import java.io.IOException;
import java.lang.invoke.MethodHandles;
+import java.lang.reflect.InvocationTargetException;
import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.oransc.ric.portal.dashboard.DashboardConstants;
import org.oransc.ric.portal.dashboard.LoginServlet;
-import org.oransc.ric.portal.dashboard.controller.AcXappController;
+import org.oransc.ric.portal.dashboard.controller.A1MediatorController;
import org.oransc.ric.portal.dashboard.controller.AdminController;
import org.oransc.ric.portal.dashboard.controller.AnrXappController;
import org.oransc.ric.portal.dashboard.controller.AppManagerController;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration
@EnableWebSecurity
// Although constructor arguments are recommended over field injection,
// this results in fewer lines of code.
- @Value("${userfile}")
- private String userFilePath;
+ @Value("${portalapi.security}")
+ private Boolean portalapiSecurity;
@Value("${portalapi.appname}")
private String appName;
@Value("${portalapi.username}")
private String decryptor;
@Value("${portalapi.usercookie}")
private String userCookie;
+ @Value("${userfile}")
+ private String userFilePath;
protected void configure(HttpSecurity http) throws Exception {
- logger.debug("configure");
+ logger.debug("configure: portalapi.username {}", userName);
// A chain of ".and()" always baffles me
http.authorizeRequests().anyRequest().authenticated();
- // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+ http.headers().frameOptions().disable();
+ http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class);
}
"/swagger-ui.html", //
"/webjars/**", //
PortalApiConstants.API_PREFIX + "/**", //
- AcXappController.CONTROLLER_PATH + "/" + AcXappController.VERSION_METHOD, //
+ A1MediatorController.CONTROLLER_PATH + "/" + A1MediatorController.VERSION_METHOD, //
AdminController.CONTROLLER_PATH + "/" + AdminController.HEALTH_METHOD, //
AdminController.CONTROLLER_PATH + "/" + AdminController.VERSION_METHOD, //
AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_ALIVE_METHOD, //
AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.VERSION_METHOD, //
E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.HEALTH_METHOD, //
E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.VERSION_METHOD, //
- DashboardConstants.LOGIN_PAGE, //
- SimpleErrorController.ERROR_PATH };
+ SimpleErrorController.ERROR_PATH, //
+ DashboardConstants.LOGIN_PAGE //
+ };
@Override
public void configure(WebSecurity web) throws Exception {
@Bean
public PortalAuthManager portalAuthManagerBean()
- throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException {
+ throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException,
+ IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
return new PortalAuthManager(appName, userName, password, decryptor, userCookie);
}
* correctly.
*/
public PortalAuthenticationFilter portalAuthenticationFilterBean()
- throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException {
- PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(),
- dashboardUserManagerBean());
+ throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException,
+ IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
+ PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalapiSecurity,
+ portalAuthManagerBean(), dashboardUserManagerBean());
return portalAuthenticationFilter;
}