X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=webapp-backend%2Fsrc%2Fmain%2Fjava%2Forg%2Foransc%2Fric%2Fportal%2Fdashboard%2Fconfig%2FWebSecurityConfiguration.java;h=f4819d307d79863b0173685d054217c0b14d57d6;hb=ef2afb662e0051397034e6fd3ece039a04c684c0;hp=6dc65633abdecdebdc65c041bec6356d69c9d6c8;hpb=beea5ee48a0efddde5e868eb0c99ba4ba67f1d46;p=portal%2Fric-dashboard.git diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java index 6dc65633..f4819d30 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java @@ -2,7 +2,7 @@ * ========================LICENSE_START================================= * O-RAN-SC * %% - * Copyright (C) 2019 AT&T Intellectual Property and Nokia + * Copyright (C) 2019 AT&T Intellectual Property * %% * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,25 +19,22 @@ */ package org.oransc.ric.portal.dashboard.config; -import java.io.IOException; import java.lang.invoke.MethodHandles; +import java.lang.reflect.InvocationTargetException; -import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.oransc.ric.portal.dashboard.DashboardConstants; -import org.oransc.ric.portal.dashboard.LoginServlet; -import org.oransc.ric.portal.dashboard.controller.AcXappController; +import org.oransc.ric.portal.dashboard.DashboardUserManager; +import org.oransc.ric.portal.dashboard.controller.A1MediatorController; import org.oransc.ric.portal.dashboard.controller.AdminController; -import org.oransc.ric.portal.dashboard.controller.AnrXappController; import org.oransc.ric.portal.dashboard.controller.AppManagerController; import org.oransc.ric.portal.dashboard.controller.E2ManagerController; -import org.oransc.ric.portal.dashboard.portalapi.DashboardUserManager; +import org.oransc.ric.portal.dashboard.controller.SimpleErrorController; import org.oransc.ric.portal.dashboard.portalapi.PortalAuthManager; import org.oransc.ric.portal.dashboard.portalapi.PortalAuthenticationFilter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.servlet.ServletRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Profile; @@ -59,8 +56,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { // Although constructor arguments are recommended over field injection, // this results in fewer lines of code. - @Value("${userfile}") - private String userFilePath; + @Value("${portalapi.security}") + private Boolean portalapiSecurity; @Value("${portalapi.appname}") private String appName; @Value("${portalapi.username}") @@ -72,10 +69,15 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Value("${portalapi.usercookie}") private String userCookie; + @Autowired + DashboardUserManager userManager; + + @Override protected void configure(HttpSecurity http) throws Exception { logger.debug("configure: portalapi.username {}", userName); // A chain of ".and()" always baffles me http.authorizeRequests().anyRequest().authenticated(); + http.headers().frameOptions().disable(); http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class); } @@ -84,25 +86,21 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { * Resource paths that do not require authentication, especially including * Swagger-generated documentation. */ - public static final String[] OPEN_PATHS = { // + protected static final String[] OPEN_PATHS = { // "/v2/api-docs", // "/swagger-resources/**", // "/swagger-ui.html", // "/webjars/**", // PortalApiConstants.API_PREFIX + "/**", // - AcXappController.CONTROLLER_PATH + "/" + AcXappController.VERSION_METHOD, // + A1MediatorController.CONTROLLER_PATH + "/" + A1MediatorController.VERSION_METHOD, // AdminController.CONTROLLER_PATH + "/" + AdminController.HEALTH_METHOD, // AdminController.CONTROLLER_PATH + "/" + AdminController.VERSION_METHOD, // - AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_ALIVE_METHOD, // - AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.HEALTH_READY_METHOD, // - AnrXappController.CONTROLLER_PATH + "/" + AnrXappController.VERSION_METHOD, // AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.HEALTH_ALIVE_METHOD, // AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.HEALTH_READY_METHOD, // AppManagerController.CONTROLLER_PATH + "/" + AppManagerController.VERSION_METHOD, // E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.HEALTH_METHOD, // E2ManagerController.CONTROLLER_PATH + "/" + E2ManagerController.VERSION_METHOD, // - DashboardConstants.LOGIN_PAGE // - }; + SimpleErrorController.ERROR_PATH }; @Override public void configure(WebSecurity web) throws Exception { @@ -111,16 +109,11 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { } @Bean - public PortalAuthManager portalAuthManagerBean() - throws IOException, ClassNotFoundException, InstantiationException, IllegalAccessException { + public PortalAuthManager portalAuthManagerBean() throws ClassNotFoundException, IllegalAccessException, + InstantiationException, InvocationTargetException, NoSuchMethodException { return new PortalAuthManager(appName, userName, password, decryptor, userCookie); } - @Bean - public DashboardUserManager dashboardUserManagerBean() throws IOException { - return new DashboardUserManager(userFilePath); - } - /* * If this is annotated with @Bean, it is created automatically AND REGISTERED, * and Spring processes annotations in the source of the class. However, the @@ -130,43 +123,9 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { * bypass this filter, which seems to me means the filter participates * correctly. */ - public PortalAuthenticationFilter portalAuthenticationFilterBean() - throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException { - PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(), - dashboardUserManagerBean()); - return portalAuthenticationFilter; - } - - /** - * Instantiates the EPSDK-FW servlet. Needed because this app is not configured - * to scan the EPSDK-FW packages; there's also a chance that Spring-Boot does - * not automatically process @WebServlet annotations. - * - * @return Servlet registration bean for the Portal Rest API proxy servlet. - */ - @Bean - public ServletRegistrationBean portalApiProxyServletBean() { - PortalRestAPIProxy servlet = new PortalRestAPIProxy(); - final ServletRegistrationBean servletBean = new ServletRegistrationBean<>(servlet, - PortalApiConstants.API_PREFIX + "/*"); - servletBean.setName("PortalRestApiProxyServlet"); - return servletBean; - } - - /** - * Instantiates a trivial login servlet that serves a basic page with a link to - * authenticate at Portal. The login filter redirects to this page instead of - * Portal. - * - * @return Servlet registration bean for the Dashboard login servlet. - */ - @Bean - public ServletRegistrationBean loginServletBean() { - LoginServlet servlet = new LoginServlet(); - final ServletRegistrationBean servletBean = new ServletRegistrationBean<>(servlet, - DashboardConstants.LOGIN_PAGE); - servletBean.setName("LoginServlet"); - return servletBean; + public PortalAuthenticationFilter portalAuthenticationFilterBean() throws ClassNotFoundException, + IllegalAccessException, InstantiationException, InvocationTargetException, NoSuchMethodException { + return new PortalAuthenticationFilter(portalapiSecurity, portalAuthManagerBean(), this.userManager); } }