</testResource>
</testResources>
<resources>
+ <!-- For AAF folder maven should not try to filter Keystores/Truststores ...
+ Otherwise they will be broken and unreadable
+ -->
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
+ <excludes>
+ <exclude>clds/aaf/**</exclude>
+ </excludes>
+ </resource>
+ <resource>
+ <directory>src/main/resources</directory>
+ <filtering>false</filtering>
+ <includes>
+ <include>clds/aaf/**</include>
+ </includes>
</resource>
<resource>
<directory>src/main/docker</directory>
*/
package org.onap.clamp.clds.config;
-import java.util.Properties;
-
import javax.servlet.Filter;
import org.onap.clamp.clds.filter.ClampCadiFilter;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
-import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.stereotype.Component;
-@Component
@Configuration
@Profile("clamp-aaf-authentication")
-@ConfigurationProperties(prefix = "clamp.config.cadi")
public class AAFConfiguration {
- private static final String CADI_KEY_FILE = "cadi_keyfile";
- private static final String CADI_LOG_LEVEL = "cadi_loglevel";
- private static final String LATITUDE = "cadi_latitude";
- private static final String LONGITUDE = "cadi_longitude";
- private static final String LOCATE_URL = "aaf_locate_url";
- private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url";
- private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url";
- private static final String AAF_ENV = "aaf_env";
- private static final String AAF_URL = "aaf_url";
- private static final String X509_ISSUERS = "cadi_x509_issuers";
-
- private String keyFile;
- private String cadiLoglevel;
- private String cadiLatitude;
- private String cadiLongitude;
- private String aafLocateUrl;
- private String oauthTokenUrl;
- private String oauthIntrospectUrl;
- private String aafEnv;
- private String aafUrl;
- private String cadiX509Issuers;
/**
* Method to return clamp cadi filter.
- *
+ *
* @return Filter
*/
@Bean(name = "cadiFilter")
/**
* Method to register cadi filter.
- *
+ *
* @return FilterRegistrationBean
*/
@Bean
registration.setOrder(0);
return registration;
}
-
- public String getKeyFile() {
- return keyFile;
- }
-
- public void setKeyFile(String keyFile) {
- this.keyFile = keyFile;
- }
-
- public String getCadiLoglevel() {
- return cadiLoglevel;
- }
-
- public void setCadiLoglevel(String cadiLoglevel) {
- this.cadiLoglevel = cadiLoglevel;
- }
-
- public String getCadiLatitude() {
- return cadiLatitude;
- }
-
- public void setCadiLatitude(String cadiLatitude) {
- this.cadiLatitude = cadiLatitude;
- }
-
- public String getCadiLongitude() {
- return cadiLongitude;
- }
-
- public void setCadiLongitude(String cadiLongitude) {
- this.cadiLongitude = cadiLongitude;
- }
-
- public String getAafLocateUrl() {
- return aafLocateUrl;
- }
-
- public void setAafLocateUrl(String aafLocateUrl) {
- this.aafLocateUrl = aafLocateUrl;
- }
-
- public String getOauthTokenUrl() {
- return oauthTokenUrl;
- }
-
- public void setOauthTokenUrl(String oauthTokenUrl) {
- this.oauthTokenUrl = oauthTokenUrl;
- }
-
- public String getOauthIntrospectUrl() {
- return oauthIntrospectUrl;
- }
-
- public void setOauthIntrospectUrl(String oauthIntrospectUrl) {
- this.oauthIntrospectUrl = oauthIntrospectUrl;
- }
-
- public String getAafEnv() {
- return aafEnv;
- }
-
- public void setAafEnv(String aafEnv) {
- this.aafEnv = aafEnv;
- }
-
- public String getAafUrl() {
- return aafUrl;
- }
-
- public void setAafUrl(String aafUrl) {
- this.aafUrl = aafUrl;
- }
-
