--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP - SO
+ * ================================================================================
+ * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.so.adapters.vnfmadapter;
+
+import org.onap.so.security.SoBasicWebSecurityConfigurerAdapter;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@EnableWebSecurity
+@Configuration
+public class VnfmBasicWebSecurityConfigurerAdapter extends SoBasicWebSecurityConfigurerAdapter {
+
+ @Value("${server.ssl.client-auth:none}")
+ private String clientAuth;
+
+ @Override
+ protected void configure(final HttpSecurity http) throws Exception {
+ if (("need").equalsIgnoreCase(clientAuth)) {
+ http.csrf().disable().authorizeRequests().anyRequest().permitAll();
+ } else {
+ super.configure(http);
+ }
+ }
+
+}
+
http:
converters:
preferred-json-mapper: gson
-
+ main:
+ allow-bean-definition-overriding: true
+
server:
port: 9092
tomcat:
package org.onap.so.adapters.vnfmadapter.rest;
-import static org.junit.Assert.*;
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
import static org.onap.so.adapters.vnfmadapter.Constants.PACKAGE_MANAGEMENT_BASE_URL;
import static org.onap.so.client.RestTemplateConfig.CONFIGURABLE_REST_TEMPLATE;
import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
import java.util.List;
import java.util.Random;
import org.junit.Before;
-import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.onap.so.adapters.vnfmadapter.VnfmAdapterApplication;
-import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.*;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.Checksum;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.ProblemDetails;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.UriLink;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VNFPKGMLinkSerializer;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VnfPackageArtifactInfo;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VnfPackageSoftwareImageInfo;
+import org.onap.so.adapters.vnfmadapter.extclients.etsicatalog.model.VnfPkgInfo;
import org.onap.so.adapters.vnfmadapter.extclients.vnfm.packagemanagement.model.InlineResponse2001;
import org.onap.so.configuration.rest.BasicHttpHeadersProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.boot.test.web.client.TestRestTemplate;
import org.springframework.boot.web.server.LocalServerPort;
-import org.springframework.http.*;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.client.MockRestServiceServer;
@ActiveProfiles("test")
public class Sol003PackageManagementControllerTest {
- private static final Logger logger = LoggerFactory.getLogger(Sol003PackageManagementControllerTest.class);
-
@LocalServerPort
private int port;
@Qualifier(CONFIGURABLE_REST_TEMPLATE)
private RestTemplate testRestTemplate;
- @Autowired
- private Sol003PackageManagementController controller;
-
@Autowired
private TestRestTemplate restTemplate;
}
@Test
- @Ignore
public void testOnGetPackageContent_UnauthorizedClient_Fail() {
final String testURL = "http://localhost:" + port + PACKAGE_MANAGEMENT_BASE_URL + "/vnf_packages/"
+ VNF_PACKAGE_ID + "/package_content";
+
+ mockRestServer.expect(requestTo(MSB_BASE_URL + "/" + VNF_PACKAGE_ID + "/package_content"))
+ .andExpect(method(HttpMethod.GET)).andRespond(withStatus(HttpStatus.UNAUTHORIZED));
+
final HttpEntity<?> request = new HttpEntity<>(basicHttpHeadersProvider.getHttpHeaders());
+
+
final ResponseEntity<ProblemDetails> responseEntity =
restTemplate.exchange(testURL, HttpMethod.GET, request, ProblemDetails.class);
assertTrue(responseEntity.getBody() instanceof ProblemDetails);
- assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+ assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, responseEntity.getStatusCode());
}
@Test
}
@Test
- @Ignore
public void testOnGetPackageContent_UnauthorizedServer_InternalError_Fail() {
mockRestServer.expect(requestTo(MSB_BASE_URL + "/" + VNF_PACKAGE_ID + "/package_content"))
.andExpect(method(HttpMethod.GET)).andRespond(withStatus(HttpStatus.UNAUTHORIZED));
}
@Test
- @Ignore
public void testOnGetPackageArtifact_UnauthorizedClient_Fail() {
final String testURL = "http://localhost:" + port + PACKAGE_MANAGEMENT_BASE_URL + "/vnf_packages/"
+ VNF_PACKAGE_ID + "/artifacts/" + ARTIFACT_PATH;
+
+ mockRestServer.expect(requestTo(MSB_BASE_URL + "/" + VNF_PACKAGE_ID + "/artifacts/" + ARTIFACT_PATH))
+ .andExpect(method(HttpMethod.GET)).andRespond(withStatus(HttpStatus.UNAUTHORIZED));
+
final HttpEntity<?> request = new HttpEntity<>(basicHttpHeadersProvider.getHttpHeaders());
final ResponseEntity<ProblemDetails> responseEntity =
restTemplate.exchange(testURL, HttpMethod.GET, request, ProblemDetails.class);
assertNotNull(responseEntity.getBody());
- assertEquals(HttpStatus.UNAUTHORIZED, responseEntity.getStatusCode());
+ assertEquals(HttpStatus.INTERNAL_SERVER_ERROR, responseEntity.getStatusCode());
}
@Test
- username: vnfm
password: '$2a$10$Fh9ffgPw2vnmsghsRD3ZauBL1aKXebigbq3BB1RPWtE62UDILsjke'
role: BPEL-Client
+ main:
+ allow-bean-definition-overriding: true
mso:
key: 07a7159d3bf51a0e53be7a8f89699be7
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+import org.springframework.util.StringUtils;
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@EnableWebSecurity
+@Configuration
+@Order(1)
+@Profile({"basic"})
