+++ /dev/null
-/key.properties
-/portal.properties
+++ /dev/null
-# ========================LICENSE_START=================================
-# O-RAN-SC
-# %%
-# Copyright (C) 2019 AT&T Intellectual Property
-# %%
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ========================LICENSE_END===================================
-
-# Template for the file that provides a secret key for the Non-RT RIC Control Panel.
-
-cipher.enc.key =
+++ /dev/null
-# ========================LICENSE_START=================================
-# O-RAN-SC
-# %%
-# Copyright (C) 2019 AT&T Intellectual Property
-# %%
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ========================LICENSE_END===================================
-
-# Template for the file that provides properties for the EPSDK-FW library.
-# This file must be present on the Java classpath.
-
-# The following properties are the same in every deployment
-
-portal.api.impl.class = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalRestCentralServiceImpl
-role_access_centralized = remote
-
-# The following properties are DIFFERENT in every deployment
-
-# URL of portal login screen
-ecomp_redirect_url = http://localhost/portal
-# URL of portal API
-ecomp_rest_url = http://localhost/portal
-# Value assigned by portal instance
-ueb_app_key = abcdef1234567890
</repository>
</repositories>
<dependencies>
- <!-- Platform components -->
- <dependency>
- <groupId>org.onap.portal.sdk</groupId>
- <artifactId>epsdk-fw</artifactId>
- <version>${epsdk-fw.version}</version>
- <exclusions>
- <exclusion>
- <groupId>commons-logging</groupId>
- <artifactId>commons-logging</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- </exclusion>
- <exclusion>
- <groupId>log4j</groupId>
- <artifactId>apache-log4j-extras</artifactId>
- </exclusion>
- <exclusion>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-log4j12</artifactId>
- </exclusion>
- <exclusion>
- <groupId>junit</groupId>
- <artifactId>junit</artifactId>
- </exclusion>
- <exclusion>
- <groupId>commons-fileupload</groupId>
- <artifactId>commons-fileupload</artifactId>
- </exclusion>
- <exclusion>
- <groupId>commons-beanutils</groupId>
- <artifactId>commons-beanutils</artifactId>
- </exclusion>
- <!-- EELF omits "test" scope on this dependency -->
- <exclusion>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-module-junit4</artifactId>
- </exclusion>
- <!-- EELF omits "test" scope on this dependency -->
- <exclusion>
- <groupId>org.powermock</groupId>
- <artifactId>powermock-api-mockito</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-security</artifactId>
- </dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
}
public static final String ENDPOINT_PREFIX = "/api";
- // Factor out method names used in multiple controllers
- public static final String VERSION_METHOD = "version";
- public static final String APP_NAME_AC = "AC";
- public static final String APP_NAME_MC = "MC";
- // The role names are defined by ONAP Portal.
- // The prefix "ROLE_" is required by Spring.
- // These are used in Java code annotations that require constants.
- public static final String ROLE_NAME_STANDARD = "Standard_User";
- public static final String ROLE_NAME_ADMIN = "System_Administrator";
- private static final String ROLE_PREFIX = "ROLE_";
- public static final String ROLE_ADMIN = ROLE_PREFIX + ROLE_NAME_ADMIN;
- public static final String ROLE_STANDARD = ROLE_PREFIX + ROLE_NAME_STANDARD;
- public static final String POLICY_CONTROLLER_USERNAME = "admin";
- public static final String POLICY_CONTROLLER_PASSWORD = "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U";
-
}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel;
-
-import com.fasterxml.jackson.core.type.TypeReference;
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-import java.io.File;
-import java.io.IOException;
-import java.lang.invoke.MethodHandles;
-import java.nio.file.Files;
-import java.util.ArrayList;
-import java.util.HashSet;
-import java.util.List;
-import java.util.Set;
-
-import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
-import org.onap.portalsdk.core.restful.domain.EcompRole;
-import org.onap.portalsdk.core.restful.domain.EcompUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Provides simple user-management services.
- *
- * This first implementation serializes user details to a file.
- */
-public class ControlPanelUserManager {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- // This default value is only useful for development and testing.
- public static final String USER_FILE_PATH = "controlpanel-users.json";
-
- private final File userFile;
- private final List<EcompUser> users;
-
- /**
- * Development/test-only constructor that uses default file path.
- *
- * @param clear
- * If true, start empty and remove any existing file.
- *
- * @throws IOException
- * On file error
- */
- public ControlPanelUserManager(boolean clear) throws IOException {
- this(USER_FILE_PATH);
- if (clear) {
- logger.debug("ctor: removing file {}", userFile.getAbsolutePath());
- File f = new File(ControlPanelUserManager.USER_FILE_PATH);
- if (f.exists())
- Files.delete(f.toPath());
- users.clear();
- }
- }
-
- /**
- * Constructur that accepts a file path
- *
- * @param userFilePath
- * File path
- * @throws IOException
- * If file cannot be read
- */
- public ControlPanelUserManager(final String userFilePath) throws IOException {
- logger.debug("ctor: userfile {}", userFilePath);
- if (userFilePath == null)
- throw new IllegalArgumentException("Missing or empty user file property");
- userFile = new File(userFilePath);
- logger.debug("ctor: managing users in file {}", userFile.getAbsolutePath());
- if (userFile.exists()) {
- final ObjectMapper mapper = new ObjectMapper();
- users = mapper.readValue(userFile, new TypeReference<List<EcompUser>>() {});
- } else {
- users = new ArrayList<>();
- }
- }
-
- /**
- * Gets the current users.
- *
- * @return List of EcompUser objects, possibly empty
- */
- public List<EcompUser> getUsers() {
- return this.users;
- }
-
- /**
- * Gets the user with the specified login Id
- *
- * @param loginId
- * Desired login Id
- * @return User object; null if Id is not known
- */
- public EcompUser getUser(String loginId) {
- for (EcompUser u : this.users) {
- if (u.getLoginId().equals(loginId)) {
- logger.debug("getUser: match on {}", loginId);
- return u;
- }
- }
- logger.debug("getUser: no match on {}", loginId);
- return null;
- }
-
- private void saveUsers() throws IOException {
- final ObjectMapper mapper = new ObjectMapper();
- mapper.writeValue(userFile, users);
- }
-
- /*
- * Allow at most one thread to create a user at one time.
- */
- public synchronized void createUser(EcompUser user) throws PortalAPIException {
- if (logger.isDebugEnabled()) {
- logger.debug("createUser: loginId is {}", user.getLoginId());
- }
- if (users.contains(user))
- throw new PortalAPIException("User exists: " + user.getLoginId());
- users.add(user);
- try {
- saveUsers();
- } catch (Exception ex) {
- throw new PortalAPIException("Save failed", ex);
- }
- }
-
- /*
- * Allow at most one thread to modify a user at one time. We still have
- * last-edit-wins of course.
- */
- public synchronized void updateUser(String loginId, EcompUser user) throws PortalAPIException {
- logger.debug("editUser: loginId is {}", loginId);
- int index = users.indexOf(user);
- if (index < 0)
- throw new PortalAPIException("User does not exist: " + user.getLoginId());
- users.remove(index);
- users.add(user);
- try {
- saveUsers();
- } catch (Exception ex) {
- throw new PortalAPIException("Save failed", ex);
- }
- }
-
- // Test infrastructure
- public static void main(String[] args) throws Exception {
- ControlPanelUserManager dum = new ControlPanelUserManager(false);
- EcompUser user = new EcompUser();
- user.setActive(true);
- user.setLoginId("demo");
- user.setFirstName("First");
- user.setLastName("Last");
- EcompRole role = new EcompRole();
- role.setId(1L);
- role.setName(ControlPanelConstants.ROLE_NAME_ADMIN);
- Set<EcompRole> roles = new HashSet<>();
- roles.add(role);
- user.setRoles(roles);
- dum.createUser(user);
- logger.debug("Created user {}", user);
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.config;
-
-import java.io.IOException;
-import java.lang.invoke.MethodHandles;
-
-import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-
-/**
- * Creates an instance of the user manager.
