* ========================LICENSE_START=================================
* O-RAN-SC
* %%
- * Copyright (C) 2019 AT&T Intellectual Property and Nokia
+ * Copyright (C) 2019 AT&T Intellectual Property
* %%
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
*/
package org.oransc.ric.portal.dashboard.config;
-import java.io.IOException;
import java.lang.invoke.MethodHandles;
+import java.lang.reflect.InvocationTargetException;
-import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.oransc.ric.portal.dashboard.DashboardConstants;
-import org.oransc.ric.portal.dashboard.LoginServlet;
-import org.oransc.ric.portal.dashboard.controller.AcXappController;
+import org.oransc.ric.portal.dashboard.DashboardUserManager;
+import org.oransc.ric.portal.dashboard.controller.A1MediatorController;
import org.oransc.ric.portal.dashboard.controller.AdminController;
-import org.oransc.ric.portal.dashboard.controller.AnrXappController;
import org.oransc.ric.portal.dashboard.controller.AppManagerController;
import org.oransc.ric.portal.dashboard.controller.E2ManagerController;
import org.oransc.ric.portal.dashboard.controller.SimpleErrorController;
-import org.oransc.ric.portal.dashboard.portalapi.DashboardUserManager;
import org.oransc.ric.portal.dashboard.portalapi.PortalAuthManager;
import org.oransc.ric.portal.dashboard.portalapi.PortalAuthenticationFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
@Configuration
@EnableWebSecurity
// Although constructor arguments are recommended over field injection,
// this results in fewer lines of code.
- @Value("${userfile}")
- private String userFilePath;
+ @Value("${portalapi.security}")
+ private Boolean portalapiSecurity;
@Value("${portalapi.appname}")
private String appName;
@Value("${portalapi.username}")
@Value("${portalapi.usercookie}")
private String userCookie;
+ @Autowired
+ DashboardUserManager userManager;
+
+ @Override
protected void configure(HttpSecurity http) throws Exception {
- logger.debug("configure: portalapi.username {}", userName);
+ logger.debug("configure: portalapi.appName {}", appName);
// A chain of ".and()" always baffles me
http.authorizeRequests().anyRequest().authenticated();
- // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
+ http.headers().frameOptions().disable();
+ http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class);
}
/**
- * Resource paths that do not require authentication, especially including
+ * Resource paths that do not require authentication, including
* Swagger-generated documentation.
*/
- public static final String[] OPEN_PATHS = { //
+ protected static final String[] OPEN_PATHS = { //
"/v2/api-docs", //
"/swagger-resources/**", //
"/swagger-ui.html", //
"/webjars/**", //
PortalApiConstants.API_PREFIX + "/**", //
- AcXappController.CONTROLLER_PATH + "/" + AcXappController.VERSION_METHOD, //
+ A1MediatorController.CONTROLLER_PATH + "/" + DashboardConstants.VERSION_METHOD, //
AdminController.CONTROLLER_PATH + "/" + AdminController.HEALTH_METHOD, //
AdminController.CONTROLLER_PATH + "/" + AdminController.VERSION_METHOD, //
- AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_ALIVE_METHOD, //
- AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_READY_METHOD, //
- AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.VERSION_METHOD, //
- AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.HEALTH_ALIVE_METHOD, //
- AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.HEALTH_READY_METHOD, //
- AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.VERSION_METHOD, //
- E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.HEALTH_METHOD, //
- E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.VERSION_METHOD, //
- DashboardConstants.LOGIN_PAGE, //
+ AppManagerController.CONTROLLER_PATH + "/" + DashboardConstants.RIC_INSTANCE_KEY + "/*/"
+ + AppManagerController.HEALTH_ALIVE_METHOD, //
+ AppManagerController.CONTROLLER_PATH + "/" + DashboardConstants.RIC_INSTANCE_KEY + "/*/"
+ + AppManagerController.HEALTH_READY_METHOD, //
+ AppManagerController.CONTROLLER_PATH + "/" + DashboardConstants.VERSION_METHOD, //
+ E2ManagerController.CONTROLLER_PATH + "/" + DashboardConstants.RIC_INSTANCE_KEY + "/*/"
+ + E2ManagerController.HEALTH_METHOD, //
+ E2ManagerController.CONTROLLER_PATH + "/" + DashboardConstants.VERSION_METHOD, //
SimpleErrorController.ERROR_PATH };
@Override
}
@Bean
- public PortalAuthManager portalAuthManagerBean()
- throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException {
+ public PortalAuthManager portalAuthManagerBean() throws ClassNotFoundException, IllegalAccessException,
+ InstantiationException, InvocationTargetException, NoSuchMethodException {
+ logger.debug("portalAuthManagerBean");
return new PortalAuthManager(appName, userName, password, decryptor, userCookie);
}
- @Bean
- public DashboardUserManager dashboardUserManagerBean() throws IOException {
- return new DashboardUserManager(userFilePath);
- }
-
/*
* If this is annotated with @Bean, it is created automatically AND REGISTERED,
* and Spring processes annotations in the source of the class. However, the
* bypass this filter, which seems to me means the filter participates
* correctly.
*/
- public PortalAuthenticationFilter portalAuthenticationFilterBean()
- throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException {
- PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(),
- dashboardUserManagerBean());
- return portalAuthenticationFilter;
- }
-
- /**
- * Instantiates the EPSDK-FW servlet. Needed because this app is not configured
- * to scan the EPSDK-FW packages; there's also a chance that Spring-Boot does
- * not automatically process @WebServlet annotations.
- *
- * @return Servlet registration bean for the Portal Rest API proxy servlet.
- */
- @Bean
- public ServletRegistrationBean<PortalRestAPIProxy> portalApiProxyServletBean() {
- PortalRestAPIProxy servlet = new PortalRestAPIProxy();
- final ServletRegistrationBean<PortalRestAPIProxy> servletBean = new ServletRegistrationBean<>(servlet,
- PortalApiConstants.API_PREFIX + "/*");
- servletBean.setName("PortalRestApiProxyServlet");
- return servletBean;
- }
-
- /**
- * Instantiates a trivial login servlet that serves a basic page with a link to
- * authenticate at Portal. The login filter redirects to this page instead of
- * Portal.
- *
- * @return Servlet registration bean for the Dashboard login servlet.
- */
- @Bean
- public ServletRegistrationBean<LoginServlet> loginServletBean() {
- LoginServlet servlet = new LoginServlet();
- final ServletRegistrationBean<LoginServlet> servletBean = new ServletRegistrationBean<>(servlet,
- DashboardConstants.LOGIN_PAGE);
- servletBean.setName("LoginServlet");
- return servletBean;
+ public PortalAuthenticationFilter portalAuthenticationFilterBean() throws ClassNotFoundException,
+ IllegalAccessException, InstantiationException, InvocationTargetException, NoSuchMethodException {
+ logger.debug("portalAuthenticationFilterBean");
+ return new PortalAuthenticationFilter(portalapiSecurity, portalAuthManagerBean(), this.userManager);
}
}
Code Review / portal / ric-dashboard.git / blobdiff