From f11a883a0b7d0dff421e5a79bc9f2378b76d3318 Mon Sep 17 00:00:00 2001 From: elinuxhenrik Date: Thu, 26 Nov 2020 10:06:54 +0100 Subject: [PATCH] Remove user authentication Change-Id: Ibd23d3453f7b5441f62469e2667edc5a5731969e Issue-ID: NONRTRIC-339 Signed-off-by: elinuxhenrik Add getJobs --- webapp-backend/config/.gitignore | 2 - webapp-backend/config/key.properties.template | 21 -- webapp-backend/config/portal.properties.template | 34 -- webapp-backend/pom.xml | 50 --- .../controlpanel/ControlPanelConstants.java | 15 - .../controlpanel/ControlPanelUserManager.java | 183 ---------- .../controlpanel/config/AdminConfiguration.java | 59 ---- .../config/PortalApiConfiguration.java | 58 ---- .../config/WebSecurityConfiguration.java | 124 ------- .../controller/EnrichmentController.java | 9 - .../controlpanel/controller/PolicyController.java | 8 - .../controlpanel/model/EcompUserDetails.java | 93 ----- .../portalapi/IPortalSdkDecryptor.java | 42 --- .../controlpanel/portalapi/PortalAuthManager.java | 120 ------- .../portalapi/PortalAuthenticationFilter.java | 281 --------------- .../portalapi/PortalRestCentralServiceImpl.java | 93 ----- .../portalapi/PortalSdkDecryptorAes.java | 34 -- .../portalapi/PortalSdkDecryptorPkc.java | 33 -- webapp-backend/src/main/resources/ESAPI.properties | 385 --------------------- .../src/main/resources/application.properties | 22 -- .../src/main/resources/portal.properties | 34 -- .../src/main/resources/validation.properties | 19 - .../controlpanel/ControlPanelUserManagerTest.java | 82 ----- .../mock/PortalApIMockConfiguration.java | 84 ----- .../mock/WebSecurityMockConfiguration.java | 86 ----- .../portalapi/PortalAuthManagerTest.java | 91 ----- webapp-backend/src/test/resources/key.properties | 22 -- .../src/test/resources/portal.properties | 26 -- 28 files changed, 2110 deletions(-) delete mode 100644 webapp-backend/config/.gitignore delete mode 100644 webapp-backend/config/key.properties.template delete mode 100644 webapp-backend/config/portal.properties.template delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManager.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/AdminConfiguration.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/PortalApiConfiguration.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/WebSecurityConfiguration.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/model/EcompUserDetails.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/IPortalSdkDecryptor.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManager.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthenticationFilter.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalRestCentralServiceImpl.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorAes.java delete mode 100644 webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorPkc.java delete mode 100644 webapp-backend/src/main/resources/ESAPI.properties delete mode 100644 webapp-backend/src/main/resources/portal.properties delete mode 100644 webapp-backend/src/main/resources/validation.properties delete mode 100644 webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManagerTest.java delete mode 100644 webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/PortalApIMockConfiguration.java delete mode 100644 webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/WebSecurityMockConfiguration.java delete mode 100644 webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManagerTest.java delete mode 100644 webapp-backend/src/test/resources/key.properties delete mode 100644 webapp-backend/src/test/resources/portal.properties diff --git a/webapp-backend/config/.gitignore b/webapp-backend/config/.gitignore deleted file mode 100644 index edd66f1..0000000 --- a/webapp-backend/config/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -/key.properties -/portal.properties diff --git a/webapp-backend/config/key.properties.template b/webapp-backend/config/key.properties.template deleted file mode 100644 index ecf8b94..0000000 --- a/webapp-backend/config/key.properties.template +++ /dev/null @@ -1,21 +0,0 @@ -# ========================LICENSE_START================================= -# O-RAN-SC -# %% -# Copyright (C) 2019 AT&T Intellectual Property -# %% -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ========================LICENSE_END=================================== - -# Template for the file that provides a secret key for the Non-RT RIC Control Panel. - -cipher.enc.key = diff --git a/webapp-backend/config/portal.properties.template b/webapp-backend/config/portal.properties.template deleted file mode 100644 index f0d6eca..0000000 --- a/webapp-backend/config/portal.properties.template +++ /dev/null @@ -1,34 +0,0 @@ -# ========================LICENSE_START================================= -# O-RAN-SC -# %% -# Copyright (C) 2019 AT&T Intellectual Property -# %% -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ========================LICENSE_END=================================== - -# Template for the file that provides properties for the EPSDK-FW library. -# This file must be present on the Java classpath. - -# The following properties are the same in every deployment - -portal.api.impl.class = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalRestCentralServiceImpl -role_access_centralized = remote - -# The following properties are DIFFERENT in every deployment - -# URL of portal login screen -ecomp_redirect_url = http://localhost/portal -# URL of portal API -ecomp_rest_url = http://localhost/portal -# Value assigned by portal instance -ueb_app_key = abcdef1234567890 diff --git a/webapp-backend/pom.xml b/webapp-backend/pom.xml index 240c9c4..4dfba6e 100644 --- a/webapp-backend/pom.xml +++ b/webapp-backend/pom.xml @@ -52,56 +52,6 @@ limitations under the License. - - - org.onap.portal.sdk - epsdk-fw - ${epsdk-fw.version} - - - commons-logging - commons-logging - - - log4j - log4j - - - log4j - apache-log4j-extras - - - org.slf4j - slf4j-log4j12 - - - junit - junit - - - commons-fileupload - commons-fileupload - - - commons-beanutils - commons-beanutils - - - - org.powermock - powermock-module-junit4 - - - - org.powermock - powermock-api-mockito - - - - - org.springframework.boot - spring-boot-starter-security - org.springframework.boot spring-boot-starter-web diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelConstants.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelConstants.java index 2e2d87e..b3766e8 100644 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelConstants.java +++ b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelConstants.java @@ -27,19 +27,4 @@ public abstract class ControlPanelConstants { } public static final String ENDPOINT_PREFIX = "/api"; - // Factor out method names used in multiple controllers - public static final String VERSION_METHOD = "version"; - public static final String APP_NAME_AC = "AC"; - public static final String APP_NAME_MC = "MC"; - // The role names are defined by ONAP Portal. - // The prefix "ROLE_" is required by Spring. - // These are used in Java code annotations that require constants. - public static final String ROLE_NAME_STANDARD = "Standard_User"; - public static final String ROLE_NAME_ADMIN = "System_Administrator"; - private static final String ROLE_PREFIX = "ROLE_"; - public static final String ROLE_ADMIN = ROLE_PREFIX + ROLE_NAME_ADMIN; - public static final String ROLE_STANDARD = ROLE_PREFIX + ROLE_NAME_STANDARD; - public static final String POLICY_CONTROLLER_USERNAME = "admin"; - public static final String POLICY_CONTROLLER_PASSWORD = "Kp8bJ4SXszM0WXlhak3eHlcse2gAw84vaoGGmJvUy2U"; - } diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManager.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManager.java deleted file mode 100644 index ba42b03..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManager.java +++ /dev/null @@ -1,183 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel; - -import com.fasterxml.jackson.core.type.TypeReference; -import com.fasterxml.jackson.databind.ObjectMapper; - -import java.io.File; -import java.io.IOException; -import java.lang.invoke.MethodHandles; -import java.nio.file.Files; -import java.util.ArrayList; -import java.util.HashSet; -import java.util.List; -import java.util.Set; - -import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; -import org.onap.portalsdk.core.restful.domain.EcompRole; -import org.onap.portalsdk.core.restful.domain.EcompUser; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Provides simple user-management services. - * - * This first implementation serializes user details to a file. - */ -public class ControlPanelUserManager { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - // This default value is only useful for development and testing. - public static final String USER_FILE_PATH = "controlpanel-users.json"; - - private final File userFile; - private final List users; - - /** - * Development/test-only constructor that uses default file path. - * - * @param clear - * If true, start empty and remove any existing file. - * - * @throws IOException - * On file error - */ - public ControlPanelUserManager(boolean clear) throws IOException { - this(USER_FILE_PATH); - if (clear) { - logger.debug("ctor: removing file {}", userFile.getAbsolutePath()); - File f = new File(ControlPanelUserManager.USER_FILE_PATH); - if (f.exists()) - Files.delete(f.toPath()); - users.clear(); - } - } - - /** - * Constructur that accepts a file path - * - * @param userFilePath - * File path - * @throws IOException - * If file cannot be read - */ - public ControlPanelUserManager(final String userFilePath) throws IOException { - logger.debug("ctor: userfile {}", userFilePath); - if (userFilePath == null) - throw new IllegalArgumentException("Missing or empty user file property"); - userFile = new File(userFilePath); - logger.debug("ctor: managing users in file {}", userFile.getAbsolutePath()); - if (userFile.exists()) { - final ObjectMapper mapper = new ObjectMapper(); - users = mapper.readValue(userFile, new TypeReference>() {}); - } else { - users = new ArrayList<>(); - } - } - - /** - * Gets the current users. - * - * @return List of