- */
-@Configuration
-@Profile("!test")
-public class AdminConfiguration {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- // Populated by the autowired constructor
- private final String userfile;
-
- @Autowired
- public AdminConfiguration(@Value("${userfile}") final String userfile) {
- logger.debug("ctor userfile '{}'", userfile);
- this.userfile = userfile;
- }
-
- @Bean
- // The bean (method) name must be globally unique
- public ControlPanelUserManager userManager() throws IOException {
- return new ControlPanelUserManager(userfile);
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.config;
-
-import java.lang.invoke.MethodHandles;
-
-import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy;
-import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-
-@Configuration
-@Profile("!test")
-public class PortalApiConfiguration {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- /**
- * Instantiates the EPSDK-FW servlet that implements the API called by Portal.
- * Needed because this app is not configured to scan the EPSDK-FW packages;
- * there's also a chance that Spring-Boot does not automatically
- * process @WebServlet annotations.
- *
- * @return Servlet registration bean for the Portal Rest API proxy servlet.
- */
- @Bean
- public ServletRegistrationBean<PortalRestAPIProxy> portalApiProxyServletBean() {
- logger.debug("portalApiProxyServletBean");
- PortalRestAPIProxy servlet = new PortalRestAPIProxy();
- final ServletRegistrationBean<PortalRestAPIProxy> servletBean =
- new ServletRegistrationBean<>(servlet, PortalApiConstants.API_PREFIX + "/*");
- servletBean.setName("PortalRestApiProxyServlet");
- return servletBean;
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2019 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.config;
-
-import java.io.IOException;
-import java.lang.invoke.MethodHandles;
-import java.lang.reflect.InvocationTargetException;
-
-import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager;
-import org.oransc.portal.nonrtric.controlpanel.controller.PolicyController;
-import org.oransc.portal.nonrtric.controlpanel.controller.SimpleErrorController;
-import org.oransc.portal.nonrtric.controlpanel.portalapi.PortalAuthManager;
-import org.oransc.portal.nonrtric.controlpanel.portalapi.PortalAuthenticationFilter;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
-import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
-
-@Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(securedEnabled = true)
-@Profile("!test")
-public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- // Although constructor arguments are recommended over field injection,
- // this results in fewer lines of code.
- @Value("${portalapi.security}")
- private Boolean portalapiSecurity;
- @Value("${portalapi.appname}")
- private String appName;
- @Value("${portalapi.username}")
- private String userName;
- @Value("${portalapi.password}")
- private String password;
- @Value("${portalapi.decryptor}")
- private String decryptor;
- @Value("${portalapi.usercookie}")
- private String userCookie;
-
- @Autowired
- ControlPanelUserManager userManager;
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- logger.debug("configure: portalapi.username {}", userName);
- // A chain of ".and()" always baffles me
- http.authorizeRequests().anyRequest().authenticated();
- http.headers().frameOptions().disable();
- http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
- http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class);
- }
-
- /**
- * Resource paths that do not require authentication, especially including
- * Swagger-generated documentation.
- */
- @SuppressWarnings("squid:S1075") // URIs should not be hardcoded
- public static final String[] OPEN_PATHS = { //
- "/v2/api-docs", //
- "/swagger-resources/**", //
- "/swagger-ui.html", //
- "/webjars/**", //
- PortalApiConstants.API_PREFIX + "/**", //
- PolicyController.CONTROLLER_PATH + "/" + PolicyController.VERSION_METHOD, //
- SimpleErrorController.ERROR_PATH};
-
- @Override
- public void configure(WebSecurity web) throws Exception {
- // This disables Spring security, but not the app's filter.
- web.ignoring().antMatchers(OPEN_PATHS);
- }
-
- @Bean
- public PortalAuthManager portalAuthManagerBean() throws ClassNotFoundException, InstantiationException,
- IllegalAccessException, InvocationTargetException, NoSuchMethodException {
- return new PortalAuthManager(appName, userName, password, decryptor, userCookie);
- }
-
- /*
- * If this is annotated with @Bean, it is created automatically AND REGISTERED,
- * and Spring processes annotations in the source of the class. However, the
- * filter is added in the chain apparently in the wrong order. Alternately, with
- * no @Bean and added to the chain up in the configure() method in the desired
- * order, the ignoring() matcher pattern configured above causes Spring to
- * bypass this filter, which seems to me means the filter participates
- * correctly.
- */
- public PortalAuthenticationFilter portalAuthenticationFilterBean() throws ClassNotFoundException,
- InstantiationException, IllegalAccessException, IOException, InvocationTargetException, NoSuchMethodException {
- return new PortalAuthenticationFilter(portalapiSecurity, portalAuthManagerBean(), this.userManager);
- }
-
-}
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.annotation.Secured;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
// Publish paths in constants so tests are easy to write
public static final String CONTROLLER_PATH = ControlPanelConstants.ENDPOINT_PREFIX + "/enrichment";
// Endpoints
- public static final String VERSION_METHOD = ControlPanelConstants.VERSION_METHOD;
public static final String EI_TYPES = "eitypes";
public static final String EI_PRODUCERS = "eiproducers";
public static final String EI_JOBS = "eijobs";
*/
@ApiOperation(value = "Get the EI type identifiers")
@GetMapping(EI_TYPES)
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getAllEiTypeIds() {
logger.debug("getAllEiTypeIds");
return this.eiProducerApi.getAllEiTypeIds();
@ApiOperation(value = "Get an individual EI type")
@GetMapping(EI_TYPES + "/{" + EI_TYPE_ID + "}")
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getEiType(@PathVariable(EI_TYPE_ID) String eiTypeId) {
logger.debug("getEiType {}", eiTypeId);
return this.eiProducerApi.getEiType(eiTypeId);
@ApiOperation(value = "Get an individual EI producer")
@GetMapping(EI_PRODUCERS + "/{" + EI_PRODUCER_ID + "}")
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getEiProducer(@PathVariable(EI_PRODUCER_ID) String eiProducerId) {
logger.debug("getEiProducer {}", eiProducerId);
return this.eiProducerApi.getEiProducer(eiProducerId);
@ApiOperation(value = "Get the EI job definitions for one EI producer")
@GetMapping(EI_PRODUCERS + "/{" + EI_PRODUCER_ID + "}/" + EI_JOBS)
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getEiJobsForOneEiProducer(@PathVariable(EI_PRODUCER_ID) String eiProducerId) {
logger.debug("getEiJobsForOneEiProducer {}", eiProducerId);
return this.eiProducerApi.getEiJobsForOneEiProducer(eiProducerId);
@ApiOperation(value = "Get the EI job definitions for one EI producer")
@GetMapping(EI_JOBS)
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<List<JobInfo>> getEiJobs() {
logger.debug("getEiJobs");
ResponseEntity<String> response = this.eiProducerApi.getAllEiProducerIds();
@ApiOperation(value = "Get EI producers")
@GetMapping(EI_PRODUCERS)
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<List<ProducerInfo>> getEiProducers() {
logger.debug("getEiProducers");
ResponseEntity<String> response = this.eiProducerApi.getAllEiProducerIds();
@ApiOperation(value = "Get the status of an EI producer")
@GetMapping(EI_PRODUCERS + "/{" + EI_PRODUCER_ID + "}/" + STATUS)
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getEiProducerStatus(@PathVariable(EI_PRODUCER_ID) String eiProducerId) {
logger.debug("getEiProducerStatus {}", eiProducerId);
return this.eiProducerApi.getEiProducerStatus(eiProducerId);
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
-import org.springframework.security.access.annotation.Secured;
import org.springframework.util.Assert;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.GetMapping;
// Publish paths in constants so tests are easy to write
public static final String CONTROLLER_PATH = ControlPanelConstants.ENDPOINT_PREFIX + "/policy";
// Endpoints
- public static final String VERSION_METHOD = ControlPanelConstants.VERSION_METHOD;
public static final String POLICY_TYPES_METHOD = "policytypes";
public static final String POLICY_TYPE_PARAM = "type";
public static final String POLICIES_NAME = "policies";
*/
@ApiOperation(value = "Gets the policy types from Near-RT RIC")
@GetMapping(POLICY_TYPES_METHOD)
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getAllPolicyTypes(HttpServletResponse response) {
logger.debug("getAllPolicyTypes");
return this.policyAgentApi.getAllPolicyTypes();
@ApiOperation(value = "Returns the policy instances for the given policy type.")
