Code Review / dmaap / dbcapi.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
CADI authentication and authorization filters
[dmaap/dbcapi.git] / src / main / java / org / onap / dmaap / dbcapi / server / JettyServer.java
diff --git a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
index 4d06310..7457ce9 100644 (file)
--- a/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
+++ b/src/main/java/org/onap/dmaap/dbcapi/server/JettyServer.java
@@ -2,7 +2,9 @@
  * ============LICENSE_START=======================================================
  * org.onap.dmaap
  * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017 AT&T Intellectual Property.
+ *
+ * Modifications Copyright (C) 2019 IBM.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,33 +22,17 @@
 
 package org.onap.dmaap.dbcapi.server;
 
-
-import java.util.Properties;
-
-import javax.net.ssl.SSLContext;
-
-import org.apache.log4j.Logger;
-import org.eclipse.jetty.security.SecurityHandler;
-import org.eclipse.jetty.server.Connector;
-import org.eclipse.jetty.server.HttpConfiguration;
-import org.eclipse.jetty.server.HttpConnectionFactory;
-import org.eclipse.jetty.server.SecureRequestCustomizer;
-import org.eclipse.jetty.server.Server;
-import org.eclipse.jetty.server.ServerConnector;
-import org.eclipse.jetty.server.SslConnectionFactory;
+import com.google.common.collect.Sets;
+import javax.servlet.DispatcherType;
+import org.eclipse.jetty.server.*;
 import org.eclipse.jetty.servlet.DefaultServlet;
 import org.eclipse.jetty.servlet.ServletContextHandler;
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
-
-
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
 
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
+import java.util.Properties;
 
-import org.onap.dmaap.dbcapi.aaf.database.LoadSchema;
-import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
 /**
  * A  Jetty server which supports:
  *     - http and https (simultaneously for dev env)
@@ -55,97 +41,122 @@ import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
  */
 public class JettyServer extends BaseLoggingClass {
 
-    public JettyServer( Properties params ) throws Exception {
+    private Server server;
 
-        Server server = new Server();
-       int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80" ));
-               int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443" ));
-               boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false"));
-       serverLogger.info( "port params: http=" + httpPort + " https=" + sslPort );
-       serverLogger.info( "allowHttp=" + allowHttp );
-        
-        // HTTP Server
 
-       HttpConfiguration http_config = new HttpConfiguration();
-       http_config.setSecureScheme("https");
-       http_config.setSecurePort(sslPort);
-       http_config.setOutputBufferSize(32768);
-
-       
-       
-        ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config));
-        httpConnector.setPort(httpPort);  
-        httpConnector.setIdleTimeout(30000);
-  
-        
-        // HTTPS Server
-        HttpConfiguration https_config = new HttpConfiguration(http_config);
-        https_config.addCustomizer(new SecureRequestCustomizer());
-        SslContextFactory sslContextFactory = new SslContextFactory();
-        String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
-        logger.info( "https Server using keystore at " + keystore );
-        String keystorePwd = params.getProperty( "KeyStorePassword", "changeit");
-        String keyPwd = params.getProperty("KeyPassword", "changeit");
+    public Server getServer() {
+        return server;
+    }
+
+    public JettyServer(Properties params) throws Exception {
+
+        server = new Server();
+        int httpPort = Integer.valueOf(params.getProperty("IntHttpPort", "80"));
+        int sslPort = Integer.valueOf(params.getProperty("IntHttpsPort", "443"));
+        boolean allowHttp = Boolean.valueOf(params.getProperty("HttpAllowed", "false"));
+        serverLogger.info("port params: http=" + httpPort + " https=" + sslPort);
+        serverLogger.info("allowHttp=" + allowHttp);
+
+        // HTTP Server
+        HttpConfiguration http_config = new HttpConfiguration();
+        http_config.setSecureScheme("https");
+        http_config.setSecurePort(sslPort);
+        http_config.setOutputBufferSize(32768);
+
+        try (ServerConnector httpConnector = new ServerConnector(server, new HttpConnectionFactory(http_config))) {
+            httpConnector.setPort(httpPort);
+            httpConnector.setIdleTimeout(30000);
+
+            // HTTPS Server
+
+            HttpConfiguration https_config = new HttpConfiguration(http_config);
+            https_config.addCustomizer(new SecureRequestCustomizer());
+            SslContextFactory sslContextFactory = new SslContextFactory();
+            sslContextFactory.setWantClientAuth(true);
+
+            setUpKeystore(params, sslContextFactory);
+            setUpTrustStore(params, sslContextFactory);
+
+            if (sslPort != 0) {
+                try (ServerConnector sslConnector = new ServerConnector(server,
+                    new SslConnectionFactory(sslContextFactory, "http/1.1"),
+                    new HttpConnectionFactory(https_config))) {
+                    sslConnector.setPort(sslPort);
+                    if (allowHttp) {
+                        logger.info("Starting httpConnector on port " + httpPort);
+                        logger.info("Starting sslConnector on port " + sslPort + " for https");
+                        server.setConnectors(new Connector[]{httpConnector, sslConnector});
+                    } else {
+                        logger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp);
+                        logger.info("Starting sslConnector on port " + sslPort + " for https");
+                        server.setConnectors(new Connector[]{sslConnector});
+                    }
+                }
+            } else {
+                serverLogger.info("NOT starting sslConnector on port " + sslPort + " for https");
+                if (allowHttp) {
+                    serverLogger.info("Starting httpConnector on port " + httpPort);
+                    server.setConnectors(new Connector[]{httpConnector});
+                }
+            }
+        }
 
