~ ============LICENSE_END=======================================================
~
-->
+
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<scope>provided</scope>
</dependency>
<dependency>
- <groupId>javax.servlet</groupId>
- <artifactId>javax.servlet-api</artifactId>
+ <groupId>jakarta.servlet</groupId>
+ <artifactId>jakarta.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<artifactId>org.osgi.core</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.osgi</groupId>
+ <artifactId>osgi.cmpn</artifactId>
+ <version>7.0.0</version>
+ <scope>compile</scope>
+ </dependency>
</dependencies>
</project>
--- /dev/null
+package org.onap.ccsdk.features.sdnr.wt.oauthprovider;
+
+import org.jolokia.osgi.security.Authenticator;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet;
+import org.opendaylight.aaa.api.IdMService;
+import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
+import org.osgi.service.http.HttpService;
+import org.osgi.service.http.NamespaceException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.servlet.ServletException;
+import java.io.IOException;
+
+public class Helper {
+
+ private static final Logger LOG = LoggerFactory.getLogger(Helper.class);
+ private AuthHttpServlet authServlet;
+
+ public Helper() throws UnableToConfigureOAuthService, IOException, InvalidConfigurationException {
+ this.authServlet = new AuthHttpServlet();
+
+ }
+
+ public void onUnbindService(HttpService httpService) {
+ httpService.unregister(AuthHttpServlet.BASEURI);
+ this.authServlet = null;
+ }
+
+ public void onBindService(HttpService httpService)
+ throws ServletException, NamespaceException {
+ if (httpService == null) {
+ LOG.warn("Unable to inject HttpService into loader.");
+ } else {
+ httpService.registerServlet(AuthHttpServlet.BASEURI, authServlet, null, null);
+ LOG.info("auth servlet registered.");
+ }
+ }
+
+ public void setOdlAuthenticator(Authenticator odlAuthenticator) {
+ authServlet.setOdlAuthenticator(odlAuthenticator);
+ }
+
+ public void setOdlIdentityService(IdMService odlIdentityService) {
+ this.authServlet.setOdlIdentityService(odlIdentityService);
+ }
+
+ public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) {
+ this.authServlet.setShiroConfiguration(shiroConfiguration);
+ }
+
+ public void setDataBroker(DataBroker dataBroker) {
+ this.authServlet.setDataBroker(dataBroker);
+ }
+
+ public void init() {
+
+ }
+
+ public void close() {
+
+ }
+}
boolean found = false;
if (isEnvExpression(key)) {
- LOG.info("try to find env var(s) for {}", key);
+ LOG.debug("try to find env var(s) for {}", key);
final Matcher matcher = pattern.matcher(key);
String tmp = new String(key);
while (matcher.find() && matcher.groupCount() > 0) {
final String mkey = matcher.group(1);
if (mkey != null) {
try {
- LOG.info("match found for v={} and env key={}", key, mkey);
+ LOG.debug("match found for v={} and env key={}", key, mkey);
String envvar = mkey.substring(2, mkey.length() - 1);
String env = System.getenv(envvar);
tmp = tmp.replace(mkey, env == null ? "" : env);
import javax.servlet.http.HttpServletResponse;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.ShiroException;
+import org.apache.shiro.authc.BearerToken;
import org.apache.shiro.codec.Base64;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.Subject;
import org.jolokia.osgi.security.Authenticator;
import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFactory;
import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
import org.opendaylight.aaa.api.IdMService;
-import org.apache.shiro.authc.BearerToken;
import org.opendaylight.mdsal.binding.api.DataBroker;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration.Main;
private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName());
private static final long serialVersionUID = 1L;
- private static final String BASEURI = "/oauth";
+ public static final String BASEURI = "/oauth";
private static final String LOGINURI = BASEURI + "/login";
private static final String LOGOUTURI = BASEURI + "/logout";
private static final String PROVIDERSURI = BASEURI + "/providers";
this.providerStore.put(pc.getId(), OAuthProviderFactory.create(pc.getType(), pc,
this.config.getRedirectUri(), TokenCreator.getInstance(this.config)));
}
-
}
public void setOdlAuthenticator(Authenticator odlAuthenticator2) {
private void handleLogout(HttpServletRequest req, HttpServletResponse resp) throws IOException {
final String bearerToken = this.tokenCreator.getBearerToken(req, true);
+ String redirectUrl = req.getParameter(LOGOUT_REDIRECT_URL_PARAMETER);
+ if (redirectUrl == null) {
+ redirectUrl = this.config.getPublicUrl();
+ }
+ // if nothing configured and nothing from request
+ if(redirectUrl == null || redirectUrl.isBlank()){
+ redirectUrl="/";
+ }
