1 /* Copyright (c) 2019 AT&T Intellectual Property. #
\r
3 # Licensed under the Apache License, Version 2.0 (the "License"); #
\r
4 # you may not use this file except in compliance with the License. #
\r
5 # You may obtain a copy of the License at #
\r
7 # http://www.apache.org/licenses/LICENSE-2.0 #
\r
9 # Unless required by applicable law or agreed to in writing, software #
\r
10 # distributed under the License is distributed on an "AS IS" BASIS, #
\r
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
\r
12 # See the License for the specific language governing permissions and #
\r
13 # limitations under the License. #
\r
14 ##############################################################################*/
\r
17 package org.oran.otf.spring.configuration;
\r
19 import org.apache.catalina.Context;
\r
20 import org.apache.catalina.connector.Connector;
\r
21 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
\r
22 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
\r
23 import org.springframework.beans.factory.annotation.Value;
\r
24 import org.springframework.boot.context.properties.EnableConfigurationProperties;
\r
25 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
\r
26 import org.springframework.boot.web.servlet.server.ServletWebServerFactory;
\r
27 import org.springframework.context.annotation.Bean;
\r
28 import org.springframework.context.annotation.Configuration;
\r
31 @EnableConfigurationProperties
\r
32 public class HttpSecurityConfiguration {
\r
33 @Value("${security.server.port.http}")
\r
34 private int httpPort;
\r
36 @Value("${security.server.port}")
\r
37 private int httpsPort;
\r
39 @Value("${security.https-only}")
\r
40 private boolean httpsOnly;
\r
42 public ServletWebServerFactory servletContainer() {
\r
43 TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
\r
45 protected void postProcessContext(Context context) {
\r
46 SecurityConstraint securityConstraint = new SecurityConstraint();
\r
47 if(httpsOnly){ securityConstraint.setUserConstraint("CONFIDENTIAL");}
\r
48 SecurityCollection collection = new SecurityCollection();
\r
49 collection.addPattern("/*");
\r
50 securityConstraint.addCollection(collection);
\r
51 context.addConstraint(securityConstraint);
\r
54 tomcat.addAdditionalTomcatConnectors(redirectConnector());
\r
58 private Connector redirectConnector() {
\r
59 Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
\r
60 connector.setScheme("http");
\r
61 connector.setPort(httpPort);
\r
62 connector.setSecure(false);
\r
63 if(httpsOnly) { connector.setRedirectPort(httpsPort); }
\r