X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fconfig%2FWebSecurityConfiguration.java;h=f1438d7ee704e004616ff2b68a06b99a33de8ee4;hb=a82f827644fa87b576d9de3f77cb1b78d25d356d;hp=5fde5c28f598bf9a446ea052d4e64751557553e8;hpb=55472d9367cf229b2b87a625a8aa1dfb822cbaad;p=portal%2Fric-dashboard.git

diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
index 5fde5c28..f1438d7e 100644
--- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
+++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java
@@ -2,7 +2,7 @@
  * ========================LICENSE_START=================================
  * O-RAN-SC
  * %%
- * Copyright (C) 2019 AT&T Intellectual Property and Nokia
+ * Copyright (C) 2019 AT&T Intellectual Property
  * %%
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -19,22 +19,22 @@
  */
 package org.oransc.ric.portal.dashboard.config;
 
-import java.io.IOException;
 import java.lang.invoke.MethodHandles;
 import java.lang.reflect.InvocationTargetException;
 
 import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
+import org.oransc.ric.portal.dashboard.DashboardConstants;
+import org.oransc.ric.portal.dashboard.DashboardUserManager;
 import org.oransc.ric.portal.dashboard.controller.A1MediatorController;
 import org.oransc.ric.portal.dashboard.controller.AdminController;
-import org.oransc.ric.portal.dashboard.controller.AnrXappController;
 import org.oransc.ric.portal.dashboard.controller.AppManagerController;
 import org.oransc.ric.portal.dashboard.controller.E2ManagerController;
 import org.oransc.ric.portal.dashboard.controller.SimpleErrorController;
-import org.oransc.ric.portal.dashboard.portalapi.DashboardUserManager;
 import org.oransc.ric.portal.dashboard.portalapi.PortalAuthManager;
 import org.oransc.ric.portal.dashboard.portalapi.PortalAuthenticationFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
@@ -69,11 +69,13 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 	private String decryptor;
 	@Value("${portalapi.usercookie}")
 	private String userCookie;
-	@Value("${userfile}")
-	private String userFilePath;
 
+	@Autowired
+	DashboardUserManager userManager;
+
+	@Override
 	protected void configure(HttpSecurity http) throws Exception {
-		logger.debug("configure: portalapi.username {}", userName);
+		logger.debug("configure: portalapi.appName {}", appName);
 		// A chain of ".and()" always baffles me
 		http.authorizeRequests().anyRequest().authenticated();
 		http.headers().frameOptions().disable();
@@ -82,26 +84,26 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 	}
 
 	/**
-	 * Resource paths that do not require authentication, especially including
+	 * Resource paths that do not require authentication, including
 	 * Swagger-generated documentation.
 	 */
-	public static final String[] OPEN_PATHS = { //
+	protected static final String[] OPEN_PATHS = { //
 			"/v2/api-docs", //
 			"/swagger-resources/**", //
 			"/swagger-ui.html", //
 			"/webjars/**", //
 			PortalApiConstants.API_PREFIX + "/**", //
-			A1MediatorController.CONTROLLER_PATH + "/" + A1MediatorController.VERSION_METHOD, //
+			A1MediatorController.CONTROLLER_PATH + "/" + DashboardConstants.VERSION_METHOD, //
 			AdminController.CONTROLLER_PATH + "/" + AdminController.HEALTH_METHOD, //
 			AdminController.CONTROLLER_PATH + "/" + AdminController.VERSION_METHOD, //
-			AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_ALIVE_METHOD, //
-			AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_READY_METHOD, //
-			AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.VERSION_METHOD, //
-			AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.HEALTH_ALIVE_METHOD, //
-			AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.HEALTH_READY_METHOD, //
-			AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.VERSION_METHOD, //
-			E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.HEALTH_METHOD, //
-			E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.VERSION_METHOD, //
+			AppManagerController.CONTROLLER_PATH + "/" + DashboardConstants.RIC_INSTANCE_KEY + "/*/"
+					+ AppManagerController.HEALTH_ALIVE_METHOD, //
+			AppManagerController.CONTROLLER_PATH + "/" + DashboardConstants.RIC_INSTANCE_KEY + "/*/"
+					+ AppManagerController.HEALTH_READY_METHOD, //
+			AppManagerController.CONTROLLER_PATH + "/" + DashboardConstants.VERSION_METHOD, //
+			E2ManagerController.CONTROLLER_PATH + "/" + DashboardConstants.RIC_INSTANCE_KEY + "/*/"
+					+ E2ManagerController.HEALTH_METHOD, //
+			E2ManagerController.CONTROLLER_PATH + "/" + DashboardConstants.VERSION_METHOD, //
 			SimpleErrorController.ERROR_PATH };
 
 	@Override
@@ -111,17 +113,12 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 	}
 
 	@Bean
-	public PortalAuthManager portalAuthManagerBean()
-			throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException,
-			IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
+	public PortalAuthManager portalAuthManagerBean() throws ClassNotFoundException, IllegalAccessException,
+			InstantiationException, InvocationTargetException, NoSuchMethodException {
+		logger.debug("portalAuthManagerBean");
 		return new PortalAuthManager(appName, userName, password, decryptor, userCookie);
 	}
 
-	@Bean
-	public DashboardUserManager dashboardUserManagerBean() throws IOException {
-		return new DashboardUserManager(userFilePath);
-	}
-
 	/*
 	 * If this is annotated with @Bean, it is created automatically AND REGISTERED,
 	 * and Spring processes annotations in the source of the class. However, the
@@ -131,12 +128,10 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
 	 * bypass this filter, which seems to me means the filter participates
 	 * correctly.
 	 */
-	public PortalAuthenticationFilter portalAuthenticationFilterBean()
-			throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException,
-			IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
-		PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalapiSecurity,
-				portalAuthManagerBean(), dashboardUserManagerBean());
-		return portalAuthenticationFilter;
+	public PortalAuthenticationFilter portalAuthenticationFilterBean() throws ClassNotFoundException,
+			IllegalAccessException, InstantiationException, InvocationTargetException, NoSuchMethodException {
+		logger.debug("portalAuthenticationFilterBean");
+		return new PortalAuthenticationFilter(portalapiSecurity, portalAuthManagerBean(), this.userManager);
 	}
 
 }