<parent>
<groupId>org.o-ran-sc.portal.ric-dashboard</groupId>
<artifactId>ric-dash-parent</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.2-SNAPSHOT</version>
</parent>
<!-- This groupId will NOT allow deployment in LF -->
<groupId>org.o-ran-sc.ric.plt.a1med.client</groupId>
<parent>
<groupId>org.o-ran-sc.portal.ric-dashboard</groupId>
<artifactId>ric-dash-parent</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.2-SNAPSHOT</version>
</parent>
<!-- This groupId will NOT allow deployment in LF -->
<groupId>org.o-ran-sc.ric.xapp.anr.client</groupId>
<parent>
<groupId>org.o-ran-sc.portal.ric-dashboard</groupId>
<artifactId>ric-dash-parent</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.2-SNAPSHOT</version>
</parent>
<!-- This groupId will NOT allow deployment in LF -->
<groupId>org.o-ran-sc.ric.plt.appmgr.client</groupId>
RIC Dashboard Release Notes
===========================
-Version 1.2.?, ? 2019
--------------------------
-* Add EPSDK-FW user management and Portal security
+Version 1.2.2, 23 Sep 2019
+--------------------------
+* Supoprt Portal security using EPSDK-FW cookie and user management
Version 1.2.1, 20 Sep 2019
--------------------------
<parent>
<groupId>org.o-ran-sc.portal.ric-dashboard</groupId>
<artifactId>ric-dash-parent</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.2-SNAPSHOT</version>
</parent>
<!-- This groupId will NOT allow deployment in LF -->
<groupId>org.o-ran-sc.ric.plt.e2mgr.client</groupId>
<artifactId>ric-dash-parent</artifactId>
<name>RIC Dashboard project</name>
<packaging>pom</packaging>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.2-SNAPSHOT</version>
<properties>
<java.version>11</java.version>
<!-- Properties for the license-maven-plugin in child POMs -->
<parent>
<groupId>org.o-ran-sc.portal.ric-dashboard</groupId>
<artifactId>ric-dash-parent</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.2-SNAPSHOT</version>
</parent>
<artifactId>ric-dash-be</artifactId>
<name>RIC Dashboard Webapp backend</name>
<descriptorRef>artifact</descriptorRef>
</assembly>
<runCmds>
- <!-- Include debug tool for limited network -->
- <runCmd><![CDATA[apt-get update && apt-get -y install curl]]></runCmd>
<!-- Ensure logs dir exists and is world writable -->
<runCmd>mkdir /logs</runCmd>
<runCmd>chmod -R 777 /logs</runCmd>
package org.oransc.ric.portal.dashboard;
import java.io.IOException;
-import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import org.slf4j.Logger;
private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
- // Unfortunately these names are not available as constants
- private static final String[] propertyFiles = { "ESAPI.properties", "key.properties", "portal.properties",
- "validation.properties" };
-
public static void main(String[] args) throws IOException {
SpringApplication.run(DashboardApplication.class, args);
- for (String pf : propertyFiles) {
- InputStream in = MethodHandles.lookup().lookupClass().getClassLoader().getResourceAsStream(pf);
- if (in == null)
- logger.warn("Failed to find property file on classpath: {}", pf);
- else
- in.close();
- }
- // Force this onto the console by using level WARN
+ // Ensure this appears on the console by using level WARN
logger.warn("main: version '{}' successful start",
getImplementationVersion(MethodHandles.lookup().lookupClass()));
}
// Although constructor arguments are recommended over field injection,
// this results in fewer lines of code.
- @Value("${userfile}")
- private String userFilePath;
+ @Value("${portalapi.security}")
+ private Boolean portalapiSecurity;
@Value("${portalapi.appname}")
private String appName;
@Value("${portalapi.username}")
private String decryptor;
@Value("${portalapi.usercookie}")
private String userCookie;
+ @Value("${userfile}")
+ private String userFilePath;
protected void configure(HttpSecurity http) throws Exception {
logger.debug("configure: portalapi.username {}", userName);
public PortalAuthenticationFilter portalAuthenticationFilterBean()
throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException,
IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException {
- PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(),
- dashboardUserManagerBean());
+ PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalapiSecurity,
+ portalAuthManagerBean(), dashboardUserManagerBean());
return portalAuthenticationFilter;
}
package org.oransc.ric.portal.dashboard.portalapi;
import java.io.IOException;
+import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.lang.invoke.MethodHandles;
import java.net.URLEncoder;
private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
+ // Unfortunately these names are not available as constants
+ private static final String[] securityPropertyFiles = { "ESAPI.properties", "key.properties", "portal.properties",
+ "validation.properties" };
+
public static final String REDIRECT_URL_KEY = "redirectUrl";
+ private final boolean enforcePortalSecurity;
private final PortalAuthManager authManager;
private final DashboardUserManager userManager;
- public PortalAuthenticationFilter(PortalAuthManager authManager, DashboardUserManager userManager) {
+ public PortalAuthenticationFilter(boolean portalSecurity, PortalAuthManager authManager,
+ DashboardUserManager userManager) {
+ this.enforcePortalSecurity = portalSecurity;
this.authManager = authManager;
this.userManager = userManager;
+ if (portalSecurity) {
+ // Throw if security is requested and prerequisites are not met
+ for (String pf : securityPropertyFiles) {
+ InputStream in = MethodHandles.lookup().lookupClass().getClassLoader().getResourceAsStream(pf);
+ if (in == null) {
+ String msg = "Failed to find property file on classpath: " + pf;
+ logger.error(msg);
+ throw new RuntimeException(msg);
+ } else {
+ try {
+ in.close();
+ } catch (IOException ex) {
+ logger.warn("Failed to close stream", ex);
+ }
+ }
+ }
+ }
}
@Override
// No resources to release
}
+ /**
+ * Requests for pages ignored in the web security config do not hit this filter.
+ */
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+ throws IOException, ServletException {
+ if (enforcePortalSecurity)
+ doFilterEPSDKFW(req, res, chain);
+ else
+ doFilterMockUserAdminRole(req, res, chain);
+ }
+
/*
* Populates security context with a mock user in the admin role.
*
- * TODO: AUTH
*/
- @Override
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+ private void doFilterMockUserAdminRole(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
if (auth == null || auth.getAuthorities().isEmpty()) {
/*
* Checks for valid cookies and allows request to be served if found; redirects
- * to Portal otherwise. Requests for pages ignored in the web security config do
- * not hit this filter.
- *
- * TODO: AUTH
+ * to Portal otherwise.
*/
- public void doFilter_EPSDKFW(ServletRequest req, ServletResponse res, FilterChain chain)
+ private void doFilterEPSDKFW(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
logger.debug("doFilter {}", req);
HttpServletRequest request = (HttpServletRequest) req;
# use a persistent volume in a K8S deployment
userfile = users.json
+# boolean flag whether to enforce Portal user and roles on requests
+portalapi.security = false
# class that decrypts ciphertext from Portal
portalapi.decryptor = org.oransc.ric.portal.dashboard.portalapi.PortalSdkDecryptorAes
# name of request cookie with user ID
<parent>
<groupId>org.o-ran-sc.portal.ric-dashboard</groupId>
<artifactId>ric-dash-parent</artifactId>
- <version>1.2.1-SNAPSHOT</version>
+ <version>1.2.2-SNAPSHOT</version>
</parent>
<artifactId>ric-dash-fe</artifactId>
<name>RIC Dashboard Webapp frontend</name>