@GetMapping(POLICIES_NAME)
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getPolicyInstances(
@RequestParam(name = "type", required = true) String policyTypeIdString) {
logger.debug("getPolicyInstances {}", policyTypeIdString);
@ApiOperation(value = "Returns a policy instance of a type")
@GetMapping(POLICIES_NAME + "/{" + POLICY_INSTANCE_ID_NAME + "}")
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<Object> getPolicyInstance(
@RequestParam(name = "type", required = true) String policyTypeIdString,
@PathVariable(POLICY_INSTANCE_ID_NAME) String policyInstanceId) {
@ApiOperation(value = "Creates the policy instances for the given policy type.")
@PutMapping(POLICIES_NAME + "/{" + POLICY_INSTANCE_ID_NAME + "}")
- @Secured({ControlPanelConstants.ROLE_ADMIN})
public ResponseEntity<String> putPolicyInstance( //
@RequestParam(POLICY_TYPE_PARAM) String policyTypeIdString, //
@RequestParam(name = "ric", required = true) String ric, //
@ApiOperation(value = "Deletes the policy instances for the given policy type.")
@DeleteMapping(POLICIES_NAME + "/{" + POLICY_INSTANCE_ID_NAME + "}")
- @Secured({ControlPanelConstants.ROLE_ADMIN})
public ResponseEntity<String> deletePolicyInstance( //
@RequestParam(POLICY_TYPE_PARAM) String policyTypeIdString,
@PathVariable(POLICY_INSTANCE_ID_NAME) String policyInstanceId) {
@ApiOperation(value = "Returns the rics supporting the given policy type.")
@GetMapping("/rics")
- @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD})
public ResponseEntity<String> getRicsSupportingType(
@RequestParam(name = "policyType", required = true) String supportingPolicyType) {
logger.debug("getRicsSupportingType {}", supportingPolicyType);
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.model;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.Iterator;
-import java.util.List;
-
-import org.onap.portalsdk.core.restful.domain.EcompRole;
-import org.onap.portalsdk.core.restful.domain.EcompUser;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.UserDetails;
-
-public class EcompUserDetails implements UserDetails {
-
- private static final long serialVersionUID = 1L;
- private final transient EcompUser ecompUser;
-
- // This is the default Spring role-name prefix.
- private static final String ROLEP = "ROLE_";
-
- public EcompUserDetails(EcompUser ecompUser) {
- this.ecompUser = ecompUser;
- }
-
- /*
- * Gets a list of authorities (roles) for this user. To keep Spring happy, every
- * item has prefix ROLE_.
- */
- @Override
- public Collection<? extends GrantedAuthority> getAuthorities() {
- List<GrantedAuthority> roleList = new ArrayList<>();
- Iterator<EcompRole> roleIter = ecompUser.getRoles().iterator();
- while (roleIter.hasNext()) {
- EcompRole role = roleIter.next();
- // Add the prefix if the ONAP portal doesn't supply it.
- final String roleName = role.getName().startsWith(ROLEP) ? role.getName() : ROLEP + role.getName();
- roleList.add(new SimpleGrantedAuthority(roleName));
- }
- return roleList;
- }
-
- @Override
- public String getPassword() {
- return null;
- }
-
- @Override
- public String getUsername() {
- return ecompUser.getLoginId();
- }
-
- @Override
- public boolean isAccountNonExpired() {
- return true;
- }
-
- @Override
- public boolean isAccountNonLocked() {
- return true;
- }
-
- @Override
- public boolean isCredentialsNonExpired() {
- return true;
- }
-
- @Override
- public boolean isEnabled() {
- return ecompUser.isActive();
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.portalapi;
-
-import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
-
-/**
- * Supports an upgrade path among methods in CipherUtil because the PortalSDK is
- * changing encryption methods.
- */
-public interface IPortalSdkDecryptor {
-
- /**
- * Decrypts the specified value using a known key.
- *
- * @param cipherText
- * Encrypted value
- * @return Clear text on success, null otherwise.
- * @throws CipherUtilException
- * if any decryption step fails
- */
- String decrypt(String cipherText) throws CipherUtilException;
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.portalapi;
-
-import java.lang.invoke.MethodHandles;
-import java.lang.reflect.InvocationTargetException;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-
-import org.onap.portalsdk.core.onboarding.crossapi.IPortalRestCentralService;
-import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
-import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- * Provides services to authenticate requests from/to ONAP Portal.
- */
-public class PortalAuthManager {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- final Map<String, String> credentialsMap;
- private final IPortalSdkDecryptor portalSdkDecryptor;
- private final String userIdCookieName;
-
- public PortalAuthManager(final String appName, final String username, final String password,
- final String decryptorClassName, final String userCookie) throws ClassNotFoundException, InstantiationException,
- IllegalAccessException, InvocationTargetException, NoSuchMethodException {
- credentialsMap = new HashMap<>();
- credentialsMap.put(IPortalRestCentralService.CREDENTIALS_APP, appName);
- credentialsMap.put(IPortalRestCentralService.CREDENTIALS_USER, username);
- credentialsMap.put(IPortalRestCentralService.CREDENTIALS_PASS, password);
- this.userIdCookieName = userCookie;
- // Instantiate here so configuration errors are detected at app-start time
- logger.debug("ctor: using decryptor class {}", decryptorClassName);
- Class<?> decryptorClass = Class.forName(decryptorClassName);
- portalSdkDecryptor = (IPortalSdkDecryptor) decryptorClass.getDeclaredConstructor().newInstance();
- }
-
- /**
- * @return A map of key-value pairs with application name, user name and
- * password.
- */
- public Map<String, String> getAppCredentials() {
- return credentialsMap;
- }
-
- /**
- * Searches the request for a cookie with the specified name.
- *
- * @param request
- * HttpServletRequest
- * @param cookieName
- * Cookie name
- * @return Cookie, or null if not found.
- */
- private Cookie getCookie(HttpServletRequest request, String cookieName) {
- Cookie[] cookies = request.getCookies();
- if (cookies != null)
- for (Cookie cookie : cookies)
- if (cookie.getName().equals(cookieName))
- return cookie;
- return null;
- }
-
- /**
- * Validates whether the ECOMP Portal sign-on process has completed. Checks for
- * the ECOMP cookie first, then the user cookie.