- public String getCadiX509Issuers() {
- return cadiX509Issuers;
- }
-
- public void setCadiX509Issuers(String cadiX509Issuers) {
- this.cadiX509Issuers = cadiX509Issuers;
- }
-
- public Properties getProperties() {
- Properties prop = System.getProperties();
- //prop.put("cadi_prop_files", "");
- prop.put(CADI_KEY_FILE, keyFile);
- prop.put(CADI_LOG_LEVEL, cadiLoglevel);
- prop.put(LATITUDE, cadiLatitude);
- prop.put(LONGITUDE, cadiLongitude);
- prop.put(LOCATE_URL, aafLocateUrl);
- if (oauthTokenUrl != null) {
- prop.put(OAUTH_TOKEN_URL, oauthTokenUrl);
- }
- if (oauthIntrospectUrl != null) {
- prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl);
- }
- prop.put(AAF_ENV, aafEnv);
- prop.put(AAF_URL, aafUrl);
- prop.put(X509_ISSUERS, cadiX509Issuers);
- return prop;
- }
}
\ No newline at end of file
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
- * reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- *
- */
-package org.onap.clamp.clds.config;
-
-import org.springframework.context.annotation.Configuration;
-
-import javax.annotation.PostConstruct;
-
-import org.springframework.beans.factory.annotation.Value;
-
-@Configuration
-public class SSLConfiguration {
- private static final String TRUST_STORE = "javax.net.ssl.trustStore";
- private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword";
- private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
-
- @Value("${server.ssl.trust:none}")
- private String sslTruststoreFile;
- @Value("${server.ssl.trust-password:none}")
- private String sslTruststorePw;
- @Value("${server.ssl.trust-type:none}")
- private String sslTruststoreType;
-
- @PostConstruct
- private void configureSSL() {
- if (!sslTruststoreFile.equals("none")) {
- System.setProperty(TRUST_STORE, sslTruststoreFile);
- }
- if (!sslTruststoreType.equals("none")) {
- System.setProperty(TRUST_STORE_TYPE, sslTruststoreType);
- }
- if (!sslTruststorePw.equals("none")) {
- System.setProperty(TRUST_STORE_PW, sslTruststorePw);
- }
- }
-}
*/
package org.onap.clamp.clds.filter;
-import java.util.Properties;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.StandardCopyOption;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
+import org.onap.aaf.cadi.config.Config;
import org.onap.aaf.cadi.filter.CadiFilter;
-import org.onap.clamp.clds.config.AAFConfiguration;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.ApplicationContext;
public class ClampCadiFilter extends CadiFilter {
- private static final String CADI_TRUST_STORE = "cadi_truststore";
- private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password";
- private static final String CADI_KEY_STORE = "cadi_keystore";
- private static final String CADI_KEY_STORE_PW = "cadi_keystore_password";
- private static final String ALIAS = "cadi_alias";
+ private static final EELFLogger logger = EELFManager.getInstance().getLogger(ClampCadiFilter.class);
+
+ @Autowired
+ private ApplicationContext appContext;
- @Value("${server.ssl.key-store:none}")
- private String keyStore;
+ @Value("${server.ssl.key-store:#{null}}")
+ private String keyStore;
- @Value("${clamp.config.cadi.cadiKeystorePassword:none}")
- private String keyStorePass;
+ @Value("${clamp.config.cadi.cadiKeystorePassword:#{null}}")
+ private String keyStorePass;
- @Value("${server.ssl.trust:none}")
- private String trustStore;
+ @Value("${server.ssl.trust-store:#{null}}")
+ private String trustStore;
- @Value("${clamp.config.cadi.cadiTruststorePassword:none}")
- private String trustStorePass;