UserTokenPayload userInfo = this.tokenCreator.decode(bearerToken);
- if (bearerToken != null && userInfo!=null && !userInfo.isInternal()) {
+ if (bearerToken != null && userInfo != null && !userInfo.isInternal()) {
AuthService provider = this.providerStore.getOrDefault(userInfo.getProviderId(), null);
+
if (provider != null) {
- String redirectUrl = req.getParameter(LOGOUT_REDIRECT_URL_PARAMETER);
- if (redirectUrl == null) {
- redirectUrl = this.config.getPublicUrl();
- }
provider.sendLogoutRedirectResponse(bearerToken, resp, redirectUrl);
+ this.logout();
return;
}
}
this.logout();
- this.sendResponse(resp, HttpServletResponse.SC_OK);
+ resp.sendRedirect(redirectUrl);
+
}
private void handleLoginRedirect(HttpServletRequest req, HttpServletResponse resp) throws IOException {
hostUrl = matcher.group(1);
}
}
- LOG.info("host={}", hostUrl);
+ LOG.debug("host={}", hostUrl);
return hostUrl;
}
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
LOG.debug("POST request for {}", req.getRequestURI());
- if (this.config.loginActive() && this.config.doSupportOdlUsers() && LOGINURI.equals(req.getRequestURI())) {
+ if (this.config.loginActive() && this.config.doSupportOdlUsers() && LOGINURI.equals(req.getRequestURI())) {
final String username = req.getParameter("username");
final String domain = req.getParameter("domain");
BearerToken token =
private void sendResponse(HttpServletResponse resp, int code) throws IOException {
this.sendResponse(resp, code, null);
}
+
private void sendResponse(HttpServletResponse resp, int code, Object data) throws IOException {
byte[] output = data != null ? mapper.writeValueAsString(data).getBytes() : new byte[0];
// output
@Override
protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) {
- LOG.info("reqesting user roles with token={}", access_token);
+ LOG.debug("reqesting user roles with token={}", access_token);
Map<String, String> authHeaders = new HashMap<>();
authHeaders.put("Authorization", String.format("Bearer %s", access_token));
Optional<MappedBaseHttpResponse<GitlabUserInfo>> userInfo =
public String getBearerToken(HttpServletRequest req, boolean checkCookie) {
final String authHeader = req.getHeader("Authorization");
if ((authHeader == null || !authHeader.startsWith("Bearer")) && checkCookie) {
- Cookie[] cookies = req.getCookies();
- Optional<Cookie> ocookie = Optional.empty();
- if (cookies != null) {
- ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
- .findFirst();
+ if(req!=null) {
+ Cookie[] cookies = req.getCookies();
+ Optional<Cookie> ocookie = Optional.empty();
+ if (cookies != null) {
+ ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
+ .findFirst();
+ }
+ if (ocookie.isEmpty()) {
+ return null;
+ }
+ return ocookie.get().getValue();
}
- if (ocookie.isEmpty()) {
- return null;
- }
- return ocookie.get().getValue();
}
return authHeader.substring(7);
}
~ ============LICENSE_END=======================================================
~
-->
+
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
org.opendaylight.yangtools.concepts,
org.opendaylight.yangtools.yang.binding,
org.opendaylight.yangtools.yang.common,
+ org.osgi.service.http,
com.fasterxml.jackson.databind,
com.fasterxml.jackson.databind.deser.std,
com.fasterxml.jackson.databind.ser.std,
<reference id="odlIdentityService" interface="org.opendaylight.aaa.api.IdMService" />
<reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker" />
-
+
+ <bean id="provider" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.Helper" init-method="init" destroy-method="close">
+ <property ref="odlAuthenticator" name="odlAuthenticator" />
+ <property ref="odlIdentityService" name="odlIdentityService" />
+ <property ref="shiroConfiguration" name="shiroConfiguration" />
+ <property ref="dataBroker" name="dataBroker" />
+ </bean>
+
+ <reference id="onBindService" availability="mandatory" activation="eager" interface="org.osgi.service.http.HttpService">
+ <reference-listener ref="provider" bind-method="onBindService" unbind-method="onUnbindService"/>
+ </reference>
+
<odl:clustered-app-config
binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration"
id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" />
- <bean id="authServlet"
- class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
+ <bean id="authServlet" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
<property ref="odlAuthenticator" name="odlAuthenticator" />
<property ref="odlIdentityService" name="odlIdentityService" />
<property ref="shiroConfiguration" name="shiroConfiguration" />
<property ref="dataBroker" name="dataBroker" />
</bean>
- <service interface="javax.servlet.http.HttpServlet" ref="authServlet">
- <service-properties>
- <entry key="alias" value="/oauth"/>
- </service-properties>
- </service>
-
</blueprint>