EcompUser objects, possibly empty - */ - public List getUsers() { - return this.users; - } - - /** - * Gets the user with the specified login Id - * - * @param loginId - * Desired login Id - * @return User object; null if Id is not known - */ - public EcompUser getUser(String loginId) { - for (EcompUser u : this.users) { - if (u.getLoginId().equals(loginId)) { - logger.debug("getUser: match on {}", loginId); - return u; - } - } - logger.debug("getUser: no match on {}", loginId); - return null; - } - - private void saveUsers() throws IOException { - final ObjectMapper mapper = new ObjectMapper(); - mapper.writeValue(userFile, users); - } - - /* - * Allow at most one thread to create a user at one time. - */ - public synchronized void createUser(EcompUser user) throws PortalAPIException { - if (logger.isDebugEnabled()) { - logger.debug("createUser: loginId is {}", user.getLoginId()); - } - if (users.contains(user)) - throw new PortalAPIException("User exists: " + user.getLoginId()); - users.add(user); - try { - saveUsers(); - } catch (Exception ex) { - throw new PortalAPIException("Save failed", ex); - } - } - - /* - * Allow at most one thread to modify a user at one time. We still have - * last-edit-wins of course. - */ - public synchronized void updateUser(String loginId, EcompUser user) throws PortalAPIException { - logger.debug("editUser: loginId is {}", loginId); - int index = users.indexOf(user); - if (index < 0) - throw new PortalAPIException("User does not exist: " + user.getLoginId()); - users.remove(index); - users.add(user); - try { - saveUsers(); - } catch (Exception ex) { - throw new PortalAPIException("Save failed", ex); - } - } - - // Test infrastructure - public static void main(String[] args) throws Exception { - ControlPanelUserManager dum = new ControlPanelUserManager(false); - EcompUser user = new EcompUser(); - user.setActive(true); - user.setLoginId("demo"); - user.setFirstName("First"); - user.setLastName("Last"); - EcompRole role = new EcompRole(); - role.setId(1L); - role.setName(ControlPanelConstants.ROLE_NAME_ADMIN); - Set roles = new HashSet<>(); - roles.add(role); - user.setRoles(roles); - dum.createUser(user); - logger.debug("Created user {}", user); - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/AdminConfiguration.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/AdminConfiguration.java deleted file mode 100644 index 4ec8e38..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/AdminConfiguration.java +++ /dev/null @@ -1,59 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.config; - -import java.io.IOException; -import java.lang.invoke.MethodHandles; - -import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; - -/** - * Creates an instance of the user manager. - */ -@Configuration -@Profile("!test") -public class AdminConfiguration { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - // Populated by the autowired constructor - private final String userfile; - - @Autowired - public AdminConfiguration(@Value("${userfile}") final String userfile) { - logger.debug("ctor userfile '{}'", userfile); - this.userfile = userfile; - } - - @Bean - // The bean (method) name must be globally unique - public ControlPanelUserManager userManager() throws IOException { - return new ControlPanelUserManager(userfile); - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/PortalApiConfiguration.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/PortalApiConfiguration.java deleted file mode 100644 index 615d705..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/PortalApiConfiguration.java +++ /dev/null @@ -1,58 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.config; - -import java.lang.invoke.MethodHandles; - -import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy; -import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.boot.web.servlet.ServletRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; - -@Configuration -@Profile("!test") -public class PortalApiConfiguration { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - /** - * Instantiates the EPSDK-FW servlet that implements the API called by Portal. - * Needed because this app is not configured to scan the EPSDK-FW packages; - * there's also a chance that Spring-Boot does not automatically - * process @WebServlet annotations. - * - * @return Servlet registration bean for the Portal Rest API proxy servlet. - */ - @Bean - public ServletRegistrationBean portalApiProxyServletBean() { - logger.debug("portalApiProxyServletBean"); - PortalRestAPIProxy servlet = new PortalRestAPIProxy(); - final ServletRegistrationBean servletBean = - new ServletRegistrationBean<>(servlet, PortalApiConstants.API_PREFIX + "/*"); - servletBean.setName("PortalRestApiProxyServlet"); - return servletBean; - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/WebSecurityConfiguration.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/WebSecurityConfiguration.java deleted file mode 100644 index 88751b9..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/config/WebSecurityConfiguration.java +++ /dev/null @@ -1,124 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2019 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.config; - -import java.io.IOException; -import java.lang.invoke.MethodHandles; -import java.lang.reflect.InvocationTargetException; - -import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager; -import org.oransc.portal.nonrtric.controlpanel.controller.PolicyController; -import org.oransc.portal.nonrtric.controlpanel.controller.SimpleErrorController; -import org.oransc.portal.nonrtric.controlpanel.portalapi.PortalAuthManager; -import org.oransc.portal.nonrtric.controlpanel.portalapi.PortalAuthenticationFilter; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; -import org.springframework.security.web.csrf.CookieCsrfTokenRepository; - -@Configuration -@EnableWebSecurity -@EnableGlobalMethodSecurity(securedEnabled = true) -@Profile("!test") -public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - // Although constructor arguments are recommended over field injection, - // this results in fewer lines of code. - @Value("${portalapi.security}") - private Boolean portalapiSecurity; - @Value("${portalapi.appname}") - private String appName; - @Value("${portalapi.username}") - private String userName; - @Value("${portalapi.password}") - private String password; - @Value("${portalapi.decryptor}") - private String decryptor; - @Value("${portalapi.usercookie}") - private String userCookie; - - @Autowired - ControlPanelUserManager userManager; - - @Override - protected void configure(HttpSecurity http) throws Exception { - logger.debug("configure: portalapi.username {}", userName); - // A chain of ".and()" always baffles me - http.authorizeRequests().anyRequest().authenticated(); - http.headers().frameOptions().disable(); - http.csrf().csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse()); - http.addFilterBefore(portalAuthenticationFilterBean(), BasicAuthenticationFilter.class); - } - - /** - * Resource paths that do not require authentication, especially including - * Swagger-generated documentation. - */ - @SuppressWarnings("squid:S1075") // URIs should not be hardcoded - public static final String[] OPEN_PATHS = { // - "/v2/api-docs", // - "/swagger-resources/**", // - "/swagger-ui.html", // - "/webjars/**", // - PortalApiConstants.API_PREFIX + "/**", // - PolicyController.CONTROLLER_PATH + "/" + PolicyController.VERSION_METHOD, // - SimpleErrorController.ERROR_PATH}; - - @Override - public void configure(WebSecurity web) throws Exception { - // This disables Spring security, but not the app's filter. - web.ignoring().antMatchers(OPEN_PATHS); - } - - @Bean - public PortalAuthManager portalAuthManagerBean() throws ClassNotFoundException, InstantiationException, - IllegalAccessException, InvocationTargetException, NoSuchMethodException { - return new PortalAuthManager(appName, userName, password, decryptor, userCookie); - } - - /* - * If this is annotated with @Bean, it is created automatically AND REGISTERED, - * and Spring processes annotations in the source of the class. However, the - * filter is added in the chain apparently in the wrong order. Alternately, with - * no @Bean and added to the chain up in the configure() method in the desired - * order, the ignoring() matcher pattern configured above causes Spring to - * bypass this filter, which seems to me means the filter participates - * correctly. - */ - public PortalAuthenticationFilter portalAuthenticationFilterBean() throws ClassNotFoundException, - InstantiationException, IllegalAccessException, IOException, InvocationTargetException, NoSuchMethodException { - return new PortalAuthenticationFilter(portalapiSecurity, portalAuthManagerBean(), this.userManager); - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/EnrichmentController.