>
author	Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
	Tue, 14 Mar 2023 13:14:49 +0000 (18:44 +0530)
committer	Ravi Pendurty <ravi.pendurty@highstreet-technologies.com>
	Tue, 14 Mar 2023 13:15:05 +0000 (18:45 +0530)
sdnr/wt/oauth-provider/provider-jar/pom.xml		patch \| blob \| history
sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java	[new file with mode: 0644]	patch \| blob
sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java		patch \| blob \| history
sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java		patch \| blob \| history
sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java		patch \| blob \| history
sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java		patch \| blob \| history
sdnr/wt/oauth-provider/provider-osgi/pom.xml		patch \| blob \| history
sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml		patch \| blob \| history