Merge "Upgrade E2Mgr spec to version 2.0.5 of 2019-09-11"

[portal/ric-dashboard.git] / webapp-backend / src / main / java / org / oransc / ric / portal / dashboard / config / WebSecurityConfiguration.java

diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
index 9357a1c..4e1ddb4 100644 (file)
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
@@ -21,12 +21,13 @@ package org.oransc.ric.portal.dashboard.config;
 
 import java.io.IOException;
 import java.lang.invoke.MethodHandles;
+import java.lang.reflect.InvocationTargetException;
 
 import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy;
 import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
 import org.oransc.ric.portal.dashboard.DashboardConstants;
 import org.oransc.ric.portal.dashboard.LoginServlet;
-import org.oransc.ric.portal.dashboard.controller.AcXappController;
+import org.oransc.ric.portal.dashboard.controller.A1MediatorController;
 import org.oransc.ric.portal.dashboard.controller.AdminController;
 import org.oransc.ric.portal.dashboard.controller.AnrXappController;
 import org.oransc.ric.portal.dashboard.controller.AppManagerController;
@@ -48,6 +49,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 
 @Configuration
 @EnableWebSecurity
@@ -73,10 +75,11 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
        private String userCookie;
 
        protected void configure(HttpSecurity http) throws Exception {
-               logger.debug("configure");
+               logger.debug("configure: portalapi.username {}", userName);
                // A chain of ".and()" always baffles me
                http.authorizeRequests().anyRequest().authenticated();
-               // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+               http.headers().frameOptions().disable();
+               http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
                http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class);
        }
 
@@ -90,7 +93,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
                        "/swagger-ui.html", //
                        "/webjars/**", //
                        PortalApiConstants.API_PREFIX + "/**", //
-                       AcXappController.CONTROLLER_PATH + "/" + AcXappController.VERSION_METHOD, //
+                       A1MediatorController.CONTROLLER_PATH + "/" + A1MediatorController.VERSION_METHOD, //
                        AdminController.CONTROLLER_PATH + "/" + AdminController.HEALTH_METHOD, //
                        AdminController.CONTROLLER_PATH + "/" + AdminController.VERSION_METHOD, //
                        AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_ALIVE_METHOD, //
@@ -101,8 +104,9 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
                        AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.VERSION_METHOD, //
                        E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.HEALTH_METHOD, //
                        E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.VERSION_METHOD, //
-                       DashboardConstants.LOGIN_PAGE, //
-                       SimpleErrorController.ERROR_PATH };
+                       SimpleErrorController.ERROR_PATH, //
+                       DashboardConstants.LOGIN_PAGE //
+       };
 
        @Override
        public void configure(WebSecurity web) throws Exception {
@@ -112,7 +116,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 
        @Bean
        public PortalAuthManager portalAuthManagerBean()
-                       throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException {
+                       throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException,
+                       IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
                return new PortalAuthManager(appName, userName, password, decryptor, userCookie);
        }
 
@@ -131,7 +136,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
         * correctly.
         */
        public PortalAuthenticationFilter portalAuthenticationFilterBean()
-                       throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException {
+                       throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException,
+                       IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
                PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(),
                                dashboardUserManagerBean());
                return portalAuthenticationFilter;