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/EnrichmentController.java index 0037c33..0845fcd 100644 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/EnrichmentController.java +++ b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/EnrichmentController.java @@ -40,7 +40,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.security.access.annotation.Secured; import org.springframework.util.Assert; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -66,7 +65,6 @@ public class EnrichmentController { // Publish paths in constants so tests are easy to write public static final String CONTROLLER_PATH = ControlPanelConstants.ENDPOINT_PREFIX + "/enrichment"; // Endpoints - public static final String VERSION_METHOD = ControlPanelConstants.VERSION_METHOD; public static final String EI_TYPES = "eitypes"; public static final String EI_PRODUCERS = "eiproducers"; public static final String EI_JOBS = "eijobs"; @@ -89,7 +87,6 @@ public class EnrichmentController { */ @ApiOperation(value = "Get the EI type identifiers") @GetMapping(EI_TYPES) - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getAllEiTypeIds() { logger.debug("getAllEiTypeIds"); return this.eiProducerApi.getAllEiTypeIds(); @@ -97,7 +94,6 @@ public class EnrichmentController { @ApiOperation(value = "Get an individual EI type") @GetMapping(EI_TYPES + "/{" + EI_TYPE_ID + "}") - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getEiType(@PathVariable(EI_TYPE_ID) String eiTypeId) { logger.debug("getEiType {}", eiTypeId); return this.eiProducerApi.getEiType(eiTypeId); @@ -105,7 +101,6 @@ public class EnrichmentController { @ApiOperation(value = "Get an individual EI producer") @GetMapping(EI_PRODUCERS + "/{" + EI_PRODUCER_ID + "}") - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getEiProducer(@PathVariable(EI_PRODUCER_ID) String eiProducerId) { logger.debug("getEiProducer {}", eiProducerId); return this.eiProducerApi.getEiProducer(eiProducerId); @@ -113,7 +108,6 @@ public class EnrichmentController { @ApiOperation(value = "Get the EI job definitions for one EI producer") @GetMapping(EI_PRODUCERS + "/{" + EI_PRODUCER_ID + "}/" + EI_JOBS) - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getEiJobsForOneEiProducer(@PathVariable(EI_PRODUCER_ID) String eiProducerId) { logger.debug("getEiJobsForOneEiProducer {}", eiProducerId); return this.eiProducerApi.getEiJobsForOneEiProducer(eiProducerId); @@ -121,7 +115,6 @@ public class EnrichmentController { @ApiOperation(value = "Get the EI job definitions for one EI producer") @GetMapping(EI_JOBS) - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity> getEiJobs() { logger.debug("getEiJobs"); ResponseEntity response = this.eiProducerApi.getAllEiProducerIds(); @@ -146,7 +139,6 @@ public class EnrichmentController { @ApiOperation(value = "Get EI producers") @GetMapping(EI_PRODUCERS) - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity> getEiProducers() { logger.debug("getEiProducers"); ResponseEntity response = this.eiProducerApi.getAllEiProducerIds(); @@ -183,7 +175,6 @@ public class EnrichmentController { @ApiOperation(value = "Get the status of an EI producer") @GetMapping(EI_PRODUCERS + "/{" + EI_PRODUCER_ID + "}/" + STATUS) - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getEiProducerStatus(@PathVariable(EI_PRODUCER_ID) String eiProducerId) { logger.debug("getEiProducerStatus {}", eiProducerId); return this.eiProducerApi.getEiProducerStatus(eiProducerId); diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/PolicyController.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/PolicyController.java index 03d9d83..6cf79f1 100644 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/PolicyController.java +++ b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/controller/PolicyController.java @@ -33,7 +33,6 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.security.access.annotation.Secured; import org.springframework.util.Assert; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; @@ -61,7 +60,6 @@ public class PolicyController { // Publish paths in constants so tests are easy to write public static final String CONTROLLER_PATH = ControlPanelConstants.ENDPOINT_PREFIX + "/policy"; // Endpoints - public static final String VERSION_METHOD = ControlPanelConstants.VERSION_METHOD; public static final String POLICY_TYPES_METHOD = "policytypes"; public static final String POLICY_TYPE_PARAM = "type"; public static final String POLICIES_NAME = "policies"; @@ -82,7 +80,6 @@ public class PolicyController { */ @ApiOperation(value = "Gets the policy types from Near-RT RIC") @GetMapping(POLICY_TYPES_METHOD) - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getAllPolicyTypes(HttpServletResponse response) { logger.debug("getAllPolicyTypes"); return this.policyAgentApi.getAllPolicyTypes(); @@ -90,7 +87,6 @@ public class PolicyController { @ApiOperation(value = "Returns the policy instances for the given policy type.") @GetMapping(POLICIES_NAME) - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getPolicyInstances( @RequestParam(name = "type", required = true) String policyTypeIdString) { logger.debug("getPolicyInstances {}", policyTypeIdString); @@ -99,7 +95,6 @@ public class PolicyController { @ApiOperation(value = "Returns a policy instance of a type") @GetMapping(POLICIES_NAME + "/{" + POLICY_INSTANCE_ID_NAME + "}") - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getPolicyInstance( @RequestParam(name = "type", required = true) String policyTypeIdString, @PathVariable(POLICY_INSTANCE_ID_NAME) String policyInstanceId) { @@ -109,7 +104,6 @@ public class PolicyController { @ApiOperation(value = "Creates the policy instances for the given policy type.") @PutMapping(POLICIES_NAME + "/{" + POLICY_INSTANCE_ID_NAME + "}") - @Secured({ControlPanelConstants.ROLE_ADMIN}) public ResponseEntity putPolicyInstance( // @RequestParam(POLICY_TYPE_PARAM) String policyTypeIdString, // @RequestParam(name = "ric", required = true) String ric, // @@ -122,7 +116,6 @@ public class PolicyController { @ApiOperation(value = "Deletes the policy instances for the given policy type.") @DeleteMapping(POLICIES_NAME + "/{" + POLICY_INSTANCE_ID_NAME + "}") - @Secured({ControlPanelConstants.ROLE_ADMIN}) public ResponseEntity deletePolicyInstance( // @RequestParam(POLICY_TYPE_PARAM) String policyTypeIdString, @PathVariable(POLICY_INSTANCE_ID_NAME) String policyInstanceId) { @@ -132,7 +125,6 @@ public class PolicyController { @ApiOperation(value = "Returns the rics supporting the given policy type.") @GetMapping("/rics") - @Secured({ControlPanelConstants.ROLE_ADMIN, ControlPanelConstants.ROLE_STANDARD}) public ResponseEntity getRicsSupportingType( @RequestParam(name = "policyType", required = true) String supportingPolicyType) { logger.debug("getRicsSupportingType {}", supportingPolicyType); diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/model/EcompUserDetails.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/model/EcompUserDetails.java deleted file mode 100644 index 91e7aa9..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/model/EcompUserDetails.java +++ /dev/null @@ -1,93 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.model; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.Iterator; -import java.util.List; - -import org.onap.portalsdk.core.restful.domain.EcompRole; -import org.onap.portalsdk.core.restful.domain.EcompUser; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.userdetails.UserDetails; - -public class EcompUserDetails implements UserDetails { - - private static final long serialVersionUID = 1L; - private final transient EcompUser ecompUser; - - // This is the default Spring role-name prefix. - private static final String ROLEP = "ROLE_"; - - public EcompUserDetails(EcompUser ecompUser) { - this.ecompUser = ecompUser; - } - - /* - * Gets a list of authorities (roles) for this user. To keep Spring happy, every - * item has prefix ROLE_. - */ - @Override - public Collection getAuthorities() { - List roleList = new ArrayList<>(); - Iterator roleIter = ecompUser.getRoles().iterator(); - while (roleIter.hasNext()) { - EcompRole role = roleIter.next(); - // Add the prefix if the ONAP portal doesn't supply it. - final String roleName = role.getName().startsWith(ROLEP) ? role.getName() : ROLEP + role.getName(); - roleList.add(new SimpleGrantedAuthority(roleName)); - } - return roleList; - } - - @Override - public String getPassword() { - return null; - } - - @Override - public String getUsername() { - return ecompUser.getLoginId(); - } - - @Override - public boolean isAccountNonExpired() { - return true; - } - - @Override - public boolean isAccountNonLocked() { - return true; - } - - @Override - public boolean isCredentialsNonExpired() { - return true; - } - - @Override - public boolean isEnabled() { - return ecompUser.isActive(); - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/IPortalSdkDecryptor.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/IPortalSdkDecryptor.java deleted file mode 100644 index 5a16392..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/IPortalSdkDecryptor.java +++ /dev/null @@ -1,42 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.portalapi; - -import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; - -/** - * Supports an upgrade path among methods in CipherUtil because the PortalSDK is - * changing encryption methods. - */ -public interface IPortalSdkDecryptor { - - /** - * Decrypts the specified value using a known key. - * - * @param cipherText - * Encrypted value - * @return Clear text on success, null otherwise. - * @throws CipherUtilException - * if any decryption step fails - */ - String decrypt(String cipherText) throws CipherUtilException; - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManager.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManager.java deleted file mode 100644 index 8847d7a..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManager.java +++ /dev/null @@ -1,120 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.portalapi; - -import java.lang.invoke.MethodHandles; -import java.lang.reflect.InvocationTargetException; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; - -import org.onap.portalsdk.core.onboarding.crossapi.IPortalRestCentralService; -import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; -import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -/** - * Provides services to authenticate requests from/to ONAP Portal. - */ -public class PortalAuthManager { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - final Map credentialsMap; - private final IPortalSdkDecryptor portalSdkDecryptor; - private final String userIdCookieName; - - public PortalAuthManager(final String appName, final String username, final String password, - final String decryptorClassName, final String userCookie) throws ClassNotFoundException, InstantiationException, - IllegalAccessException, InvocationTargetException, NoSuchMethodException { - credentialsMap = new HashMap<>(); - credentialsMap.put(IPortalRestCentralService.CREDENTIALS_APP, appName); - credentialsMap.put(IPortalRestCentralService.CREDENTIALS_USER, username); - credentialsMap.put(IPortalRestCentralService.CREDENTIALS_PASS, password); - this.userIdCookieName = userCookie; - // Instantiate here so configuration errors are detected at app-start time - logger.debug("ctor: using decryptor class {}", decryptorClassName); - Class decryptorClass = Class.forName(decryptorClassName); - portalSdkDecryptor = (IPortalSdkDecryptor) decryptorClass.getDeclaredConstructor().newInstance(); - } - - /** - * @return A map of key-value pairs with application name, user name and - * password. - */ - public Map getAppCredentials() { - return credentialsMap; - } - - /** - * Searches the request for a cookie with the specified name. - * - * @param request - * HttpServletRequest - * @param cookieName - * Cookie name - * @return Cookie, or null if not found. - */ - private Cookie getCookie(HttpServletRequest request, String cookieName) { - Cookie[] cookies = request.getCookies(); - if (cookies != null) - for (Cookie cookie : cookies) - if (cookie.getName().equals(cookieName)) - return cookie; - return null; - } - - /** - * Validates whether the ECOMP Portal sign-on process has completed. Checks for - * the ECOMP cookie first, then the user cookie. - * - * @param request - * HttpServletRequest - * @return User ID if the ECOMP cookie is present and the sign-on process - * established a user ID; else null. - */ - public String validateEcompSso(HttpServletRequest request) { - // Check ECOMP Portal cookie - Cookie ep = getCookie(request, PortalApiConstants.EP_SERVICE); - if (ep == null) { - logger.debug("validateEcompSso: cookie not found: {}", PortalApiConstants.EP_SERVICE); - return null; - } - logger.trace("validateEcompSso: found cookie {}", PortalApiConstants.EP_SERVICE); - Cookie user = getCookie(request, userIdCookieName); - if (user == null) { - logger.debug("validateEcompSso: cookie not found: {}", userIdCookieName); - return null; - } - logger.trace("validateEcompSso: user cookie {}", userIdCookieName); - String userid = null; - try { - userid = portalSdkDecryptor.decrypt(user.getValue()); - } catch (CipherUtilException e) { - throw new IllegalArgumentException("validateEcompSso failed", e); - } - return userid; - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthenticationFilter.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthenticationFilter.java deleted file mode 100644 index f9a9674..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthenticationFilter.java +++ /dev/null @@ -1,281 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.portalapi; - -import java.io.IOException; -import java.io.InputStream; -import java.io.UnsupportedEncodingException; -import java.lang.invoke.MethodHandles; -import java.net.URLEncoder; -import java.util.HashSet; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.FilterConfig; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.portalsdk.core.onboarding.util.KeyProperties; -import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; -import org.onap.portalsdk.core.restful.domain.EcompRole; -import org.onap.portalsdk.core.restful.domain.EcompUser; -import org.oransc.portal.nonrtric.controlpanel.ControlPanelConstants; -import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager; -import org.oransc.portal.nonrtric.controlpanel.model.EcompUserDetails; -import org.owasp.esapi.reference.DefaultSecurityConfiguration; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.http.MediaType; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; - -/** - * This filter checks every request for the cookie set by the ONAP Portal single - * sign on process. The possible paths and actions: - *
    - *
  1. User starts at an app page via a bookmark. No Portal cookie is set. - * Redirect there to get one; then continue as below. - *
  2. User starts at Portal and goes to app. Alternately, the user's session - * times out and the user hits refresh. The Portal cookie is set, but there is - * no valid session. Create one and publish info. - *
  3. User has valid Portal cookie and session. Reset the max idle in that - * session. - *
- *

- * Notes: - *

    - *
  • While redirecting, the cookie "redirectUrl" should also be set so that - * Portal knows where to forward the request to once the Portal Session is - * created and EPService cookie is set. - *
- * - * Open question: What about sessions? Will this be stateless? - * - * This filter uses no annotations to avoid Spring's automatic registration, - * which add this filter in the chain in the wrong order. - */ -public class PortalAuthenticationFilter implements Filter { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - // Unfortunately not all file names are defined as constants - private static final String[] securityPropertyFiles = - {KeyProperties.PROPERTY_FILE_NAME, PortalApiProperties.PROPERTY_FILE_NAME, - DefaultSecurityConfiguration.DEFAULT_RESOURCE_FILE, "validation.properties"}; - - public static final String REDIRECT_URL_KEY = "redirectUrl"; - - private final boolean enforcePortalSecurity; - private final PortalAuthManager authManager; - - private final ControlPanelUserManager userManager; - - public PortalAuthenticationFilter(boolean portalSecurity, PortalAuthManager authManager, - ControlPanelUserManager userManager) throws IOException { - this.enforcePortalSecurity = portalSecurity; - this.authManager = authManager; - this.userManager = userManager; - if (portalSecurity) { - // Throw if security is requested and prerequisites are not met - for (String pf : securityPropertyFiles) { - InputStream in = MethodHandles.lookup().lookupClass().getClassLoader().getResourceAsStream(pf); - if (in == null) { - String msg = "Failed to find property file on classpath: " + pf; - logger.error(msg); - throw new IOException(msg); - } else { - try { - in.close(); - } catch (IOException ex) { - logger.warn("Failed to close stream", ex); - } - } - } - } - } - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - // complain loudly if this key property is missing - String url = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL); - logger.debug("init: Portal redirect URL {}", url); - if (url == null) - logger - .error("init: Failed to find property in portal.properties: " + PortalApiConstants.ECOMP_REDIRECT_URL); - } - - @Override - public void destroy() { - // No resources to release - } - - /** - * Requests for pages ignored in the web security config do not hit this filter. - */ - @Override - public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) - throws IOException, ServletException { - if (enforcePortalSecurity) - doFilterEPSDKFW(req, res, chain); - else - doFilterMockUserAdminRole(req, res, chain); - } - - /* - * Populates security context with a mock user in the admin role. - * - */ - private void doFilterMockUserAdminRole(ServletRequest req, ServletResponse res, FilterChain chain) - throws IOException, ServletException { - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - if (auth == null || auth.getAuthorities().isEmpty()) { - if (logger.isDebugEnabled()) { - logger.debug("doFilter adding auth to request URI {}", - (req instanceof HttpServletRequest) ? ((HttpServletRequest) req).getRequestURL() : req); - } - EcompRole admin = new EcompRole(); - admin.setId(1L); - admin.setName(ControlPanelConstants.ROLE_ADMIN); - HashSet roles = new HashSet<>(); - roles.add(admin); - EcompUser user = new EcompUser(); - user.setLoginId("fakeLoginId"); - user.setRoles(roles); - user.setActive(true); - EcompUserDetails userDetails = new EcompUserDetails(user); - PreAuthenticatedAuthenticationToken authToken = - new PreAuthenticatedAuthenticationToken(userDetails, "fakeCredentials", userDetails.getAuthorities()); - SecurityContextHolder.getContext().setAuthentication(authToken); - } else { - logger.debug("doFilter: authorities {}", auth.getAuthorities()); - } - chain.doFilter(req, res); - } - - /* - * Checks for valid cookies and allows request to be served if found; redirects - * to Portal otherwise. - */ - private void doFilterEPSDKFW(ServletRequest req, ServletResponse res, FilterChain chain) - throws IOException, ServletException { - HttpServletRequest request = (HttpServletRequest) req; - HttpServletResponse response = (HttpServletResponse) res; - if (logger.isTraceEnabled()) - logger.trace("doFilter: req {}", request.getRequestURI()); - // Need to authenticate the request - final String userId = authManager.validateEcompSso(request); - final EcompUser ecompUser = (userId == null ? null : userManager.getUser(userId)); - if (userId == null || ecompUser == null) { - logger.debug("doFilter: unauthorized user requests URI {}, serving login page", request.getRequestURI()); - StringBuffer sb = request.getRequestURL(); - sb.append(request.getQueryString() == null ? "" : "?" + request.getQueryString()); - String body = generateLoginRedirectPage(sb.toString()); - response.setContentType(MediaType.TEXT_HTML_VALUE); - response.getWriter().print(body); - response.getWriter().flush(); - } else { - EcompUserDetails userDetails = new EcompUserDetails(ecompUser); - // Using portal session as credentials is a hack - PreAuthenticatedAuthenticationToken authToken = new PreAuthenticatedAuthenticationToken(userDetails, - getPortalSessionId(request), userDetails.getAuthorities()); - SecurityContextHolder.getContext().setAuthentication(authToken); - // Pass request back down the filter chain - chain.doFilter(request, response); - } - } - - /** - * Generates a page with text only, absolutely no references to any webapp - * resources, so this can be served to an unauthenticated user without - * triggering a new authentication attempt. The page has a link to the Portal - * URL from configuration, with a return URL that is the original request. - * - * @param appUrl - * Original requested URL - * @return HTML - * @throws UnsupportedEncodingException - * On error - */ - private static String generateLoginRedirectPage(String appUrl) throws UnsupportedEncodingException { - String encodedAppUrl = URLEncoder.encode(appUrl, "UTF-8"); - String portalBaseUrl = PortalApiProperties.getProperty(PortalApiConstants.ECOMP_REDIRECT_URL); - String redirectUrl = portalBaseUrl + "?" + PortalAuthenticationFilter.REDIRECT_URL_KEY + "=" + encodedAppUrl; - String aHref = ""; - // If only Java had "here" documents. - return String.join(// - System.getProperty("line.separator"), // - "", // - "", // - "Non-RT RIC Control Panel", // - "", // - "", // - "", // - "

Non-RT RIC Control Panel

", // - "

Please log in.