+public class SoBasicWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+
+ @Autowired
+ private SoUserCredentialConfiguration soUserCredentialConfiguration;
+
+ @Override
+ protected void configure(final HttpSecurity http) throws Exception {
+ http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
+ .antMatchers("/**")
+ .hasAnyRole(StringUtils.collectionToDelimitedString(soUserCredentialConfiguration.getRoles(), ","))
+ .and().httpBasic();
+ }
+
+ @Override
+ public void configure(final WebSecurity web) throws Exception {
+ super.configure(web);
+ final StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+
+ @Override
+ protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
+ auth.userDetailsService(soUserCredentialConfiguration.userDetailsService())
+ .passwordEncoder(soUserCredentialConfiguration.passwordEncoder());
+ }
+
+}
protected final Logger logger = LoggerFactory.getLogger(SoCadiFilter.class);
- private static String AFT_ENVIRONMENT_VAR = "AFT_ENVIRONMENT";
- private static String AAF_API_VERSION = "aaf_api_version";
-
@Value("${mso.config.cadi.cadiLoglevel:#{null}}")
private String cadiLoglevel;
--- /dev/null
+/*-
+ * ============LICENSE_START=======================================================
+ * Copyright (C) 2020 Nordix Foundation.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.so.security;
+
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.core.annotation.Order;
+import org.springframework.security.config.annotation.web.builders.WebSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.firewall.StrictHttpFirewall;
+
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@EnableWebSecurity
+@Configuration
+@Order(2)
+@Profile({"aaf", "test"})
+public class SoNoAuthWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
+ @Override
+ public void configure(final WebSecurity web) throws Exception {
+ web.ignoring().antMatchers("/**");
+ final StrictHttpFirewall firewall = new MSOSpringFirewall();
+ web.httpFirewall(firewall);
+ }
+}
/*-
* ============LICENSE_START=======================================================
- * ONAP - SO
- * ================================================================================
- * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2020 Nordix Foundation.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
* ============LICENSE_END=========================================================
*/
-
package org.onap.so.security;
import java.util.ArrayList;
import javax.annotation.PostConstruct;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Component;
-
+/**
+ * @author Waqas Ikram (waqas.ikram@est.tech)
+ *
+ */
+@Component
@ConfigurationProperties(prefix = "spring.security")
-public class WebSecurityConfig {
+public class SoUserCredentialConfiguration {
- private List<UserCredentials> credentials;
- private List<String> roles = new ArrayList<>();
+ private List<UserCredentials> credentials = new ArrayList<>();
+ private final List<String> roles = new ArrayList<>();
public List<String> getRoles() {
return roles;
@PostConstruct
private void addRoles() {
- if (credentials != null) {
- for (int i = 0; i < credentials.size(); i++) {
- roles.add(credentials.get(i).getRole());
- }
+ for (int i = 0; i < credentials.size(); i++) {
+ roles.add(credentials.get(i).getRole());
}
}
return credentials;
}
- public void setUsercredentials(List<UserCredentials> usercredentials) {
- this.credentials = usercredentials;
+ public void setUsercredentials(final List<UserCredentials> usercredentials) {
+ if (usercredentials != null) {
+ this.credentials = usercredentials;
+ }
}
@Bean
+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ONAP - SO
- * ================================================================================
- * Copyright (C) 2017 - 2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Modifications Copyright (c) 2019 Samsung
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.onap.so.security;
-
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.firewall.StrictHttpFirewall;
-import org.springframework.util.StringUtils;
-
-@EnableWebSecurity
-@Configuration()
-public class WebSecurityConfigImpl extends WebSecurityConfig {
-
- @Profile({"basic"})
- @Bean
- public WebSecurityConfigurerAdapter basicAuth() {
- return new WebSecurityConfigurerAdapter() {
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.csrf().disable().authorizeRequests().antMatchers("/manage/health", "/manage/info").permitAll()
- .antMatchers("/**").hasAnyRole(StringUtils.collectionToDelimitedString(getRoles(), ",")).and()
- .httpBasic();
- }
-
- @Override
- public void configure(WebSecurity web) throws Exception {
- super.configure(web);
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
- }
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- auth.userDetailsService(WebSecurityConfigImpl.this.userDetailsService())
- .passwordEncoder(WebSecurityConfigImpl.this.passwordEncoder());
- }
- };
- }
-
- @Profile({"aaf", "test"})
- @Bean
- public WebSecurityConfigurerAdapter noAuth() {
- return new WebSecurityConfigurerAdapter() {
- @Override
- public void configure(WebSecurity web) throws Exception {
- web.ignoring().antMatchers("/**");
- StrictHttpFirewall firewall = new MSOSpringFirewall();
- web.httpFirewall(firewall);
- }
- };
- }
-
-}
Code Review / so.git / commitdiff