From 56ff26b25a114f55b66e47d8f2430d8fb8e3cda3 Mon Sep 17 00:00:00 2001 From: "Lott, Christopher (cl778h)" Date: Mon, 23 Sep 2019 11:30:35 -0400 Subject: [PATCH] Add configuration option for Portal security Create version 1.2.2 Change-Id: Ia3ab2a26f64473c035c20db858140f30d79c09d5 Signed-off-by: Lott, Christopher (cl778h) --- a1-med-client/pom.xml | 2 +- anr-xapp-client/pom.xml | 2 +- app-mgr-client/pom.xml | 2 +- docs/release-notes.rst | 6 +-- e2-mgr-client/pom.xml | 2 +- pom.xml | 2 +- webapp-backend/pom.xml | 4 +- .../ric/portal/dashboard/DashboardApplication.java | 14 +----- .../dashboard/config/WebSecurityConfiguration.java | 10 +++-- .../portalapi/PortalAuthenticationFilter.java | 50 ++++++++++++++++++---- .../src/main/resources/application.properties | 2 + webapp-frontend/pom.xml | 2 +- 12 files changed, 60 insertions(+), 38 deletions(-) diff --git a/a1-med-client/pom.xml b/a1-med-client/pom.xml index 5615ed4c..d1dbf5c8 100644 --- a/a1-med-client/pom.xml +++ b/a1-med-client/pom.xml @@ -25,7 +25,7 @@ limitations under the License. org.o-ran-sc.portal.ric-dashboard ric-dash-parent - 1.2.1-SNAPSHOT + 1.2.2-SNAPSHOT org.o-ran-sc.ric.plt.a1med.client diff --git a/anr-xapp-client/pom.xml b/anr-xapp-client/pom.xml index 137985aa..05cddf9a 100644 --- a/anr-xapp-client/pom.xml +++ b/anr-xapp-client/pom.xml @@ -25,7 +25,7 @@ limitations under the License. org.o-ran-sc.portal.ric-dashboard ric-dash-parent - 1.2.1-SNAPSHOT + 1.2.2-SNAPSHOT org.o-ran-sc.ric.xapp.anr.client diff --git a/app-mgr-client/pom.xml b/app-mgr-client/pom.xml index 4efb783b..d27f10c9 100644 --- a/app-mgr-client/pom.xml +++ b/app-mgr-client/pom.xml @@ -25,7 +25,7 @@ limitations under the License. org.o-ran-sc.portal.ric-dashboard ric-dash-parent - 1.2.1-SNAPSHOT + 1.2.2-SNAPSHOT org.o-ran-sc.ric.plt.appmgr.client diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 9d6442be..b574db31 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -19,9 +19,9 @@ RIC Dashboard Release Notes =========================== -Version 1.2.?, ? 2019 -------------------------- -* Add EPSDK-FW user management and Portal security +Version 1.2.2, 23 Sep 2019 +-------------------------- +* Supoprt Portal security using EPSDK-FW cookie and user management Version 1.2.1, 20 Sep 2019 -------------------------- diff --git a/e2-mgr-client/pom.xml b/e2-mgr-client/pom.xml index 90826747..723b4ab3 100644 --- a/e2-mgr-client/pom.xml +++ b/e2-mgr-client/pom.xml @@ -25,7 +25,7 @@ limitations under the License. org.o-ran-sc.portal.ric-dashboard ric-dash-parent - 1.2.1-SNAPSHOT + 1.2.2-SNAPSHOT org.o-ran-sc.ric.plt.e2mgr.client diff --git a/pom.xml b/pom.xml index 61f3f950..4109bdc6 100644 --- a/pom.xml +++ b/pom.xml @@ -33,7 +33,7 @@ limitations under the License. ric-dash-parent RIC Dashboard project pom - 1.2.1-SNAPSHOT + 1.2.2-SNAPSHOT 11 diff --git a/webapp-backend/pom.xml b/webapp-backend/pom.xml index 49237943..e008f8bb 100644 --- a/webapp-backend/pom.xml +++ b/webapp-backend/pom.xml @@ -25,7 +25,7 @@ limitations under the License. org.o-ran-sc.portal.ric-dashboard ric-dash-parent - 1.2.1-SNAPSHOT + 1.2.2-SNAPSHOT ric-dash-be RIC Dashboard Webapp backend @@ -292,8 +292,6 @@ limitations under the License. artifact - - mkdir /logs chmod -R 777 /logs diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardApplication.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardApplication.java index 4819e345..fb09ee7d 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardApplication.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/DashboardApplication.java @@ -20,7 +20,6 @@ package org.oransc.ric.portal.dashboard; import java.io.IOException; -import java.io.InputStream; import java.lang.invoke.MethodHandles; import org.slf4j.Logger; @@ -36,20 +35,9 @@ public class DashboardApplication { private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - // Unfortunately these names are not available as constants - private static final String[] propertyFiles = { "ESAPI.properties", "key.properties", "portal.properties", - "validation.properties" }; - public static void main(String[] args) throws IOException { SpringApplication.run(DashboardApplication.class, args); - for (String pf : propertyFiles) { - InputStream in = MethodHandles.lookup().lookupClass().getClassLoader().getResourceAsStream(pf); - if (in == null) - logger.warn("Failed to find property file on classpath: {}", pf); - else - in.close(); - } - // Force this onto the console by using level WARN + // Ensure this appears on the console by using level WARN logger.warn("main: version '{}' successful start", getImplementationVersion(MethodHandles.lookup().lookupClass())); } diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java index 4e1ddb41..686b9cb1 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/config/WebSecurityConfiguration.java @@ -61,8 +61,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { // Although constructor arguments are recommended over field injection, // this results in fewer lines of code. - @Value("${userfile}") - private String userFilePath; + @Value("${portalapi.security}") + private Boolean portalapiSecurity; @Value("${portalapi.appname}") private String appName; @Value("${portalapi.username}") @@ -73,6 +73,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { private String decryptor; @Value("${portalapi.usercookie}") private String userCookie; + @Value("${userfile}") + private String userFilePath; protected void configure(HttpSecurity http) throws Exception { logger.debug("configure: portalapi.username {}", userName); @@ -138,8 +140,8 @@ public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { public PortalAuthenticationFilter portalAuthenticationFilterBean() throws ClassNotFoundException, InstantiationException, IllegalAccessException, IOException, IllegalArgumentException, InvocationTargetException, NoSuchMethodException, SecurityException { - PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalAuthManagerBean(), - dashboardUserManagerBean()); + PortalAuthenticationFilter portalAuthenticationFilter = new PortalAuthenticationFilter(portalapiSecurity, + portalAuthManagerBean(), dashboardUserManagerBean()); return portalAuthenticationFilter; } diff --git a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java index d69d816a..18668f3f 100644 --- a/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java +++ b/webapp-backend/src/main/java/org/oransc/ric/portal/dashboard/portalapi/PortalAuthenticationFilter.java @@ -20,6 +20,7 @@ package org.oransc.ric.portal.dashboard.portalapi; import java.io.IOException; +import java.io.InputStream; import java.io.UnsupportedEncodingException; import java.lang.invoke.MethodHandles; import java.net.URLEncoder; @@ -76,15 +77,39 @@ public class PortalAuthenticationFilter implements Filter { private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); + // Unfortunately these names are not available as constants + private static final String[] securityPropertyFiles = { "ESAPI.properties", "key.properties", "portal.properties", + "validation.properties" }; + public static final String REDIRECT_URL_KEY = "redirectUrl"; + private final boolean enforcePortalSecurity; private final PortalAuthManager authManager; private final DashboardUserManager userManager; - public PortalAuthenticationFilter(PortalAuthManager authManager, DashboardUserManager userManager) { + public PortalAuthenticationFilter(boolean portalSecurity, PortalAuthManager authManager, + DashboardUserManager userManager) { + this.enforcePortalSecurity = portalSecurity; this.authManager = authManager; this.userManager = userManager; + if (portalSecurity) { + // Throw if security is requested and prerequisites are not met + for (String pf : securityPropertyFiles) { + InputStream in = MethodHandles.lookup().lookupClass().getClassLoader().getResourceAsStream(pf); + if (in == null) { + String msg = "Failed to find property file on classpath: " + pf; + logger.error(msg); + throw new RuntimeException(msg); + } else { + try { + in.close(); + } catch (IOException ex) { + logger.warn("Failed to close stream", ex); + } + } + } + } } @Override @@ -102,13 +127,23 @@ public class PortalAuthenticationFilter implements Filter { // No resources to release } + /** + * Requests for pages ignored in the web security config do not hit this filter. + */ + @Override + public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + throws IOException, ServletException { + if (enforcePortalSecurity) + doFilterEPSDKFW(req, res, chain); + else + doFilterMockUserAdminRole(req, res, chain); + } + /* * Populates security context with a mock user in the admin role. * - * TODO: AUTH */ - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) + private void doFilterMockUserAdminRole(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { Authentication auth = SecurityContextHolder.getContext().getAuthentication(); if (auth == null || auth.getAuthorities().isEmpty()) { @@ -134,12 +169,9 @@ public class PortalAuthenticationFilter implements Filter { /* * Checks for valid cookies and allows request to be served if found; redirects - * to Portal otherwise. Requests for pages ignored in the web security config do - * not hit this filter. - * - * TODO: AUTH + * to Portal otherwise. */ - public void doFilter_EPSDKFW(ServletRequest req, ServletResponse res, FilterChain chain) + private void doFilterEPSDKFW(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { logger.debug("doFilter {}", req); HttpServletRequest request = (HttpServletRequest) req; diff --git a/webapp-backend/src/main/resources/application.properties b/webapp-backend/src/main/resources/application.properties index 4c33d34f..45eb6695 100644 --- a/webapp-backend/src/main/resources/application.properties +++ b/webapp-backend/src/main/resources/application.properties @@ -28,6 +28,8 @@ server.port = 8080 # use a persistent volume in a K8S deployment userfile = users.json +# boolean flag whether to enforce Portal user and roles on requests +portalapi.security = false # class that decrypts ciphertext from Portal portalapi.decryptor = org.oransc.ric.portal.dashboard.portalapi.PortalSdkDecryptorAes # name of request cookie with user ID diff --git a/webapp-frontend/pom.xml b/webapp-frontend/pom.xml index 7077e947..8080a0f3 100644 --- a/webapp-frontend/pom.xml +++ b/webapp-frontend/pom.xml @@ -25,7 +25,7 @@ limitations under the License. org.o-ran-sc.portal.ric-dashboard ric-dash-parent - 1.2.1-SNAPSHOT + 1.2.2-SNAPSHOT ric-dash-fe RIC Dashboard Webapp frontend -- 2.16.6