", // - "

", // - aHref, "Click here to authenticate at the ONAP Portal", // - "

", // - "", // - ""); - } - - /** - * Searches the request for a cookie with the specified name. - * - * @param request - * HttpServletRequest - * @param cookieName - * Cookie name - * @return Cookie, or null if not found. - */ - private Cookie getCookie(HttpServletRequest request, String cookieName) { - Cookie[] cookies = request.getCookies(); - if (cookies != null) - for (Cookie cookie : cookies) - if (cookie.getName().equals(cookieName)) - return cookie; - return null; - } - - /** - * Gets the ECOMP Portal service cookie value. - * - * @param request - * @return Cookie value, or null if not found. - */ - private String getPortalSessionId(HttpServletRequest request) { - Cookie ep = getCookie(request, PortalApiConstants.EP_SERVICE); - if (ep == null) - return null; - return ep.getValue(); - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalRestCentralServiceImpl.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalRestCentralServiceImpl.java deleted file mode 100644 index 75ab13a..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalRestCentralServiceImpl.java +++ /dev/null @@ -1,93 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.portalapi; - -import java.io.IOException; -import java.lang.invoke.MethodHandles; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.portalsdk.core.onboarding.crossapi.IPortalRestCentralService; -import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; -import org.onap.portalsdk.core.restful.domain.EcompUser; -import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager; -import org.oransc.portal.nonrtric.controlpanel.config.SpringContextCache; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; - -/** - * Implements the contract used by the Portal to transmit user details to this - * on-boarded application. The requests are intercepted first by a servlet in - * the EPSDK-FW library, which proxies the calls to these methods. - * - * An instance of this class is created upon first request to the API. But this - * class is found and instantiated via Class.forName(), so cannot use Spring - * annotations. - */ -public class PortalRestCentralServiceImpl implements IPortalRestCentralService { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - @Autowired - private SpringContextCache springContextCache; - private final PortalAuthManager authManager; - private final ControlPanelUserManager userManager; - - public PortalRestCentralServiceImpl() throws IOException, PortalAPIException { - final ApplicationContext context = springContextCache.getApplicationContext(); - authManager = context.getBean(PortalAuthManager.class); - userManager = context.getBean(ControlPanelUserManager.class); - } - - /* - * Answers the Portal API credentials. - */ - @Override - public Map getAppCredentials() throws PortalAPIException { - logger.debug("getAppCredentials"); - return authManager.getAppCredentials(); - } - - /* - * Extracts the user ID from a cookie in the header - */ - @Override - public String getUserId(HttpServletRequest request) throws PortalAPIException { - logger.debug("getuserId"); - return authManager.validateEcompSso(request); - } - - @Override - public void pushUser(EcompUser user) throws PortalAPIException { - logger.debug("pushUser: {}", user); - userManager.createUser(user); - } - - @Override - public void editUser(String loginId, EcompUser user) throws PortalAPIException { - logger.debug("editUser: {}", user); - userManager.updateUser(loginId, user); - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorAes.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorAes.java deleted file mode 100644 index 27d1fc1..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorAes.java +++ /dev/null @@ -1,34 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.portalapi; - -import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; -import org.onap.portalsdk.core.onboarding.util.CipherUtil; - -public class PortalSdkDecryptorAes implements IPortalSdkDecryptor { - - @Override - @SuppressWarnings("squid:CallToDeprecatedMethod") - public String decrypt(String cipherText) throws CipherUtilException { - return CipherUtil.decrypt(cipherText); - } - -} diff --git a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorPkc.java b/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorPkc.java deleted file mode 100644 index b0f8924..0000000 --- a/webapp-backend/src/main/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalSdkDecryptorPkc.java +++ /dev/null @@ -1,33 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.portalapi; - -import org.onap.portalsdk.core.onboarding.exception.CipherUtilException; -import org.onap.portalsdk.core.onboarding.util.CipherUtil; - -public class PortalSdkDecryptorPkc implements IPortalSdkDecryptor { - - @Override - public String decrypt(String cipherText) throws CipherUtilException { - return CipherUtil.decryptPKC(cipherText); - } - -} diff --git a/webapp-backend/src/main/resources/ESAPI.properties b/webapp-backend/src/main/resources/ESAPI.properties deleted file mode 100644 index ca45e09..0000000 --- a/webapp-backend/src/main/resources/ESAPI.properties +++ /dev/null @@ -1,385 +0,0 @@ -# ========================LICENSE_START================================= -# O-RAN-SC -# %% -# Copyright (C) 2019 AT&T Intellectual Property -# %% -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ========================LICENSE_END=================================== - -#=========================================================================== -# ESAPI Configuration -# -# If true, then print all the ESAPI properties set here when they are loaded. -# If false, they are not printed. Useful to reduce output when running JUnit tests. -# If you need to troubleshoot a properties related problem, turning this on may help. -# This is 'false' in the src/test/resources/.esapi version. It is 'true' by -# default for reasons of backward compatibility with earlier ESAPI versions. -ESAPI.printProperties=false - -# ESAPI is designed to be easily extensible. You can use the reference implementation -# or implement your own providers to take advantage of your enterprise's security -# infrastructure. The functions in ESAPI are referenced using the ESAPI locator, like: -# -# String ciphertext = -# ESAPI.encryptor().encrypt("Secret message"); // Deprecated in 2.0 -# CipherText cipherText = -# ESAPI.encryptor().encrypt(new PlainText("Secret message")); // Preferred -# -# Below you can specify the classname for the provider that you wish to use in your -# application. The only requirement is that it implement the appropriate ESAPI interface. -# This allows you to switch security implementations in the future without rewriting the -# entire application. -# -# ExperimentalAccessController requires ESAPI-AccessControlPolicy.xml in .esapi directory -ESAPI.AccessControl=org.owasp.esapi.reference.DefaultAccessController -# FileBasedAuthenticator requires users.txt file in .esapi directory -ESAPI.Authenticator=org.owasp.esapi.reference.FileBasedAuthenticator -ESAPI.Encoder=org.owasp.esapi.reference.DefaultEncoder -ESAPI.Encryptor=org.owasp.esapi.reference.crypto.JavaEncryptor - -ESAPI.Executor=org.owasp.esapi.reference.DefaultExecutor -ESAPI.HTTPUtilities=org.owasp.esapi.reference.DefaultHTTPUtilities -ESAPI.IntrusionDetector=org.owasp.esapi.reference.DefaultIntrusionDetector -#ESAPI.Logger=org.owasp.esapi.reference.JavaLogFactory -ESAPI.Randomizer=org.owasp.esapi.reference.DefaultRandomizer -ESAPI.Validator=org.owasp.esapi.reference.DefaultValidator - -#=========================================================================== -# ESAPI Authenticator -# -Authenticator.AllowedLoginAttempts=3 -#Authenticator.MaxOldPasswordHashes=13 -Authenticator.UsernameParameterName=username -#Authenticator.PasswordParameterName=password -# RememberTokenDuration (in days) -Authenticator.RememberTokenDuration=14 -# Session Timeouts (in minutes) -Authenticator.IdleTimeoutDuration=20 -Authenticator.AbsoluteTimeoutDuration=120 - -#=========================================================================== -# ESAPI Encoder -# -# ESAPI canonicalizes input before validation to prevent bypassing filters with encoded attacks. -# Failure to canonicalize input is a very common mistake when implementing validation schemes. -# Canonicalization is automatic when using the ESAPI Validator, but you can also use the -# following code to canonicalize data. -# -# ESAPI.Encoder().canonicalize( "%22hello world"" ); -# -# Multiple encoding is when a single encoding format is applied multiple times. Allowing -# multiple encoding is strongly discouraged. -Encoder.AllowMultipleEncoding=false - -# Mixed encoding is when multiple different encoding formats are applied, or when -# multiple formats are nested. Allowing multiple encoding is strongly discouraged. -Encoder.AllowMixedEncoding=false - -# The default list of codecs to apply when canonicalizing untrusted data. The list should include the codecs -# for all downstream interpreters or decoders. For example, if the data is likely to end up in a URL, HTML, or -# inside JavaScript, then the list of codecs below is appropriate. The order of the list is not terribly important. -Encoder.DefaultCodecList=HTMLEntityCodec,PercentCodec,JavaScriptCodec - - -#=========================================================================== -# ESAPI Encryption -# -# The ESAPI Encryptor provides basic cryptographic functions with a simplified API. -# To get started, generate a new key using java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor -# There is not currently any support for key rotation, so be careful when changing your key and salt as it -# will invalidate all signed, encrypted, and hashed data. -# -# WARNING: Not all combinations of algorithms and key lengths are supported. -# If you choose to use a key length greater than 128, you MUST download the -# unlimited strength policy files and install in the lib directory of your JRE/JDK. -# See http://java.sun.com/javase/downloads/index.jsp