- *
- * @param request
- * HttpServletRequest
- * @return User ID if the ECOMP cookie is present and the sign-on process
- * established a user ID; else null.
- */
- public String validateEcompSso(HttpServletRequest request) {
- // Check ECOMP Portal cookie
- Cookie ep = getCookie(request, PortalApiConstants.EP_SERVICE);
- if (ep == null) {
- logger.debug("validateEcompSso: cookie not found: {}", PortalApiConstants.EP_SERVICE);
- return null;
- }
- logger.trace("validateEcompSso: found cookie {}", PortalApiConstants.EP_SERVICE);
- Cookie user = getCookie(request, userIdCookieName);
- if (user == null) {
- logger.debug("validateEcompSso: cookie not found: {}", userIdCookieName);
- return null;
- }
- logger.trace("validateEcompSso: user cookie {}", userIdCookieName);
- String userid = null;
- try {
- userid = portalSdkDecryptor.decrypt(user.getValue());
- } catch (CipherUtilException e) {
- throw new IllegalArgumentException("validateEcompSso failed", e);
- }
- return userid;
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.portalapi;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
-import java.lang.invoke.MethodHandles;
-import java.net.URLEncoder;
-import java.util.HashSet;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.onap.portalsdk.core.onboarding.util.KeyProperties;
-import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
-import org.onap.portalsdk.core.restful.domain.EcompRole;
-import org.onap.portalsdk.core.restful.domain.EcompUser;
-import org.oransc.portal.nonrtric.controlpanel.ControlPanelConstants;
-import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager;
-import org.oransc.portal.nonrtric.controlpanel.model.EcompUserDetails;
-import org.owasp.esapi.reference.DefaultSecurityConfiguration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.http.MediaType;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-
-/**
- * This filter checks every request for the cookie set by the ONAP Portal single
- * sign on process. The possible paths and actions:
- * <OL>
- * <LI>User starts at an app page via a bookmark. No Portal cookie is set.
- * Redirect there to get one; then continue as below.
- * <LI>User starts at Portal and goes to app. Alternately, the user's session
- * times out and the user hits refresh. The Portal cookie is set, but there is
- * no valid session. Create one and publish info.
- * <LI>User has valid Portal cookie and session. Reset the max idle in that
- * session.
- * </OL>
- * <P>
- * Notes:
- * <UL>
- * <LI>While redirecting, the cookie "redirectUrl" should also be set so that
- * Portal knows where to forward the request to once the Portal Session is
- * created and EPService cookie is set.
- * </UL>
- *
- * Open question: What about sessions? Will this be stateless?
- *
- * This filter uses no annotations to avoid Spring's automatic registration,
- * which add this filter in the chain in the wrong order.
- */
-public class PortalAuthenticationFilter implements Filter {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- // Unfortunately not all file names are defined as constants
- private static final String[] securityPropertyFiles =
- {KeyProperties.PROPERTY_FILE_NAME, PortalApiProperties.PROPERTY_FILE_NAME,
- DefaultSecurityConfiguration.DEFAULT_RESOURCE_FILE, "validation.properties"};
-
- public static final String REDIRECT_URL_KEY = "redirectUrl";
-
- private final boolean enforcePortalSecurity;
- private final PortalAuthManager authManager;
-
- private final ControlPanelUserManager userManager;
-
- public PortalAuthenticationFilter(boolean portalSecurity, PortalAuthManager authManager,
- ControlPanelUserManager userManager) throws IOException {
- this.enforcePortalSecurity = portalSecurity;
- this.authManager = authManager;
- this.userManager = userManager;
- if (portalSecurity) {
- // Throw if security is requested and prerequisites are not met
- for (String pf : securityPropertyFiles) {
- InputStream in = MethodHandles.lookup().lookupClass().getClassLoader().getResourceAsStream(pf);
- if (in == null) {
- String msg = "Failed to find property file on classpath: " + pf;
- logger.error(msg);
- throw new IOException(msg);
- } else {
- try {
- in.close();
- } catch (IOException ex) {
- logger.warn("Failed to close stream", ex);
- }
- }
- }
- }
- }
-
- @Override
- public void init(FilterConfig filterConfig) throws ServletException {
- // complain loudly if this key property is missing
- String url = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
- logger.debug("init: Portal redirect URL {}", url);
- if (url == null)
- logger
- .error("init: Failed to find property in portal.properties: " + PortalApiConstants.ECOMP_REDIRECT_URL);
- }
-
- @Override
- public void destroy() {
- // No resources to release
- }
-
- /**
- * Requests for pages ignored in the web security config do not hit this filter.
- */
- @Override
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
- throws IOException, ServletException {
- if (enforcePortalSecurity)
- doFilterEPSDKFW(req, res, chain);
- else
- doFilterMockUserAdminRole(req, res, chain);
- }
-
- /*
- * Populates security context with a mock user in the admin role.
- *
- */
- private void doFilterMockUserAdminRole(ServletRequest req, ServletResponse res, FilterChain chain)
- throws IOException, ServletException {
- Authentication auth = SecurityContextHolder.getContext().getAuthentication();
- if (auth == null || auth.getAuthorities().isEmpty()) {
- if (logger.isDebugEnabled()) {
- logger.debug("doFilter adding auth to request URI {}",
- (req instanceof HttpServletRequest) ? ((HttpServletRequest) req).getRequestURL() : req);
- }
- EcompRole admin = new EcompRole();
- admin.setId(1L);
- admin.setName(ControlPanelConstants.ROLE_ADMIN);
- HashSet<EcompRole> roles = new HashSet<>();
- roles.add(admin);
- EcompUser user = new EcompUser();
- user.setLoginId("fakeLoginId");
- user.setRoles(roles);
- user.setActive(true);
- EcompUserDetails userDetails = new EcompUserDetails(user);
- PreAuthenticatedAuthenticationToken authToken =
- new PreAuthenticatedAuthenticationToken(userDetails, "fakeCredentials", userDetails.getAuthorities());
- SecurityContextHolder.getContext().setAuthentication(authToken);
- } else {
- logger.debug("doFilter: authorities {}", auth.getAuthorities());
- }
- chain.doFilter(req, res);
- }
-
- /*
- * Checks for valid cookies and allows request to be served if found; redirects
- * to Portal otherwise.
- */
- private void doFilterEPSDKFW(ServletRequest req, ServletResponse res, FilterChain chain)
- throws IOException, ServletException {
- HttpServletRequest request = (HttpServletRequest) req;
- HttpServletResponse response = (HttpServletResponse) res;
- if (logger.isTraceEnabled())
- logger.trace("doFilter: req {}", request.getRequestURI());
- // Need to authenticate the request
- final String userId = authManager.validateEcompSso(request);
- final EcompUser ecompUser = (userId == null ? null : userManager.getUser(userId));
- if (userId == null || ecompUser == null) {
- logger.debug("doFilter: unauthorized user requests URI {}, serving login page", request.getRequestURI());
- StringBuffer sb = request.getRequestURL();
- sb.append(request.getQueryString() == null ? "" : "?" + request.getQueryString());
- String body = generateLoginRedirectPage(sb.toString());
- response.setContentType(MediaType.TEXT_HTML_VALUE);
- response.getWriter().print(body);
- response.getWriter().flush();
- } else {
- EcompUserDetails userDetails = new EcompUserDetails(ecompUser);
- // Using portal session as credentials is a hack
- PreAuthenticatedAuthenticationToken authToken = new PreAuthenticatedAuthenticationToken(userDetails,
- getPortalSessionId(request), userDetails.getAuthorities());
- SecurityContextHolder.getContext().setAuthentication(authToken);
- // Pass request back down the filter chain
- chain.doFilter(request, response);
- }
- }
-
- /**
- * Generates a page with text only, absolutely no references to any webapp
- * resources, so this can be served to an unauthenticated user without
- * triggering a new authentication attempt. The page has a link to the Portal
- * URL from configuration, with a return URL that is the original request.
