* Copyright (C) 2019 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
/**
@Autowired
private ClampProperties refProp;
- private SecurityContext securityContext = SecurityContextHolder.getContext();
- private static final String permPrefix = "security.permission.type.";
- private static final String permInstance = "security.permission.instance";
-
- public AuthorizationController() {
- }
+ private static final String PERM_PREFIX = "security.permission.type.";
+ private static final String PERM_INSTANCE = "security.permission.instance";
/**
* Insert authorize the api based on the permission
* The action of the permissions. e.g. read
*/
public void authorize(Exchange camelExchange, String typeVar, String instanceVar, String action) {
- String type = refProp.getStringValue(permPrefix + typeVar);
- String instance = refProp.getStringValue(permInstance);
+ String type = refProp.getStringValue(PERM_PREFIX + typeVar);
+ String instance = refProp.getStringValue(PERM_INSTANCE);
if (null == type || type.isEmpty()) {
//authorization is turned off, since the permission is not defined
LoggingUtils.setTargetContext("Clamp", "authorize");
LoggingUtils.setTimeContext(startTime, new Date());
securityLogger.debug("checking if {} has permission: {}", principalName, perm);
- try {
- isUserPermitted(perm);
- } catch (NotAuthorizedException nae) {
+
+ if (!isUserPermitted(perm)){
String msg = principalName + " does not have permission: " + perm;
LoggingUtils.setErrorContext("100", "Authorization Error");
securityLogger.warn(msg);
}
}
- private boolean isUserPermitted(SecureServicePermission inPermission) {
- boolean authorized = false;
+ public boolean isUserPermitted(SecureServicePermission inPermission) {
+
String principalName = PrincipalUtils.getPrincipalName();
// check if the user has the permission key or the permission key with a
// combination of all instance and/or all action.
- if (hasRole(inPermission.getKey())) {
- auditLogger.info("{} authorized because user has permission with * for instance: {}",
- principalName, inPermission.getKey());
- authorized = true;
+ if (hasRole(inPermission.getKey()) || hasRole(inPermission.getKeyAllInstance())) {
+ auditLogger.info("{} authorized because user has permission with * for instance: {}",
+ principalName, inPermission.getKey());
+ return true;
// the rest of these don't seem to be required - isUserInRole method
// appears to take * as a wildcard
- } else if (hasRole(inPermission.getKeyAllInstance())) {
- auditLogger.info("{} authorized because user has permission with * for instance: {}",
- principalName, inPermission.getKey());
- authorized = true;
} else if (hasRole(inPermission.getKeyAllInstanceAction())) {
- auditLogger.info("{} authorized because user has permission with * for instance and * for action: {}",
- principalName, inPermission.getKey());
- authorized = true;
+ auditLogger.info("{} authorized because user has permission with * for instance and * for action: {}",
+ principalName, inPermission.getKey());
+ return true;
} else if (hasRole(inPermission.getKeyAllAction())) {
auditLogger.info("{} authorized because user has permission with * for action: {}",
- principalName, inPermission.getKey());
- authorized = true;
+ principalName, inPermission.getKey());
+ return true;
} else {
- throw new NotAuthorizedException("");
- }
- return authorized;
- }
-
- /**
- * Verify whether the user has the permission.
- *
- * @param inPermission
- * The permissions to verify
- */
- public boolean isUserPermittedNoException(SecureServicePermission inPermission) {
- try {
- return isUserPermitted(inPermission);
- } catch (NotAuthorizedException e) {
return false;
}
}
* Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.transaction.annotation.EnableTransactionManagement;
-@SpringBootApplication
@ComponentScan(basePackages = { "org.onap.clamp" })
-@EnableAutoConfiguration(exclude = { DataSourceAutoConfiguration.class, SecurityAutoConfiguration.class,
+@SpringBootApplication(exclude = { DataSourceAutoConfiguration.class, SecurityAutoConfiguration.class,
UserDetailsServiceAutoConfiguration.class })
@EnableJpaRepositories(basePackages = { "org.onap.clamp" })
@EntityScan(basePackages = { "org.onap.clamp" })
* Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
public class CldsUserJsonDecoder {
+ private CldsUserJsonDecoder() {
+ }
+
/**
* This method decodes the JSON file provided to a CldsUser Array. The stream is
* closed after this call, this is not possible to reuse it.
throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e);
}
}
-
- private CldsUserJsonDecoder() {
- }
}
package org.onap.clamp.clds.config.sdc;
-
-import com.google.gson.JsonElement;
-import com.google.gson.JsonParser;
import com.google.gson.reflect.TypeToken;
import java.io.InputStream;
import java.io.InputStreamReader;
* Copyright (C) 2018 AT&T Intellectual Property. All rights
* reserved.
* ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
package org.onap.clamp.clds.config.sdc;
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
import com.google.gson.JsonObject;
import java.io.IOException;
import java.io.InputStreamReader;
*/
public class SdcControllersConfiguration {
- private static final EELFLogger logger = EELFManager.getInstance().getLogger(SdcControllersConfiguration.class);
- public static final String CONTROLLER_SUBTREE_KEY = "sdc-connections";
+ private static final String CONTROLLER_SUBTREE_KEY = "sdc-connections";
@Autowired
protected ApplicationContext appContext;
/**
.addValue("v_model_blueprint_text", model.getBlueprintText())
.addValue("v_service_type_id", model.getTypeId()).addValue("v_deployment_id", model.getDeploymentId())
.addValue("v_deployment_status_url", model.getDeploymentStatusUrl())
- .addValue("v_control_name_prefix", model.getControlNamePrefix())
+ .addValue(V_CONTROL_NAME_PREFIX, model.getControlNamePrefix())
.addValue(V_CONTROL_NAME_UUID, model.getControlNameUuid());
Map<String, Object> out = logSqlExecution(procSetModel, in);
model.setControlNamePrefix((String) out.get(V_CONTROL_NAME_PREFIX));
model.setControlNameUuid((String) out.get(V_CONTROL_NAME_UUID));
model.setId((String) (out.get("v_model_id")));
- model.getEvent().setId((String) (out.get("v_event_id")));
- model.getEvent().setActionCd((String) out.get("v_action_cd"));
- model.getEvent().setActionStateCd((String) out.get("v_action_state_cd"));
- model.getEvent().setProcessInstanceId((String) out.get("v_event_process_instance_id"));
- model.getEvent().setUserid((String) out.get("v_event_user_id"));
+ setEventProp(model.getEvent(), out);
return model;
}
.addValue("v_user_id", userid).addValue("v_template_bpmn_text", template.getBpmnText())
.addValue("v_template_image_text", template.getImageText())
.addValue("v_template_doc_text", template.getPropText());
- Map<String, Object> out = logSqlExecution(procSetTemplate, in);
- template.setId((String) (out.get("v_template_id")));
- template.setBpmnUserid((String) (out.get("v_template_bpmn_user_id")));
- template.setBpmnId((String) (out.get("v_template_bpmn_id")));
- template.setImageId((String) (out.get("v_template_image_id")));
- template.setImageUserid((String) out.get("v_template_image_user_id"));
- template.setPropId((String) (out.get("v_template_doc_id")));
- template.setPropUserid((String) out.get("v_template_doc_user_id"));
+
+ // properties to setup the template is return from the logSqlExecution method
+ setTemplateBaseProp(template, logSqlExecution(procSetTemplate, in));
}
/**
CldsTemplate template = new CldsTemplate();
template.setName(templateName);
SqlParameterSource in = new MapSqlParameterSource().addValue("v_template_name", templateName);
+
Map<String, Object> out = logSqlExecution(procGetTemplate, in);
- template.setId((String) (out.get("v_template_id")));
- template.setBpmnUserid((String) (out.get("v_template_bpmn_user_id")));
- template.setBpmnId((String) (out.get("v_template_bpmn_id")));
- template.setBpmnText((String) (out.get("v_template_bpmn_text")));
- template.setImageId((String) (out.get("v_template_image_id")));
- template.setImageUserid((String) out.get("v_template_image_user_id"));
- template.setImageText((String) out.get("v_template_image_text"));
- template.setPropId((String) (out.get("v_template_doc_id")));
- template.setPropUserid((String) out.get("v_template_doc_user_id"));
+ setTemplateBaseProp(template, out);
+
+ // additional template setting's
template.setPropText((String) out.get("v_template_doc_text"));
+ template.setBpmnText((String) out.get("v_template_bpmn_text"));
+ template.setImageText((String) out.get("v_template_image_text"));
return template;
}
+ /**
+ * Helper method to setup the base template properties
+ *
+ * @param template
+ * the template
+ * @param prop
+ * collection with the properties
+ */
+ private void setTemplateBaseProp(CldsTemplate template, Map prop) {
+ template.setId((String) prop.get("v_template_id"));
+ template.setBpmnUserid((String) prop.get("v_template_bpmn_user_id"));
+ template.setBpmnId((String) prop.get("v_template_bpmn_id"));
+ template.setImageId((String) prop.get("v_template_image_id"));
+ template.setImageUserid((String) prop.get("v_template_image_user_id"));
+ template.setPropId((String) prop.get("v_template_doc_id"));
+ template.setPropUserid((String) prop.get("v_template_doc_user_id"));
+ }
+
private static Map<String, Object> logSqlExecution(SimpleJdbcCall call, SqlParameterSource source) {
try {
return call.execute(source);
private void populateModelProperties(CldsModel model, Map out) {
model.setControlNamePrefix((String) out.get(V_CONTROL_NAME_PREFIX));
model.setControlNameUuid((String) out.get(V_CONTROL_NAME_UUID));
- model.setId((String) (out.get("v_model_id")));