for more information. -# -# Backward compatibility with ESAPI Java 1.4 is supported by the two deprecated API -# methods, Encryptor.encrypt(String) and Encryptor.decrypt(String). However, whenever -# possible, these methods should be avoided as they use ECB cipher mode, which in almost -# all circumstances a poor choice because of it's weakness. CBC cipher mode is the default -# for the new Encryptor encrypt / decrypt methods for ESAPI Java 2.0. In general, you -# should only use this compatibility setting if you have persistent data encrypted with -# version 1.4 and even then, you should ONLY set this compatibility mode UNTIL -# you have decrypted all of your old encrypted data and then re-encrypted it with -# ESAPI 2.0 using CBC mode. If you have some reason to mix the deprecated 1.4 mode -# with the new 2.0 methods, make sure that you use the same cipher algorithm for both -# (256-bit AES was the default for 1.4; 128-bit is the default for 2.0; see below for -# more details.) Otherwise, you will have to use the new 2.0 encrypt / decrypt methods -# where you can specify a SecretKey. (Note that if you are using the 256-bit AES, -# that requires downloading the special jurisdiction policy files mentioned above.) -# -# ***** IMPORTANT: Do NOT forget to replace these with your own values! ***** -# To calculate these values, you can run: -# java -classpath esapi.jar org.owasp.esapi.reference.crypto.JavaEncryptor -# -Encryptor.MasterKey=tzfztf56ftv -Encryptor.MasterSalt=123456ztrewq - -# Provides the default JCE provider that ESAPI will "prefer" for its symmetric -# encryption and hashing. (That is it will look to this provider first, but it -# will defer to other providers if the requested algorithm is not implemented -# by this provider.) If left unset, ESAPI will just use your Java VM's current -# preferred JCE provider, which is generally set in the file -# "$JAVA_HOME/jre/lib/security/java.security". -# -# The main intent of this is to allow ESAPI symmetric encryption to be -# used with a FIPS 140-2 compliant crypto-module. For details, see the section -# "Using ESAPI Symmetric Encryption with FIPS 140-2 Cryptographic Modules" in -# the ESAPI 2.0 Symmetric Encryption User Guide, at: -# http://owasp-esapi-java.googlecode.com/svn/trunk/documentation/esapi4java-core-2.0-symmetric-crypto-user-guide.html -# However, this property also allows you to easily use an alternate JCE provider -# such as "Bouncy Castle" without having to make changes to "java.security". -# See Javadoc for SecurityProviderLoader for further details. If you wish to use -# a provider that is not known to SecurityProviderLoader, you may specify the -# fully-qualified class name of the JCE provider class that implements -# java.security.Provider. If the name contains a '.', this is interpreted as -# a fully-qualified class name that implements java.security.Provider. -# -# NOTE: Setting this property has the side-effect of changing it in your application -# as well, so if you are using JCE in your application directly rather than -# through ESAPI (you wouldn't do that, would you? ;-), it will change the -# preferred JCE provider there as well. -# -# Default: Keeps the JCE provider set to whatever JVM sets it to. -Encryptor.PreferredJCEProvider= - -# AES is the most widely used and strongest encryption algorithm. This -# should agree with your Encryptor.CipherTransformation property. -# By default, ESAPI Java 1.4 uses "PBEWithMD5AndDES" and which is -# very weak. It is essentially a password-based encryption key, hashed -# with MD5 around 1K times and then encrypted with the weak DES algorithm -# (56-bits) using ECB mode and an unspecified padding (it is -# JCE provider specific, but most likely "NoPadding"). However, 2.0 uses -# "AES/CBC/PKCSPadding". If you want to change these, change them here. -# Warning: This property does not control the default reference implementation for -# ESAPI 2.0 using JavaEncryptor. Also, this property will be dropped -# in the future. -# @deprecated -Encryptor.EncryptionAlgorithm=AES -# For ESAPI Java 2.0 - New encrypt / decrypt methods use this. -Encryptor.CipherTransformation=AES/CBC/PKCS5Padding - -# Applies to ESAPI 2.0 and later only! -# Comma-separated list of cipher modes that provide *BOTH* -# confidentiality *AND* message authenticity. (NIST refers to such cipher -# modes as "combined modes" so that's what we shall call them.) If any of these -# cipher modes are used then no MAC is calculated and stored -# in the CipherText upon encryption. Likewise, if one of these -# cipher modes is used with decryption, no attempt will be made -# to validate the MAC contained in the CipherText object regardless -# of whether it contains one or not. Since the expectation is that -# these cipher modes support support message authenticity already, -# injecting a MAC in the CipherText object would be at best redundant. -# -# Note that as of JDK 1.5, the SunJCE provider does not support *any* -# of these cipher modes. Of these listed, only GCM and CCM are currently -# NIST approved. YMMV for other JCE providers. E.g., Bouncy Castle supports -# GCM and CCM with "NoPadding" mode, but not with "PKCS5Padding" or other -# padding modes. -Encryptor.cipher_modes.combined_modes=GCM,CCM,IAPM,EAX,OCB,CWC - -# Applies to ESAPI 2.0 and later only! -# Additional cipher modes allowed for ESAPI 2.0 encryption. These -# cipher modes are in _addition_ to those specified by the property -# 'Encryptor.cipher_modes.combined_modes'. -# Note: We will add support for streaming modes like CFB & OFB once -# we add support for 'specified' to the property 'Encryptor.ChooseIVMethod' -# (probably in ESAPI 2.1). -# DISCUSS: Better name? -Encryptor.cipher_modes.additional_allowed=CBC - -# 128-bit is almost always sufficient and appears to be more resistant to -# related key attacks than is 256-bit AES. Use '_' to use default key size -# for cipher algorithms (where it makes sense because the algorithm supports -# a variable key size). Key length must agree to what's provided as the -# cipher transformation, otherwise this will be ignored after logging a -# warning. -# -# NOTE: This is what applies BOTH ESAPI 1.4 and 2.0. See warning above about mixing! -Encryptor.EncryptionKeyLength=128 - -# Because 2.0 uses CBC mode by default, it requires an initialization vector (IV). -# (All cipher modes except ECB require an IV.) There are two choices: we can either -# use a fixed IV known to both parties or allow ESAPI to choose a random IV. While -# the IV does not need to be hidden from adversaries, it is important that the -# adversary not be allowed to choose it. Also, random IVs are generally much more -# secure than fixed IVs. (In fact, it is essential that feed-back cipher modes -# such as CFB and OFB use a different IV for each encryption with a given key so -# in such cases, random IVs are much preferred. By default, ESAPI 2.0 uses random -# IVs. If you wish to use 'fixed' IVs, set 'Encryptor.ChooseIVMethod=fixed' and -# uncomment the Encryptor.fixedIV. -# -# Valid values: random|fixed|specified 'specified' not yet implemented; planned for 2.1 -Encryptor.ChooseIVMethod=random -# If you choose to use a fixed IV, then you must place a fixed IV here that -# is known to all others who are sharing your secret key. The format should -# be a hex string that is the same length as the cipher block size for the -# cipher algorithm that you are using. The following is an *example* for AES -# from an AES test vector for AES-128/CBC as described in: -# NIST Special Publication 800-38A (2001 Edition) -# "Recommendation for Block Cipher Modes of Operation". -# (Note that the block size for AES is 16 bytes == 128 bits.) -# -Encryptor.fixedIV=0x000102030405060708090a0b0c0d0e0f - -# Whether or not CipherText should use a message authentication code (MAC) with it. -# This prevents an adversary from altering the IV as well as allowing a more -# fool-proof way of determining the decryption failed because of an incorrect -# key being supplied. This refers to the "separate" MAC calculated and stored -# in CipherText, not part of any MAC that is calculated as a result of a -# "combined mode" cipher mode. -# -# If you are using ESAPI with a FIPS 140-2 cryptographic module, you *must* also -# set this property to false. -Encryptor.CipherText.useMAC=true - -# Whether or not the PlainText object may be overwritten and then marked -# eligible for garbage collection. If not set, this is still treated as 'true'. -Encryptor.PlainText.overwrite=true - -# Do not use DES except in a legacy situations. 