- *
- * @param appUrl
- * Original requested URL
- * @return HTML
- * @throws UnsupportedEncodingException
- * On error
- */
- private static String generateLoginRedirectPage(String appUrl) throws UnsupportedEncodingException {
- String encodedAppUrl = URLEncoder.encode(appUrl, "UTF-8");
- String portalBaseUrl = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL);
- String redirectUrl = portalBaseUrl + "?" + PortalAuthenticationFilter.REDIRECT_URL_KEY + "=" + encodedAppUrl;
- String aHref = "<a href=\"" + redirectUrl + "\">";
- // If only Java had "here" documents.
- return String.join(//
- System.getProperty("line.separator"), //
- "<html>", //
- "<head>", //
- "<title>Non-RT RIC Control Panel</title>", //
- "<style>", //
- "html, body { ", //
- " font-family: Helvetica, Arial, sans-serif;", //
- "}", //
- "</style>", //
- "</head>", //
- "<body>", //
- "<h2>Non-RT RIC Control Panel</h2>", //
- "<h4>Please log in.</h4>", //
- "<p>", //
- aHref, "Click here to authenticate at the ONAP Portal</a>", //
- "</p>", //
- "</body>", //
- "</html>");
- }
-
- /**
- * Searches the request for a cookie with the specified name.
- *
- * @param request
- * HttpServletRequest
- * @param cookieName
- * Cookie name
- * @return Cookie, or null if not found.
- */
- private Cookie getCookie(HttpServletRequest request, String cookieName) {
- Cookie[] cookies = request.getCookies();
- if (cookies != null)
- for (Cookie cookie : cookies)
- if (cookie.getName().equals(cookieName))
- return cookie;
- return null;
- }
-
- /**
- * Gets the ECOMP Portal service cookie value.
- *
- * @param request
- * @return Cookie value, or null if not found.
- */
- private String getPortalSessionId(HttpServletRequest request) {
- Cookie ep = getCookie(request, PortalApiConstants.EP_SERVICE);
- if (ep == null)
- return null;
- return ep.getValue();
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.portalapi;
-
-import java.io.IOException;
-import java.lang.invoke.MethodHandles;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.onap.portalsdk.core.onboarding.crossapi.IPortalRestCentralService;
-import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
-import org.onap.portalsdk.core.restful.domain.EcompUser;
-import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager;
-import org.oransc.portal.nonrtric.controlpanel.config.SpringContextCache;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-
-/**
- * Implements the contract used by the Portal to transmit user details to this
- * on-boarded application. The requests are intercepted first by a servlet in
- * the EPSDK-FW library, which proxies the calls to these methods.
- *
- * An instance of this class is created upon first request to the API. But this
- * class is found and instantiated via Class.forName(), so cannot use Spring
- * annotations.
- */
-public class PortalRestCentralServiceImpl implements IPortalRestCentralService {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- @Autowired
- private SpringContextCache springContextCache;
- private final PortalAuthManager authManager;
- private final ControlPanelUserManager userManager;
-
- public PortalRestCentralServiceImpl() throws IOException, PortalAPIException {
- final ApplicationContext context = springContextCache.getApplicationContext();
- authManager = context.getBean(PortalAuthManager.class);
- userManager = context.getBean(ControlPanelUserManager.class);
- }
-
- /*
- * Answers the Portal API credentials.
- */
- @Override
- public Map<String, String> getAppCredentials() throws PortalAPIException {
- logger.debug("getAppCredentials");
- return authManager.getAppCredentials();
- }
-
- /*
- * Extracts the user ID from a cookie in the header
- */
- @Override
- public String getUserId(HttpServletRequest request) throws PortalAPIException {
- logger.debug("getuserId");
- return authManager.validateEcompSso(request);
- }
-
- @Override
- public void pushUser(EcompUser user) throws PortalAPIException {
- logger.debug("pushUser: {}", user);
- userManager.createUser(user);
- }
-
- @Override
- public void editUser(String loginId, EcompUser user) throws PortalAPIException {
- logger.debug("editUser: {}", user);
- userManager.updateUser(loginId, user);
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.portalapi;
-
-import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
-import org.onap.portalsdk.core.onboarding.util.CipherUtil;
-
-public class PortalSdkDecryptorAes implements IPortalSdkDecryptor {
-
- @Override
- @SuppressWarnings("squid:CallToDeprecatedMethod")
- public String decrypt(String cipherText) throws CipherUtilException {
- return CipherUtil.decrypt(cipherText);
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.portalapi;
-
-import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
-import org.onap.portalsdk.core.onboarding.util.CipherUtil;
-
-public class PortalSdkDecryptorPkc implements IPortalSdkDecryptor {
-
- @Override
- public String decrypt(String cipherText) throws CipherUtilException {
- return CipherUtil.decryptPKC(cipherText);
- }
-
-}
+++ /dev/null
-# ========================LICENSE_START=================================
-# O-RAN-SC
-# %%
-# Copyright (C) 2019 AT&T Intellectual Property
-# %%
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ========================LICENSE_END===================================
-
-#===========================================================================
-# ESAPI Configuration
-#
-# If true, then print all the ESAPI properties set here when they are loaded.
-# If false, they are not printed. Useful to reduce output when running JUnit tests.
-# If you need to troubleshoot a properties related problem, turning this on may help.
-# This is 'false' in the src/test/resources/.esapi version. It is 'true' by
-# default for reasons of backward compatibility with earlier ESAPI versions.
-ESAPI.printProperties=false
-
-# ESAPI is designed to be easily extensible. You can use the reference implementation
-# or implement your own providers to take advantage of your enterprise's security
-# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like:
-#
-# String ciphertext =
-# ESAPI.encryptor().encrypt("Secret message"); // Deprecated in 2.0
-# CipherText cipherText =
-# ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred
-#
-# Below you can specify the classname for the provider that you wish to use in your
-# application. The only requirement is that it implement the appropriate ESAPI interface.
-# This allows you to switch security implementations in the future without rewriting the
-# entire application.
-#
-# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory
-ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController
-# FileBasedAuthenticator requires users.txt file in .esapi directory
-ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator
-ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder
-ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor
-
-ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor
-ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities
-ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector
-#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory
-ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer
-ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator
-
-#===========================================================================
-# ESAPI Authenticator
-#
-Authenticator.AllowedLoginAttempts=3
-#Authenticator.MaxOldPasswordHashes=13
-Authenticator.UsernameParameterName=username
-#Authenticator.PasswordParameterName=password
-# RememberTokenDuration (in days)
-Authenticator.RememberTokenDuration=14
-# Session Timeouts (in minutes)
-Authenticator.IdleTimeoutDuration=20
-Authenticator.AbsoluteTimeoutDuration=120
-
-#===========================================================================
-# ESAPI Encoder
-#
-# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks.
-# Failure to canonicalize input is a very common mistake when implementing validation schemes.
-# Canonicalization is automatic when using the ESAPI Validator, but you can also use the
-# following code to canonicalize data.
-#
-# ESAPI.Encoder().canonicalize( "%22hello world"" );
-#
-# Multiple encoding is when a single encoding format is applied multiple times. Allowing
-# multiple encoding is strongly discouraged.