+ @Value("${clamp.config.cadi.cadiTruststorePassword:#{null}}")
+ private String trustStorePass;
@Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
- private String alias;
+ private String alias;
- @Autowired
- private AAFConfiguration aafConfiguration;
+ @Value("${clamp.config.cadi.keyFile:#{null}}")
+ private String keyFile;
+
+ @Value("${clamp.config.cadi.cadiLoglevel:#{null}}")
+ private String cadiLoglevel;
+
+ @Value("${clamp.config.cadi.cadiLatitude:#{null}}")
+ private String cadiLatitude;
+
+ @Value("${clamp.config.cadi.cadiLongitude:#{null}}")
+ private String cadiLongitude;
+
+ @Value("${clamp.config.cadi.aafLocateUrl:#{null}}")
+ private String aafLocateUrl;
+
+ @Value("${clamp.config.cadi.oauthTokenUrl:#{null}}")
+ private String oauthTokenUrl;
+
+ @Value("${clamp.config.cadi.oauthIntrospectUrl:#{null}}")
+ private String oauthIntrospectUrl;
+
+ @Value("${clamp.config.cadi.aafEnv:#{null}}")
+ private String aafEnv;
+
+ @Value("${clamp.config.cadi.aafUrl:#{null}}")
+ private String aafUrl;
+
+ @Value("${clamp.config.cadi.cadiX509Issuers:#{null}}")
+ private String cadiX509Issuers;
+
+ private void checkIfNullProperty(String key, String value) {
+ /* When value is null, so not defined in application.properties
+ set nothing in System properties */
+ if (value != null) {
+ /* Ensure that any properties already defined in System.prop by JVM params
+ won't be overwritten by Spring application.properties values */
+ System.setProperty(key, System.getProperty(key, value));
+ }
+ }
@Override
public void init(FilterConfig filterConfig) throws ServletException {
- Properties props = aafConfiguration.getProperties();
- props.setProperty(CADI_KEY_STORE, trimFileName(keyStore));
- props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore));
- props.setProperty(ALIAS, alias);
- props.setProperty(CADI_KEY_STORE_PW, keyStorePass);
- props.setProperty(CADI_TRUST_STORE_PW, trustStorePass);
+ // set some properties in System so that Cadi filter will find its config
+ // The JVM values set will always overwrite the Spring ones.
+ checkIfNullProperty(Config.CADI_KEYFILE, convertSpringToPath(keyFile));
+ checkIfNullProperty(Config.CADI_LOGLEVEL, cadiLoglevel);
+ checkIfNullProperty(Config.CADI_LATITUDE, cadiLatitude);
+ checkIfNullProperty(Config.CADI_LONGITUDE, cadiLongitude);
+
+ checkIfNullProperty(Config.AAF_LOCATE_URL, aafLocateUrl);
+ checkIfNullProperty(Config.AAF_OAUTH2_TOKEN_URL, oauthTokenUrl);
+ checkIfNullProperty(Config.AAF_OAUTH2_INTROSPECT_URL, oauthIntrospectUrl);
+
+ checkIfNullProperty(Config.AAF_ENV, aafEnv);
+ checkIfNullProperty(Config.AAF_URL, aafUrl);
+ checkIfNullProperty(Config.CADI_X509_ISSUERS, cadiX509Issuers);
+ checkIfNullProperty(Config.CADI_KEYSTORE, convertSpringToPath(keyStore));
+ checkIfNullProperty(Config.CADI_TRUSTSTORE, convertSpringToPath(trustStore));
+ checkIfNullProperty(Config.CADI_ALIAS, alias);
+ checkIfNullProperty(Config.CADI_KEYSTORE_PASSWORD, keyStorePass);
+ checkIfNullProperty(Config.CADI_TRUSTSTORE_PASSWORD, trustStorePass);
super.init(filterConfig);
}
- private String trimFileName (String fileName) {
- int index= fileName.indexOf("file:");
- if (index == -1) {
- return fileName;
- } else {
- return fileName.substring(index+5);
+ private String convertSpringToPath(String fileName) {
+ try (InputStream ioFile = appContext.getResource(fileName).getInputStream()) {
+ if (!fileName.contains("file:")) {
+ File targetFile = new File(appContext.getResource(fileName).getFilename());