56-bit is way too small key size. -#Encryptor.EncryptionKeyLength=56 -#Encryptor.EncryptionAlgorithm=DES - -# TripleDES is considered strong enough for most purposes. -# Note: There is also a 112-bit version of DESede. Using the 168-bit version -# requires downloading the special jurisdiction policy from Sun. -#Encryptor.EncryptionKeyLength=168 -#Encryptor.EncryptionAlgorithm=DESede - -Encryptor.HashAlgorithm=SHA-512 -Encryptor.HashIterations=1024 -Encryptor.DigitalSignatureAlgorithm=SHA1withDSA -Encryptor.DigitalSignatureKeyLength=1024 -Encryptor.RandomAlgorithm=SHA1PRNG -Encryptor.CharacterEncoding=UTF-8 - -# This is the Pseudo Random Function (PRF) that ESAPI's Key Derivation Function -# (KDF) normally uses. Note this is *only* the PRF used for ESAPI's KDF and -# *not* what is used for ESAPI's MAC. (Currently, HmacSHA1 is always used for -# the MAC, mostly to keep the overall size at a minimum.) -# -# Currently supported choices for JDK 1.5 and 1.6 are: -# HmacSHA1 (160 bits), HmacSHA256 (256 bits), HmacSHA384 (384 bits), and -# HmacSHA512 (512 bits). -# Note that HmacMD5 is *not* supported for the PRF used by the KDF even though -# the JDKs support it. See the ESAPI 2.0 Symmetric Encryption User Guide -# further details. -Encryptor.KDF.PRF=HmacSHA256 -#=========================================================================== -# ESAPI Logging -# Set the application name if these logs are combined with other applications -Logger.ApplicationName=portal_nonrtric_controlpanel -# If you use an HTML log viewer that does not properly HTML escape log data, you can set LogEncodingRequired to true -Logger.LogEncodingRequired=false -# Determines whether ESAPI should log the application name. This might be clutter in some single-server/single-app environments. -Logger.LogApplicationName=true -# Determines whether ESAPI should log the server IP and port. This might be clutter in some single-server environments. -Logger.LogServerIP=true -# LogFileName, the name of the logging file. Provide a full directory path (e.g., C:\\ESAPI\\ESAPI_logging_file) if you -# want to place it in a specific directory. -Logger.LogFileName=portal_nonrtric_controlpanel_esapi_log -# MaxLogFileSize, the max size (in bytes) of a single log file before it cuts over to a new one (default is 10,000,000) -Logger.MaxLogFileSize=10000000 - - -#=========================================================================== -# ESAPI Intrusion Detection -# -# Each event has a base to which .count, .interval, and .action are added -# The IntrusionException will fire if we receive "count" events within "interval" seconds -# The IntrusionDetector is configurable to take the following actions: log, logout, and disable -# (multiple actions separated by commas are allowed e.g. event.test.actions=log,disable -# -# Custom Events -# Names must start with "event." as the base -# Use IntrusionDetector.addEvent( "test" ) in your code to trigger "event.test" here -# You can also disable intrusion detection completely by changing -# the following parameter to true -# -IntrusionDetector.Disable=false -# -IntrusionDetector.event.test.count=2 -IntrusionDetector.event.test.interval=10 -IntrusionDetector.event.test.actions=disable,log - -# Exception Events -# All EnterpriseSecurityExceptions are registered automatically -# Call IntrusionDetector.getInstance().addException(e) for Exceptions that do not extend EnterpriseSecurityException -# Use the fully qualified classname of the exception as the base - -# any intrusion is an attack -IntrusionDetector.org.owasp.esapi.errors.IntrusionException.count=1 -IntrusionDetector.org.owasp.esapi.errors.IntrusionException.interval=1 -IntrusionDetector.org.owasp.esapi.errors.IntrusionException.actions=log,disable,logout - -# for test purposes -# CHECKME: Shouldn't there be something in the property name itself that designates -# that these are for testing??? -IntrusionDetector.org.owasp.esapi.errors.IntegrityException.count=10 -IntrusionDetector.org.owasp.esapi.errors.IntegrityException.interval=5 -IntrusionDetector.org.owasp.esapi.errors.IntegrityException.actions=log,disable,logout - -# rapid validation errors indicate scans or attacks in progress -# org.owasp.esapi.errors.ValidationException.count=10 -# org.owasp.esapi.errors.ValidationException.interval=10 -# org.owasp.esapi.errors.ValidationException.actions=log,logout - -# sessions jumping between hosts indicates session hijacking -IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.count=2 -IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.interval=10 -IntrusionDetector.org.owasp.esapi.errors.AuthenticationHostException.actions=log,logout - - -#=========================================================================== -# ESAPI Validation -# -# The ESAPI Validator works on regular expressions with defined names. You can define names -# either here, or you may define application specific patterns in a separate file defined below. -# This allows enterprises to specify both organizational standards as well as application specific -# validation rules. -# -Validator.ConfigurationFile=validation.properties -Validator.ConfigurationFile.MultiValued=false - -# Validators used by ESAPI -Validator.AccountName=^[a-zA-Z0-9]{3,20}$ -Validator.SystemCommand=^[a-zA-Z\\-\\/]{1,64}$ -Validator.RoleName=^[a-z]{1,20}$ - -#the word TEST below should be changed to your application -#name - only relative URL's are supported -Validator.Redirect=^\\/test.*$ - -# Global HTTP Validation Rules -# Values with Base64 encoded data (e.g. encrypted state) will need at least [a-zA-Z0-9\/+=] -Validator.HTTPScheme=^(http|https)$ -Validator.HTTPServerName=^[a-zA-Z0-9_.\\-]*$ -Validator.HTTPParameterName=^[a-zA-Z0-9_]{1,32}$ -Validator.HTTPParameterValue=^[a-zA-Z0-9.\\-\\/+=@_ ]*$ -Validator.HTTPCookieName=^[a-zA-Z0-9\\-_]{1,32}$ -Validator.HTTPCookieValue=^[a-zA-Z0-9\\-\\/+=_ ]*$ -Validator.HTTPHeaderName=^[a-zA-Z0-9\\-_]{1,32}$ -Validator.HTTPHeaderValue=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$ -Validator.HTTPContextPath=^\\/?[a-zA-Z0-9.\\-\\/_]*$ -Validator.HTTPServletPath=^[a-zA-Z0-9.\\-\\/_]*$ -Validator.HTTPPath=^[a-zA-Z0-9.\\-_]*$ -Validator.HTTPQueryString=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ %]*$ -Validator.HTTPURI=^[a-zA-Z0-9()\\-=\\*\\.\\?;,+\\/:&_ ]*$ -Validator.HTTPURL=^.*$ -Validator.HTTPJSESSIONID=^[A-Z0-9]{10,30}$ - -# Validation of file related input -Validator.FileName=^[a-zA-Z0-9!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$ -Validator.DirectoryName=^[a-zA-Z0-9:/\\\\!@#$%^&{}\\[\\]()_+\\-=,.~'` ]{1,255}$ diff --git a/webapp-backend/src/main/resources/application.properties b/webapp-backend/src/main/resources/application.properties index e795dca..f21d8d5 100644 --- a/webapp-backend/src/main/resources/application.properties +++ b/webapp-backend/src/main/resources/application.properties @@ -30,24 +30,6 @@ server.ssl.key-store = classpath:keystore.jks server.ssl.key-password = ericsson_kwdjfhw server.http.port = 8080 - - -# path to file that stores user details; -# use a persistent volume in a K8S deployment -userfile = users.json - -# boolean flag whether to enforce Portal user and roles on requests -portalapi.security = false -# class that decrypts ciphertext from Portal -portalapi.decryptor = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalSdkDecryptorAes -# name of request cookie with user ID -portalapi.usercookie = UserId - -# portal credentials must be supplied at deployment time -portalapi.appname = Non-RT RIC Control Panel -portalapi.username = -portalapi.password = - # endpoint URLs must be supplied at deployment time # NOTE: change policycontroller.url.prefix to http://localhost:8081 when running # controlpanel locally (i.e., not inside the docker container) @@ -60,7 +42,3 @@ enrichmentcontroller.url.prefix = http://enrichment-service-container:8083/ei-pr # Mimic slow endpoints by defining sleep period, in milliseconds mock.config.delay = 0 - -# Kibana report on metrics -metrics.url.ac = http://jar-app-props-kibana-url-ac -metrics.url.mc = http://jar-app-props-kibana-url-mc diff --git a/webapp-backend/src/main/resources/portal.properties b/webapp-backend/src/main/resources/portal.properties deleted file mode 100644 index f0d6eca..0000000 --- a/webapp-backend/src/main/resources/portal.properties +++ /dev/null @@ -1,34 +0,0 @@ -# ========================LICENSE_START================================= -# O-RAN-SC -# %% -# Copyright (C) 2019 AT&T Intellectual Property -# %% -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ========================LICENSE_END=================================== - -# Template for the file that provides properties for the EPSDK-FW library. -# This file must be present on the Java classpath. - -# The following properties are the same in every deployment - -portal.api.impl.class = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalRestCentralServiceImpl -role_access_centralized = remote - -# The following properties are DIFFERENT in every deployment - -# URL of portal login screen -ecomp_redirect_url = http://localhost/portal -# URL of portal API -ecomp_rest_url = http://localhost/portal -# Value assigned by portal instance -ueb_app_key = abcdef1234567890 diff --git a/webapp-backend/src/main/resources/validation.properties b/webapp-backend/src/main/resources/validation.properties deleted file mode 100644 index 22eaa4e..0000000 --- a/webapp-backend/src/main/resources/validation.properties +++ /dev/null @@ -1,19 +0,0 @@ -# ========================LICENSE_START================================= -# O-RAN-SC -# %% -# Copyright (C) 2019 AT&T Intellectual Property -# %% -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ========================LICENSE_END=================================== - -# empty file to suppress OWASP complaints emitted to stdout diff --git a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManagerTest.java b/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManagerTest.java deleted file mode 100644 index 1faf618..0000000 --- a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/ControlPanelUserManagerTest.java +++ /dev/null @@ -1,82 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel; - -import java.lang.invoke.MethodHandles; -import java.util.HashSet; -import java.util.Set; - -import org.junit.Assert; -import org.junit.jupiter.api.Test; -import org.onap.portalsdk.core.onboarding.exception.PortalAPIException; -import org.onap.portalsdk.core.restful.domain.EcompRole; -import org.onap.portalsdk.core.restful.domain.EcompUser; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -class ControlPanelUserManagerTest { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - public static EcompUser createEcompUser(String loginId) { - EcompUser user = new EcompUser(); - user.setActive(true); - user.setLoginId(loginId); - user.setFirstName("First"); - user.setLastName("Last"); - EcompRole role = new EcompRole(); - role.setId(1L); - role.setName(ControlPanelConstants.ROLE_NAME_ADMIN); - Set roles = new HashSet<>(); - roles.add(role); - user.setRoles(roles); - return user; - } - - @Test - void testUserMgr() throws Exception { - final String loginId = "demo"; - ControlPanelUserManager dum = new ControlPanelUserManager(true); - EcompUser user = createEcompUser(loginId); - dum.createUser(user); - logger.info("Created user {}", user); - try { - dum.createUser(user); - throw new Exception("Unexpected success"); - } catch (PortalAPIException ex) { - logger.info("caught expected exception: {}", ex.toString()); - } - Assert.assertFalse(dum.getUsers().isEmpty()); - EcompUser fetched = dum.getUser(loginId); - Assert.assertEquals(fetched, user); - fetched.setLastName("Lastier"); - dum.updateUser(loginId, fetched); - EcompUser missing = dum.getUser("foo"); - Assert.assertNull(missing); - EcompUser unk = createEcompUser("unknown"); - try { - dum.updateUser("unk", unk); - } catch (PortalAPIException ex) { - logger.info("caught expected exception: {}", ex.toString()); - } - } - -} diff --git a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/PortalApIMockConfiguration.java b/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/PortalApIMockConfiguration.java deleted file mode 100644 index 1a89fac..0000000 --- a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/PortalApIMockConfiguration.java +++ /dev/null @@ -1,84 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.mock; - -import static org.mockito.ArgumentMatchers.any; -import static org.mockito.Mockito.doAnswer; -import static org.mockito.Mockito.mock; - -import java.lang.invoke.MethodHandles; -import java.util.HashMap; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; - -import org.onap.portalsdk.core.onboarding.crossapi.PortalRestAPIProxy; -import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.oransc.portal.nonrtric.controlpanel.portalapi.PortalAuthManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.boot.web.servlet.ServletRegistrationBean; -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; - -@Configuration -@Profile("test") -public class PortalApIMockConfiguration { - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - // Unfortunately EPSDK-FW does not define these as constants - public static final String PORTAL_USERNAME_HEADER_KEY = "username"; - public static final String PORTAL_PASSWORD_HEADER_KEY = "password"; - - @Bean - public ServletRegistrationBean portalApiProxyServlet() { - PortalRestAPIProxy servlet = new PortalRestAPIProxy(); - final ServletRegistrationBean servletBean = - new ServletRegistrationBean<>(servlet, PortalApiConstants.API_PREFIX + "/*"); - servletBean.setName("PortalRestApiProxyServlet"); - return servletBean; - } - - @Bean - public PortalAuthManager portalAuthManager() throws Exception { - PortalAuthManager mockManager = mock(PortalAuthManager.class); - final Map credentialsMap = new HashMap<>(); - credentialsMap.put("appName", "appName"); - credentialsMap.put(PORTAL_USERNAME_HEADER_KEY, PORTAL_USERNAME_HEADER_KEY); - credentialsMap.put(PORTAL_PASSWORD_HEADER_KEY, PORTAL_PASSWORD_HEADER_KEY); - doAnswer(inv -> { - logger.debug("getAppCredentials"); - return credentialsMap; - }).when(mockManager).getAppCredentials(); - doAnswer(inv -> { - logger.debug("getUserId"); - return "userId"; - }).when(mockManager).validateEcompSso(any(HttpServletRequest.class)); - doAnswer(inv -> { - logger.debug("getAppCredentials"); - return credentialsMap; - }).when(mockManager).getAppCredentials(); - return mockManager; - } - -} diff --git a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/WebSecurityMockConfiguration.java b/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/WebSecurityMockConfiguration.java deleted file mode 100644 index 15c2ed9..0000000 --- a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/mock/WebSecurityMockConfiguration.java +++ /dev/null @@ -1,86 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.mock; - -import java.lang.invoke.MethodHandles; - -import org.oransc.portal.nonrtric.controlpanel.ControlPanelConstants; -import org.oransc.portal.nonrtric.controlpanel.config.WebSecurityConfiguration; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Profile; -import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.builders.WebSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.crypto.factory.PasswordEncoderFactories; -import org.springframework.security.crypto.password.PasswordEncoder; - -@Configuration -@EnableWebSecurity -@EnableGlobalMethodSecurity(securedEnabled = true) -@Profile("test") -public class WebSecurityMockConfiguration extends WebSecurityConfigurerAdapter { - - public static final String TEST_CRED_ADMIN = "admin"; - public static final String TEST_CRED_STANDARD = "standard"; - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - public WebSecurityMockConfiguration(@Value("${userfile}") final String userFilePath) { - logger.debug("ctor: user file path {}", userFilePath); - } - - @Override - protected void configure(AuthenticationManagerBuilder auth) throws Exception { - PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); - auth.inMemoryAuthentication() // - .passwordEncoder(encoder) // - // The admin user has the admin AND standard roles - .withUser(TEST_CRED_ADMIN) // - .password(encoder.encode(TEST_CRED_ADMIN)) - .roles(ControlPanelConstants.ROLE_NAME_ADMIN, ControlPanelConstants.ROLE_NAME_STANDARD)// - .and()// - // The standard user has only the standard role - .withUser(TEST_CRED_STANDARD) // - .password(encoder.encode(TEST_CRED_STANDARD)) // - .roles(ControlPanelConstants.ROLE_NAME_STANDARD); - } - - @Override - protected void configure(HttpSecurity http) throws Exception { - http.authorizeRequests().anyRequest().authenticated()// - .and().httpBasic() // - .and().csrf().disable(); - } - - @Override - public void configure(WebSecurity web) throws Exception { - // This disables Spring security, but not the app's filter. - web.ignoring().antMatchers(WebSecurityConfiguration.OPEN_PATHS); - web.ignoring().antMatchers("/", "/csrf"); // allow swagger-ui to load - } - -} diff --git a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManagerTest.java b/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManagerTest.java deleted file mode 100644 index 382198b..0000000 --- a/webapp-backend/src/test/java/org/oransc/portal/nonrtric/controlpanel/portalapi/PortalAuthManagerTest.java +++ /dev/null @@ -1,91 +0,0 @@ -/*- - * ========================LICENSE_START================================= - * O-RAN-SC - * %% - * Copyright (C) 2019 AT&T Intellectual Property - * Modifications Copyright (C) 2020 Nordix Foundation - * %% - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ========================LICENSE_END=================================== - */ -package org.oransc.portal.nonrtric.controlpanel.portalapi; - -import java.io.IOException; -import java.lang.invoke.MethodHandles; -import java.lang.reflect.InvocationTargetException; - -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; - -import org.junit.Assert; -import org.junit.jupiter.api.Test; -import org.junit.jupiter.api.extension.ExtendWith; -import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; -import org.oransc.portal.nonrtric.controlpanel.ControlPanelUserManager; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.test.context.SpringBootTest; -import org.springframework.boot.test.context.SpringBootTest.WebEnvironment; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.junit.jupiter.SpringExtension; - -@ExtendWith(SpringExtension.class) -@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT) -class PortalAuthManagerTest { - - @Value("${portalapi.decryptor}") - private String decryptor; - - private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); - - @Test - void testPortalStuff() throws ClassNotFoundException, InstantiationException, IllegalAccessException, - InvocationTargetException, NoSuchMethodException, IOException, ServletException { - - PortalAuthManager m = new PortalAuthManager("app", "user", "secret", decryptor, "cookie"); - Assert.assertNotNull(m.getAppCredentials()); - String s = null; - - MockHttpServletRequest request = new MockHttpServletRequest(); - s = m.validateEcompSso(request); - logger.debug("validateEcompSso answers {}", s); - Assert.assertNull(s); - - Cookie cookie = new Cookie(PortalApiConstants.EP_SERVICE, "bogus"); - request.setCookies(cookie); - s = m.validateEcompSso(request); - logger.debug("validateEcompSso answers {}", s); - Assert.assertNull(s); - - ControlPanelUserManager dum = new ControlPanelUserManager(true); - PortalAuthenticationFilter filter = new PortalAuthenticationFilter(false, m, dum); - filter.init(null); - filter.destroy(); - MockHttpServletResponse response = new MockHttpServletResponse(); - try { - filter.doFilter(request, response, null); - } catch (NullPointerException ex) { - logger.debug("chain is null"); - } - - filter = new PortalAuthenticationFilter(true, m, dum); - try { - filter.doFilter(request, response, null); - } catch (NullPointerException ex) { - logger.debug("chain is null"); - } - } - -} diff --git a/webapp-backend/src/test/resources/key.properties b/webapp-backend/src/test/resources/key.properties deleted file mode 100644 index c2cab7d..0000000 --- a/webapp-backend/src/test/resources/key.properties +++ /dev/null @@ -1,22 +0,0 @@ -# ========================LICENSE_START================================= -# O-RAN-SC -# %% -# Copyright (C) 2019 AT&T Intellectual Property -# %% -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ========================LICENSE_END=================================== - -# Test properties for the EPSDK-FW library. -# This file must be present on the Java classpath. - -cipher.enc.key = bogus diff --git a/webapp-backend/src/test/resources/portal.properties b/webapp-backend/src/test/resources/portal.properties deleted file mode 100644 index e01d9e6..0000000 --- a/webapp-backend/src/test/resources/portal.properties +++ /dev/null @@ -1,26 +0,0 @@ -# ========================LICENSE_START================================= -# O-RAN-SC -# %% -# Copyright (C) 2019 AT&T Intellectual Property -# %% -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. -# ========================LICENSE_END=================================== - -# Test properties for the EPSDK-FW library. -# This file must be present on the Java classpath. - -portal.api.impl.class = org.oransc.portal.nonrtric.controlpanel.portalapi.PortalRestCentralServiceImpl -role_access_centralized = remote -ecomp_redirect_url = https://www.wikipedia.org -ecomp_rest_url = http://localhost/portal -ueb_app_key = abcdef1234567890 -- 2.16.6