-Encoder.AllowMultipleEncoding=false
-
-# Mixed encoding is when multiple different encoding formats are applied, or when
-# multiple formats are nested. Allowing multiple encoding is strongly discouraged.
-Encoder.AllowMixedEncoding=false
-
-# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs
-# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or
-# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important.
-Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec
-
-
-#===========================================================================
-# ESAPI Encryption
-#
-# The ESAPI Encryptor provides basic cryptographic functions with a simplified API.
-# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-# There is not currently any support for key rotation, so be careful when changing your key and salt as it
-# will invalidate all signed, encrypted, and hashed data.
-#
-# WARNING: Not all combinations of algorithms and key lengths are supported.
-# If you choose to use a key length greater than 128, you MUST download the
-# unlimited strength policy files and install in the lib directory of your JRE/JDK.
-# See http://java.sun.com/javase/downloads/index.jsp for more information.
-#
-# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API
-# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever
-# possible, these methods should be avoided as they use ECB cipher mode, which in almost
-# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default
-# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0. In general, you
-# should only use this compatibility setting if you have persistent data encrypted with
-# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL
-# you have decrypted all of your old encrypted data and then re-encrypted it with
-# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode
-# with the new 2.0 methods, make sure that you use the same cipher algorithm for both
-# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for
-# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods
-# where you can specify a SecretKey. (Note that if you are using the 256-bit AES,
-# that requires downloading the special jurisdiction policy files mentioned above.)
-#
-# ***** IMPORTANT: Do NOT forget to replace these with your own values! *****
-# To calculate these values, you can run:
-# java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor
-#
-Encryptor.MasterKey=tzfztf56ftv
-Encryptor.MasterSalt=123456ztrewq
-
-# Provides the default JCE provider that ESAPI will "prefer" for its symmetric
-# encryption and hashing. (That is it will look to this provider first, but it
-# will defer to other providers if the requested algorithm is not implemented
-# by this provider.) If left unset, ESAPI will just use your Java VM's current
-# preferred JCE provider, which is generally set in the file
-# "$JAVA_HOME/jre/lib/security/java.security".
-#
-# The main intent of this is to allow ESAPI symmetric encryption to be
-# used with a FIPS 140-2 compliant crypto-module. For details, see the section
-# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in
-# the ESAPI 2.0 Symmetric Encryption User Guide, at:
-# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html
-# However, this property also allows you to easily use an alternate JCE provider
-# such as "Bouncy Castle" without having to make changes to "java.security".
-# See Javadoc for SecurityProviderLoader for further details. If you wish to use
-# a provider that is not known to SecurityProviderLoader, you may specify the
-# fully-qualified class name of the JCE provider class that implements
-# java.security.Provider. If the name contains a '.', this is interpreted as
-# a fully-qualified class name that implements java.security.Provider.
-#
-# NOTE: Setting this property has the side-effect of changing it in your application
-# as well, so if you are using JCE in your application directly rather than
-# through ESAPI (you wouldn't do that, would you? ;-), it will change the
-# preferred JCE provider there as well.
-#
-# Default: Keeps the JCE provider set to whatever JVM sets it to.
-Encryptor.PreferredJCEProvider=
-
-# AES is the most widely used and strongest encryption algorithm. This
-# should agree with your Encryptor.CipherTransformation property.
-# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is
-# very weak. It is essentially a password-based encryption key, hashed
-# with MD5 around 1K times and then encrypted with the weak DES algorithm
-# (56-bits) using ECB mode and an unspecified padding (it is
-# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses
-# "AES/CBC/PKCSPadding". If you want to change these, change them here.
-# Warning: This property does not control the default reference implementation for
-# ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped
-# in the future.
-# @deprecated
-Encryptor.EncryptionAlgorithm=AES
-# For ESAPI Java 2.0 - New encrypt / decrypt methods use this.
-Encryptor.CipherTransformation=AES/CBC/PKCS5Padding
-
-# Applies to ESAPI 2.0 and later only!
-# Comma-separated list of cipher modes that provide *BOTH*
-# confidentiality *AND* message authenticity. (NIST refers to such cipher
-# modes as "combined modes" so that's what we shall call them.) If any of these
-# cipher modes are used then no MAC is calculated and stored
-# in the CipherText upon encryption. Likewise, if one of these
-# cipher modes is used with decryption, no attempt will be made
-# to validate the MAC contained in the CipherText object regardless
-# of whether it contains one or not. Since the expectation is that
-# these cipher modes support support message authenticity already,
-# injecting a MAC in the CipherText object would be at best redundant.
-#
-# Note that as of JDK 1.5, the SunJCE provider does not support *any*
-# of these cipher modes. Of these listed, only GCM and CCM are currently
-# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports
-# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other
-# padding modes.
-Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC
-
-# Applies to ESAPI 2.0 and later only!
-# Additional cipher modes allowed for ESAPI 2.0 encryption. These
-# cipher modes are in _addition_ to those specified by the property
-# 'Encryptor.cipher_modes.combined_modes'.
-# Note: We will add support for streaming modes like CFB & OFB once
-# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod'
-# (probably in ESAPI 2.1).
-# DISCUSS: Better name?
-Encryptor.cipher_modes.additional_allowed=CBC
-
-# 128-bit is almost always sufficient and appears to be more resistant to
-# related key attacks than is 256-bit AES. Use '_' to use default key size
-# for cipher algorithms (where it makes sense because the algorithm supports
-# a variable key size). Key length must agree to what's provided as the
-# cipher transformation, otherwise this will be ignored after logging a
-# warning.
-#
-# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing!
-Encryptor.EncryptionKeyLength=128
-
-# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV).
-# (All cipher modes except ECB require an IV.) There are two choices: we can either
-# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While
-# the IV does not need to be hidden from adversaries, it is important that the
-# adversary not be allowed to choose it. Also, random IVs are generally much more
-# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes
-# such as CFB and OFB use a different IV for each encryption with a given key so
-# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random
-# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and
-# uncomment the Encryptor.fixedIV.
-#
-# Valid values: random|fixed|specified 'specified' not yet implemented; planned for 2.1
-Encryptor.ChooseIVMethod=random
-# If you choose to use a fixed IV, then you must place a fixed IV here that
-# is known to all others who are sharing your secret key. The format should
-# be a hex string that is the same length as the cipher block size for the
-# cipher algorithm that you are using. The following is an *example* for AES
-# from an AES test vector for AES-128/CBC as described in:
-# NIST Special Publication 800-38A (2001 Edition)
-# "Recommendation for Block Cipher Modes of Operation".
-# (Note that the block size for AES is 16 bytes == 128 bits.)
-#
-Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f
-
-# Whether or not CipherText should use a message authentication code (MAC) with it.
-# This prevents an adversary from altering the IV as well as allowing a more
-# fool-proof way of determining the decryption failed because of an incorrect
-# key being supplied. This refers to the "separate" MAC calculated and stored
-# in CipherText, not part of any MAC that is calculated as a result of a
-# "combined mode" cipher mode.
-#
-# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also
-# set this property to false.
-Encryptor.CipherText.useMAC=true
-
-# Whether or not the PlainText object may be overwritten and then marked
-# eligible for garbage collection. If not set, this is still treated as 'true'.
-Encryptor.PlainText.overwrite=true
-
-# Do not use DES except in a legacy situations. 56-bit is way too small key size.
-#Encryptor.EncryptionKeyLength=56
-#Encryptor.EncryptionAlgorithm=DES
-
-# TripleDES is considered strong enough for most purposes.
-# Note: There is also a 112-bit version of DESede. Using the 168-bit version
-# requires downloading the special jurisdiction policy from Sun.