- model.setTemplateId((String) (out.get("v_template_id")));
+ model.setId((String) out.get("v_model_id"));
+ model.setTemplateId((String) out.get("v_template_id"));
model.setTemplateName((String) (out.get("v_template_name")));
model.setBpmnText((String) out.get("v_template_bpmn_text"));
model.setPropText((String) out.get("v_model_prop_text"));
model.setImageText((String) out.get("v_template_image_text"));
model.setDocText((String) out.get("v_template_doc_text"));
model.setBlueprintText((String) out.get("v_model_blueprint_text"));
- model.getEvent().setId((String) (out.get("v_event_id")));
- model.getEvent().setActionCd((String) out.get("v_action_cd"));
- model.getEvent().setActionStateCd((String) out.get("v_action_state_cd"));
- model.getEvent().setProcessInstanceId((String) out.get("v_event_process_instance_id"));
- model.getEvent().setUserid((String) out.get("v_event_user_id"));
model.setTypeId((String) out.get("v_service_type_id"));
model.setDeploymentId((String) out.get("v_deployment_id"));
model.setDeploymentStatusUrl((String) out.get("v_deployment_status_url"));
+
+ setEventProp(model.getEvent(), out);
+ }
+
+ /**
+ * Helper method to setup the event prop to the CldsEvent class
+ *
+ * @param event
+ * the clds event
+ * @param prop
+ * collection with the configuration
+ */
+ private void setEventProp(CldsEvent event, Map prop) {
+ event.setId((String) prop.get("v_event_id"));
+ event.setActionCd((String) prop.get("v_action_cd"));
+ event.setActionStateCd((String) prop.get("v_action_state_cd"));
+ event.setProcessInstanceId((String) prop.get("v_event_process_instance_id"));
+ event.setUserid((String) prop.get("v_event_user_id"));
}
/**
.addValue("v_tosca_model_yaml", cldsToscaModel.getToscaModelYaml())
.addValue("v_tosca_model_json", cldsToscaModel.getToscaModelJson()).addValue("v_user_id", userId);
Map<String, Object> out = logSqlExecution(procInsertNewToscaModelVersion, in);
- cldsToscaModel.setRevisionId((String) (out.get("v_revision_id")));
+ cldsToscaModel.setRevisionId((String) out.get("v_revision_id"));
return cldsToscaModel;
}
.addValue("v_dictionary_name", cldsDictionary.getDictionaryName())
.addValue("v_user_id", cldsDictionary.getCreatedBy());
Map<String, Object> out = logSqlExecution(procInsertDictionary, in);
- cldsDictionary.setDictionaryId((String) (out.get("v_dictionary_id")));
+ cldsDictionary.setDictionaryId((String) out.get("v_dictionary_id"));
}
/**
.addValue("v_dict_element_description", cldsDictionaryItem.getDictElementDesc())
.addValue("v_dict_element_type", cldsDictionaryItem.getDictElementType()).addValue("v_user_id", userId);
Map<String, Object> out = logSqlExecution(procInsertDictionaryElement, in);
- cldsDictionaryItem.setDictElementId((String) (out.get("v_dict_element_id")));
+ cldsDictionaryItem.setDictElementId((String) out.get("v_dict_element_id"));
}
/**
import com.google.gson.reflect.TypeToken;
import java.io.IOException;
import java.lang.reflect.Type;
-import java.security.GeneralSecurityException;
import java.util.Date;
import java.util.List;
import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.BadRequestException;
-import javax.ws.rs.NotAuthorizedException;
import javax.xml.transform.TransformerException;
import org.apache.camel.Produce;
-import org.apache.commons.codec.DecoderException;
import org.json.simple.parser.ParseException;
import org.onap.clamp.clds.camel.CamelProxy;
import org.onap.clamp.clds.client.DcaeDispatcherServices;
* Copyright (C) 2019 Nokia. All rights
* reserved.
* ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
private static final String FONT_FACE = "SansSerif";
private static final Color TRANSPARENT = new Color(0.0f, 0.0f, 0.0f, 0.0f);
+ private AwtUtils() {
+ }
+
static void rectWithText(Graphics2D g2d, String text, Point point, int width, int height) {
Rectangle rect = new Rectangle(point.x, point.y, width, height);
g2d.draw(rect);
PrincipalUtils.setSecurityContext(securityContext);
AuthorizationController auth = new AuthorizationController();
- assertTrue(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-cl","dev","read")));
- assertTrue(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-cl-manage","dev","DEPLOY")));
- assertTrue(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-filter-vf","dev","12345-55555-55555-5555")));
- assertFalse(auth.isUserPermittedNoException(new SecureServicePermission("permission-type-cl","test","read")));
+ assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","dev","read")));
+ assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-cl-manage","dev","DEPLOY")));
+ assertTrue(auth.isUserPermitted(new SecureServicePermission("permission-type-filter-vf","dev","12345-55555-55555-5555")));
+ assertFalse(auth.isUserPermitted(new SecureServicePermission("permission-type-cl","test","read")));
}
}
Code Review / clamp.git / commitdiff