X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fconfig%2FWebSecurityConfiguration.java;h=686b9cb17f535d4f9dceacd544f3b1788ec52b41;hb=56ff26b25a114f55b66e47d8f2430d8fb8e3cda3;hp=9357a1cf7452925ca09f12ac92d155290401dff3;hpb=3f812ea25d352ec33d07f5ffa4c2aa2a77e8e793;p=portal%2Fric-dashboard.git diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java index 9357a1cf..686b9cb1 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java @@ -21,12 +21,13 @@ package org.oransc.ric.portal.dashboard.config; import java.io.IOException; import java.lang.invoke.MethodHandles; +import java.lang.reflect.InvocationTargetException; import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.oransc.ric.portal.dashboard.DashboardConstants; import org.oransc.ric.portal.dashboard.LoginServlet; -import org.oransc.ric.portal.dashboard.controller.AcXappController; +import org.oransc.ric.portal.dashboard.controller.A1MediatorController; import org.oransc.ric.portal.dashboard.controller.AdminController; import org.oransc.ric.portal.dashboard.controller.AnrXappController; import org.oransc.ric.portal.dashboard.controller.AppManagerController; @@ -48,6 +49,7 @@ import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import org.springframework.security.web.csrf.CookieCsrfTokenRepository; @Configuration @EnableWebSecurity @@ -59,8 +61,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { // Although constructor arguments are recommended over field injection, // this results in fewer lines of code. - @Value("${userfile}") - private String userFilePath; + @Value("${portalapi.security}") + private Boolean portalapiSecurity; @Value("${portalapi.appname}") private String appName; @Value("${portalapi.username}") @@ -71,12 +73,15 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { private String decryptor; @Value("${portalapi.usercookie}") private String userCookie; + @Value("${userfile}") + private String userFilePath; protected void configure(HttpSecurity http) throws Exception { - logger.debug("configure"); + logger.debug("configure: portalapi.username {}", userName); // A chain of ".and()" always baffles me http.authorizeRequests().anyRequest().authenticated(); - // http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); + http.headers().frameOptions().disable(); + http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class); } @@ -90,7 +95,7 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { "/swagger-ui.html", // "/webjars/**", // PortalApiConstants.API_PREFIX + "/**", // - AcXappController.CONTROLLER_PATH + "/" + AcXappController.VERSION_METHOD, // + A1MediatorController.CONTROLLER_PATH + "/" + A1MediatorController.VERSION_METHOD, // AdminController.CONTROLLER_PATH + "/" + AdminController.HEALTH_METHOD, // AdminController.CONTROLLER_PATH + "/" + AdminController.VERSION_METHOD, // AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_ALIVE_METHOD, // @@ -101,8 +106,9 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.VERSION_METHOD, // E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.HEALTH_METHOD, // E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.VERSION_METHOD, // - DashboardConstants.LOGIN_PAGE, // - SimpleErrorController.ERROR_PATH }; + SimpleErrorController.ERROR_PATH, // + DashboardConstants.LOGIN_PAGE // + }; @Override public void configure(WebSecurity web) throws Exception { @@ -112,7 +118,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Bean public PortalAuthManager portalAuthManagerBean() - throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException { + throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException, + IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException { return new PortalAuthManager(appName, userName, password, decryptor, userCookie); } @@ -131,9 +138,10 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { * correctly. */ public PortalAuthenticationFilter portalAuthenticationFilterBean() - throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException { - PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(), - dashboardUserManagerBean()); + throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException, + IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException { + PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalapiSecurity, + portalAuthManagerBean(), dashboardUserManagerBean()); return portalAuthenticationFilter; }