-#Encryptor.EncryptionKeyLength=168
-#Encryptor.EncryptionAlgorithm=DESede
-
-Encryptor.HashAlgorithm=SHA-512
-Encryptor.HashIterations=1024
-Encryptor.DigitalSignatureAlgorithm=SHA1withDSA
-Encryptor.DigitalSignatureKeyLength=1024
-Encryptor.RandomAlgorithm=SHA1PRNG
-Encryptor.CharacterEncoding=UTF-8
-
-# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function
-# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and
-# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for
-# the MAC, mostly to keep the overall size at a minimum.)
-#
-# Currently supported choices for JDK 1.5 and 1.6 are:
-# HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and
-# HmacSHA512 (512 bits).
-# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though
-# the JDKs support it. See the ESAPI 2.0 Symmetric Encryption User Guide
-# further details.
-Encryptor.KDF.PRF=HmacSHA256
-#===========================================================================
-# ESAPI Logging
-# Set the application name if these logs are combined with other applications
-Logger.ApplicationName=portal_nonrtric_controlpanel
-# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true
-Logger.LogEncodingRequired=false
-# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments.
-Logger.LogApplicationName=true
-# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments.
-Logger.LogServerIP=true
-# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you
-# want to place it in a specific directory.
-Logger.LogFileName=portal_nonrtric_controlpanel_esapi_log
-# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000)
-Logger.MaxLogFileSize=10000000
-
-
-#===========================================================================
-# ESAPI Intrusion Detection
-#
-# Each event has a base to which .count, .interval, and .action are added
-# The IntrusionException will fire if we receive "count" events within "interval" seconds
-# The IntrusionDetector is configurable to take the following actions: log, logout, and disable
-# (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable
-#
-# Custom Events
-# Names must start with "event." as the base
-# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here
-# You can also disable intrusion detection completely by changing
-# the following parameter to true
-#
-IntrusionDetector.Disable=false
-#
-IntrusionDetector.event.test.count=2
-IntrusionDetector.event.test.interval=10
-IntrusionDetector.event.test.actions=disable,log
-
-# Exception Events
-# All EnterpriseSecurityExceptions are registered automatically
-# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException
-# Use the fully qualified classname of the exception as the base
-
-# any intrusion is an attack
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1
-IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout
-
-# for test purposes
-# CHECKME: Shouldn't there be something in the property name itself that designates
-# that these are for testing???
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5
-IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout
-
-# rapid validation errors indicate scans or attacks in progress
-# org.owasp.esapi.errors.ValidationException.count=10
-# org.owasp.esapi.errors.ValidationException.interval=10
-# org.owasp.esapi.errors.ValidationException.actions=log,logout
-
-# sessions jumping between hosts indicates session hijacking
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10
-IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout
-
-
-#===========================================================================
-# ESAPI Validation
-#
-# The ESAPI Validator works on regular expressions with defined names. You can define names
-# either here, or you may define application specific patterns in a separate file defined below.
-# This allows enterprises to specify both organizational standards as well as application specific
-# validation rules.
-#
-Validator.ConfigurationFile=validation.properties
-Validator.ConfigurationFile.MultiValued=false
-
-# Validators used by ESAPI
-Validator.AccountName=^[a-zA-Z0-9]{3,20}$
-Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$
-Validator.RoleName=^[a-z]{1,20}$
-
-#the word TEST below should be changed to your application
-#name - only relative URL's are supported
-Validator.Redirect=^\\/test.*$
-
-# Global HTTP Validation Rules
-# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=]
-Validator.HTTPScheme=^(http|https)$
-Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$
-Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$
-Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$
-Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$
-Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$
-Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$
-Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$
-Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$
-Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$
-Validator.HTTPURL=^.*$
-Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$
-
-# Validation of file related input
-Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
-Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$
server.ssl.key-password = ericsson_kwdjfhw
server.http.port = 8080
-
-
-# path to file that stores user details;
-# use a persistent volume in a K8S deployment
-userfile = users.json
-
-# boolean flag whether to enforce Portal user and roles on requests
-portalapi.security = false
-# class that decrypts ciphertext from Portal
-portalapi.decryptor = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalSdkDecryptorAes
-# name of request cookie with user ID
-portalapi.usercookie = UserId
-
-# portal credentials must be supplied at deployment time
-portalapi.appname = Non-RT RIC Control Panel
-portalapi.username =
-portalapi.password =
-
# endpoint URLs must be supplied at deployment time
# NOTE: change policycontroller.url.prefix to http://localhost:8081 when running
# controlpanel locally (i.e., not inside the docker container)
# Mimic slow endpoints by defining sleep period, in milliseconds
mock.config.delay = 0
-
-# Kibana report on metrics
-metrics.url.ac = http://jar-app-props-kibana-url-ac
-metrics.url.mc = http://jar-app-props-kibana-url-mc
+++ /dev/null
-# ========================LICENSE_START=================================
-# O-RAN-SC
-# %%
-# Copyright (C) 2019 AT&T Intellectual Property
-# %%
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ========================LICENSE_END===================================
-
-# Template for the file that provides properties for the EPSDK-FW library.
-# This file must be present on the Java classpath.
-
-# The following properties are the same in every deployment
-
-portal.api.impl.class = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalRestCentralServiceImpl
-role_access_centralized = remote
-
-# The following properties are DIFFERENT in every deployment
-
-# URL of portal login screen
-ecomp_redirect_url = http://localhost/portal
-# URL of portal API
-ecomp_rest_url = http://localhost/portal
-# Value assigned by portal instance
-ueb_app_key = abcdef1234567890
+++ /dev/null
-# ========================LICENSE_START=================================
-# O-RAN-SC
-# %%
-# Copyright (C) 2019 AT&T Intellectual Property
-# %%
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ========================LICENSE_END===================================
-
-# empty file to suppress OWASP complaints emitted to stdout
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel;
-
-import java.lang.invoke.MethodHandles;
-import java.util.HashSet;
-import java.util.Set;
-
-import org.junit.Assert;
-import org.junit.jupiter.api.Test;
-import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
-import org.onap.portalsdk.core.restful.domain.EcompRole;
-import org.onap.portalsdk.core.restful.domain.EcompUser;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-class ControlPanelUserManagerTest {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- public static EcompUser createEcompUser(String loginId) {
- EcompUser user = new EcompUser();
- user.setActive(true);
- user.setLoginId(loginId);
- user.setFirstName("First");
- user.setLastName("Last");
- EcompRole role = new EcompRole();
- role.setId(1L);
- role.setName(ControlPanelConstants.ROLE_NAME_ADMIN);
- Set<EcompRole> roles = new HashSet<>();
- roles.add(role);
- user.setRoles(roles);
- return user;
- }
-
- @Test
- void testUserMgr() throws Exception {
- final String loginId = "demo";
- ControlPanelUserManager dum = new ControlPanelUserManager(true);