-        sslContextFactory.setKeyStorePath(keystore);
-        sslContextFactory.setKeyStorePassword(keystorePwd);
-        sslContextFactory.setKeyManagerPassword(keyPwd);     
-
-  
-               ServerConnector sslConnector = null;
-               if ( sslPort != 0 ) {
-                       sslConnector = new ServerConnector(server,
-                                       new SslConnectionFactory(sslContextFactory, "http/1.1"),
-                                       new HttpConnectionFactory(https_config));
-                       sslConnector.setPort(sslPort);
-               if ( allowHttp ) {
-               logger.info("Starting httpConnector on port " + httpPort );
-               logger.info("Starting sslConnector on port " +   sslPort + " for https");
-                       server.setConnectors( new Connector[] { httpConnector, sslConnector });
-               } else {
-               logger.info("NOT starting httpConnector because HttpAllowed param is " + allowHttp  );  
-               logger.info("Starting sslConnector on port " +   sslPort + " for https");
-                       server.setConnectors( new Connector[] { sslConnector });        
-               }
-               }
-               else {
-            serverLogger.info("NOT starting sslConnector on port " +   sslPort + " for https");
-               if ( allowHttp ) {
-               serverLogger.info("Starting httpConnector on port " + httpPort );
-                       server.setConnectors( new Connector[] { httpConnector });
-                       } 
-        } 
         // Set context for servlet.  This is shared for http and https
-               ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
-       context.setContextPath("/");
-        server.setHandler( context );
+        ServletContextHandler context = new ServletContextHandler(ServletContextHandler.SESSIONS);
+        context.setContextPath("/");
+        server.setHandler(context);
 
-        ServletHolder jerseyServlet = context.addServlet( org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*");
+        ServletHolder jerseyServlet = context
+            .addServlet(org.glassfish.jersey.servlet.ServletContainer.class, "/webapi/*");
         jerseyServlet.setInitOrder(1);
-        jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources" );   
-        jerseyServlet.setInitParameter("javax.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig" );
-        
+        jerseyServlet.setInitParameter("jersey.config.server.provider.packages", "org.onap.dmaap.dbcapi.resources");
+        jerseyServlet.setInitParameter("javax.ws.rs.Application", "org.onap.dmaap.dbcapi.server.ApplicationConfig");
+
         // also serve up some static pages...
-        ServletHolder staticServlet = context.addServlet(DefaultServlet.class,"/*");
-        staticServlet.setInitParameter("resourceBase","www");
-        staticServlet.setInitParameter("pathInfoOnly","true");
+        ServletHolder staticServlet = context.addServlet(DefaultServlet.class, "/*");
+        staticServlet.setInitParameter("resourceBase", "www");
+        staticServlet.setInitParameter("pathInfoOnly", "true");
+
+        registerAuthFilters(context);
 
         try {
 
             serverLogger.info("Starting jetty server");
-               server.start();
-               server.dumpStdErr();
-            server.join();
-        } catch ( Exception e ) {
-               errorLogger.error( "Exception " + e );
-               errorLogger.error( "possibly unable to use keystore " + keystore + " with passwords " + keystorePwd +  " and " + keyPwd );
-               //System.exit(1);
+            String unit_test = params.getProperty("UnitTest", "No");
+            serverLogger.info("UnitTest=" + unit_test);
+            if (unit_test.equals("No")) {
+                server.start();
+                server.dumpStdErr();
+                server.join();
+            }
+        } catch (Exception e) {
+            errorLogger.error("Exception " + e);
         } finally {
-               server.destroy();
+            server.destroy();
         }
-        
+
+    }
+
+    private void registerAuthFilters(ServletContextHandler context) {
+        context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthenticationFilter", "/webapi/*",
+            Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
+        context.addFilter("org.onap.dmaap.dbcapi.resources.AAFAuthorizationFilter", "/webapi/*",
+            Sets.newEnumSet(Sets.newHashSet(DispatcherType.FORWARD, DispatcherType.REQUEST), DispatcherType.class));
+    }
+
+    private void setUpKeystore(Properties params, SslContextFactory sslContextFactory) {
+        String keystore = params.getProperty("KeyStoreFile", "etc/keystore");
+        logger.info("https Server using keystore at " + keystore);
+        sslContextFactory.setKeyStorePath(keystore);
+        sslContextFactory.setKeyStorePassword(params.getProperty("KeyStorePassword", "changeit"));
+        sslContextFactory.setKeyManagerPassword(params.getProperty("KeyPassword", "changeit"));
+    }
+
+    private void setUpTrustStore(Properties params, SslContextFactory sslContextFactory) {
+        String truststore = params.getProperty("TrustStoreFile", "etc/org.onap.dmaap-bc.trust.jks");
+        logger.info("https Server using truststore at " + truststore);
+        sslContextFactory.setTrustStorePath(truststore);
+        sslContextFactory.setTrustStoreType(params.getProperty("TrustStoreType", "jks"));
+        sslContextFactory.setTrustStorePassword(params.getProperty("TrustStorePassword", "changeit"));
     }
 }
Provides a northbound REST API to ONAP clients to manage DMaaP resources. This includes DMaaP components such as MR and DR, as well as provisioning of topics and feeds. Southbound, it communicates with the respective component APIs.