+ java.nio.file.Files.copy(ioFile, targetFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+ return targetFile.getPath();
+ } else {
+ return appContext.getResource(fileName).getFile().getPath();
+ }
+ } catch (IOException e) {
+ logger.error("Unable to open and copy the file: " + fileName, e);
+ return null;
}
+
}
}
### HTTP (Redirected to HTTPS) and HTTPS Example:
### --------------------------------------------
server.port=8443
-server.ssl.client-auth=want
-server.ssl.key-store=file:/opt/clamp/config/org.onap.clamp.p12
+## Config part for Server certificates
+# Can be a classpath parameter instead of file:/
+server.ssl.key-store=classpath:/clds/aaf/org.onap.clamp.p12
server.ssl.key-store-password=China in the Spring
server.ssl.key-password=China in the Spring
server.ssl.key-store-type=PKCS12
-server.ssl.trust=/opt/clamp/config/truststoreONAPall.jks
-server.ssl.trust-pass=changeit
-server.ssl.trust-type=JKS
server.ssl.key-alias=clamp@clamp.onap.org
+
+## Config part for Client certificates
+server.ssl.client-auth=need
+server.ssl.trust-store=classpath:/clds/aaf/truststoreONAPall.jks
+server.ssl.trust-store-password=changeit
+
server.http-to-https-redirection.port=8080
server.servlet.context-path=/
clamp.config.security.permission.instance=dev
#AAF related parameters
-clamp.config.cadi.keyFile=/opt/clamp/config/org.onap.clamp.keyfile
+clamp.config.cadi.keyFile=classpath:/clds/aaf/org.onap.clamp.keyfile
clamp.config.cadi.cadiLoglevel=DEBUG
clamp.config.cadi.cadiLatitude=37.78187
clamp.config.cadi.cadiLongitude=-122.26147
<property name="p_mak" value="%replace(%replace(%marker){'\t', '\\\\t'}){'\n','\\\\n'}"/>
<property name="p_thr" value="%thread"/>
<property name="defaultPattern" value="%nopexception${p_tim}\t${p_thr}\t${p_lvl}\t${p_log}\t${p_mdc}\t${p_msg}\t${p_exc}\t${p_mak}\t%n"/>
- <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|{p_exc}|%msg%n"/>
+ <property name="debugPattern" value="%nopexception${p_tim}|${p_lvl}|${p_mdc}|${p_exc}|%msg%n"/>
<!-- Example evaluator filter applied against console appender -->
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
- <!-- filter class="ch.qos.logback.classic.filter.LevelFilter"> <level>ERROR</level>
- <onMatch>ACCEPT</onMatch> <onMismatch>DENY</onMismatch> </filter -->
- <!-- deny all events with a level below INFO, that is TRACE and DEBUG -->
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level>
</filter>
<encoder>
- <pattern>${debugPattern}</pattern>
+ <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{1024} - %msg%n</pattern>
</encoder>
</appender>
<logger name="ch.qos.logback.classic" level="INFO" />
<logger name="ch.qos.logback.core" level="INFO" />
- <!-- logback jms appenders & loggers definition starts here -->
<!-- logback jms appenders & loggers definition starts here -->
<appender name="auditLogs"
class="ch.qos.logback.core.rolling.RollingFileAppender">
# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
# reserved.
# ================================================================================
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
# limitations under the License.
# ============LICENSE_END============================================
# ===================================================================
-#
-###
+#
+### Static JVM parameters can be set here by the dev team
+### These will be loaded at Clamp startup
#
# JVM SSL/TLS properties
-jdk.tls.client.protocols=TLSv1.1,TLSv1.2
+jdk.tls.client.protocols=TLSv1.1,TLSv1.2
https.protocols=TLSv1.1,TLSv1.2
Code Review / clamp.git / commitdiff