- EcompUser user = createEcompUser(loginId);
- dum.createUser(user);
- logger.info("Created user {}", user);
- try {
- dum.createUser(user);
- throw new Exception("Unexpected success");
- } catch (PortalAPIException ex) {
- logger.info("caught expected exception: {}", ex.toString());
- }
- Assert.assertFalse(dum.getUsers().isEmpty());
- EcompUser fetched = dum.getUser(loginId);
- Assert.assertEquals(fetched, user);
- fetched.setLastName("Lastier");
- dum.updateUser(loginId, fetched);
- EcompUser missing = dum.getUser("foo");
- Assert.assertNull(missing);
- EcompUser unk = createEcompUser("unknown");
- try {
- dum.updateUser("unk", unk);
- } catch (PortalAPIException ex) {
- logger.info("caught expected exception: {}", ex.toString());
- }
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.mock;
-
-import static org.mockito.ArgumentMatchers.any;
-import static org.mockito.Mockito.doAnswer;
-import static org.mockito.Mockito.mock;
-
-import java.lang.invoke.MethodHandles;
-import java.util.HashMap;
-import java.util.Map;
-
-import javax.servlet.http.HttpServletRequest;
-
-import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy;
-import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.oransc.portal.nonrtric.controlpanel.portalapi.PortalAuthManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.boot.web.servlet.ServletRegistrationBean;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-
-@Configuration
-@Profile("test")
-public class PortalApIMockConfiguration {
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- // Unfortunately EPSDK-FW does not define these as constants
- public static final String PORTAL_USERNAME_HEADER_KEY = "username";
- public static final String PORTAL_PASSWORD_HEADER_KEY = "password";
-
- @Bean
- public ServletRegistrationBean<PortalRestAPIProxy> portalApiProxyServlet() {
- PortalRestAPIProxy servlet = new PortalRestAPIProxy();
- final ServletRegistrationBean<PortalRestAPIProxy> servletBean =
- new ServletRegistrationBean<>(servlet, PortalApiConstants.API_PREFIX + "/*");
- servletBean.setName("PortalRestApiProxyServlet");
- return servletBean;
- }
-
- @Bean
- public PortalAuthManager portalAuthManager() throws Exception {
- PortalAuthManager mockManager = mock(PortalAuthManager.class);
- final Map<String, String> credentialsMap = new HashMap<>();
- credentialsMap.put("appName", "appName");
- credentialsMap.put(PORTAL_USERNAME_HEADER_KEY, PORTAL_USERNAME_HEADER_KEY);
- credentialsMap.put(PORTAL_PASSWORD_HEADER_KEY, PORTAL_PASSWORD_HEADER_KEY);
- doAnswer(inv -> {
- logger.debug("getAppCredentials");
- return credentialsMap;
- }).when(mockManager).getAppCredentials();
- doAnswer(inv -> {
- logger.debug("getUserId");
- return "userId";
- }).when(mockManager).validateEcompSso(any(HttpServletRequest.class));
- doAnswer(inv -> {
- logger.debug("getAppCredentials");
- return credentialsMap;
- }).when(mockManager).getAppCredentials();
- return mockManager;
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.mock;
-
-import java.lang.invoke.MethodHandles;
-
-import org.oransc.portal.nonrtric.controlpanel.ControlPanelConstants;
-import org.oransc.portal.nonrtric.controlpanel.config.WebSecurityConfiguration;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.builders.WebSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.factory.PasswordEncoderFactories;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-@Configuration
-@EnableWebSecurity
-@EnableGlobalMethodSecurity(securedEnabled = true)
-@Profile("test")
-public class WebSecurityMockConfiguration extends WebSecurityConfigurerAdapter {
-
- public static final String TEST_CRED_ADMIN = "admin";
- public static final String TEST_CRED_STANDARD = "standard";
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- public WebSecurityMockConfiguration(@Value("${userfile}") final String userFilePath) {
- logger.debug("ctor: user file path {}", userFilePath);
- }
-
- @Override
- protected void configure(AuthenticationManagerBuilder auth) throws Exception {
- PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
- auth.inMemoryAuthentication() //
- .passwordEncoder(encoder) //
- // The admin user has the admin AND standard roles
- .withUser(TEST_CRED_ADMIN) //
- .password(encoder.encode(TEST_CRED_ADMIN))
- .roles(ControlPanelConstants.ROLE_NAME_ADMIN, ControlPanelConstants.ROLE_NAME_STANDARD)//
- .and()//
- // The standard user has only the standard role
- .withUser(TEST_CRED_STANDARD) //
- .password(encoder.encode(TEST_CRED_STANDARD)) //
- .roles(ControlPanelConstants.ROLE_NAME_STANDARD);
- }
-
- @Override
- protected void configure(HttpSecurity http) throws Exception {
- http.authorizeRequests().anyRequest().authenticated()//
- .and().httpBasic() //
- .and().csrf().disable();
- }
-
- @Override
- public void configure(WebSecurity web) throws Exception {
- // This disables Spring security, but not the app's filter.
- web.ignoring().antMatchers(WebSecurityConfiguration.OPEN_PATHS);
- web.ignoring().antMatchers("/", "/csrf"); // allow swagger-ui to load
- }
-
-}
+++ /dev/null
-/*-
- * ========================LICENSE_START=================================
- * O-RAN-SC
- * %%
- * Copyright (C) 2019 AT&T Intellectual Property
- * Modifications Copyright (C) 2020 Nordix Foundation
- * %%
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ========================LICENSE_END===================================
- */
-package org.oransc.portal.nonrtric.controlpanel.portalapi;
-
-import java.io.IOException;
-import java.lang.invoke.MethodHandles;
-import java.lang.reflect.InvocationTargetException;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-
-import org.junit.Assert;
-import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.extension.ExtendWith;
-import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
-import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.test.context.junit.jupiter.SpringExtension;
-
-@ExtendWith(SpringExtension.class)
-@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
-class PortalAuthManagerTest {
-
- @Value("${portalapi.decryptor}")
- private String decryptor;
-
- private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
-
- @Test
- void testPortalStuff() throws ClassNotFoundException, InstantiationException, IllegalAccessException,
- InvocationTargetException, NoSuchMethodException, IOException, ServletException {
-
- PortalAuthManager m = new PortalAuthManager("app", "user", "secret", decryptor, "cookie");
- Assert.assertNotNull(m.getAppCredentials());
- String s = null;
-
- MockHttpServletRequest request = new MockHttpServletRequest();
- s = m.validateEcompSso(request);
- logger.debug("validateEcompSso answers {}", s);
- Assert.assertNull(s);
-
- Cookie cookie = new Cookie(PortalApiConstants.EP_SERVICE, "bogus");
- request.setCookies(cookie);
- s = m.validateEcompSso(request);
- logger.debug("validateEcompSso answers {}", s);
- Assert.assertNull(s);
-
- ControlPanelUserManager dum = new ControlPanelUserManager(true);
- PortalAuthenticationFilter filter = new PortalAuthenticationFilter(false, m, dum);
- filter.init(null);
- filter.destroy();
- MockHttpServletResponse response = new MockHttpServletResponse();
- try {
- filter.doFilter(request, response, null);
- } catch (NullPointerException ex) {
- logger.debug("chain is null");
- }
-
- filter = new PortalAuthenticationFilter(true, m, dum);
- try {
- filter.doFilter(request, response, null);
- } catch (NullPointerException ex) {
- logger.debug("chain is null");
- }
- }
-
-}
+++ /dev/null
-# ========================LICENSE_START=================================
-# O-RAN-SC
-# %%
-# Copyright (C) 2019 AT&T Intellectual Property
-# %%
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ========================LICENSE_END===================================
-
-# Test properties for the EPSDK-FW library.
-# This file must be present on the Java classpath.
-
-cipher.enc.key = bogus
+++ /dev/null
-# ========================LICENSE_START=================================
-# O-RAN-SC
-# %%
-# Copyright (C) 2019 AT&T Intellectual Property
-# %%
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# ========================LICENSE_END===================================
-
-# Test properties for the EPSDK-FW library.
-# This file must be present on the Java classpath.
-
-portal.api.impl.class = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalRestCentralServiceImpl
-role_access_centralized = remote
-ecomp_redirect_url = https://www.wikipedia.org
-ecomp_rest_url = http://localhost/portal
-ueb_app_key = abcdef1234567890