otf-camunda/src/main/java/org/oran/otf/spring/configuration/HttpSecurityConfiguration.java

   1 /*  Copyright (c) 2019 AT&T Intellectual Property.                             #\r
   2 #                                                                              #\r
   3 #   Licensed under the Apache License, Version 2.0 (the "License");            #\r
   4 #   you may not use this file except in compliance with the License.           #\r
   5 #   You may obtain a copy of the License at                                    #\r
   6 #                                                                              #\r
   7 #       http://www.apache.org/licenses/LICENSE-2.0                             #\r
   8 #                                                                              #\r
   9 #   Unless required by applicable law or agreed to in writing, software        #\r
  10 #   distributed under the License is distributed on an "AS IS" BASIS,          #\r
  11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #\r
  12 #   See the License for the specific language governing permissions and        #\r
  13 #   limitations under the License.                                             #\r
  14 ##############################################################################*/\r
  15 \r
  16 \r
  17 package org.oran.otf.spring.configuration;\r
  18 \r
  19 import org.apache.catalina.Context;\r
  20 import org.apache.catalina.connector.Connector;\r
  21 import org.apache.tomcat.util.descriptor.web.SecurityCollection;\r
  22 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;\r
  23 import org.springframework.beans.factory.annotation.Value;\r
  24 import org.springframework.boot.context.properties.EnableConfigurationProperties;\r
  25 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;\r
  26 import org.springframework.boot.web.servlet.server.ServletWebServerFactory;\r
  27 import org.springframework.context.annotation.Bean;\r
  28 import org.springframework.context.annotation.Configuration;\r
  29 \r
  30 @Configuration\r
  31 @EnableConfigurationProperties\r
  32 public class HttpSecurityConfiguration {\r
  33     @Value("${security.server.port.http}")\r
  34     private int httpPort;\r
  35 \r
  36     @Value("${security.server.port}")\r
  37     private int httpsPort;\r
  38 \r
  39     @Value("${security.https-only}")\r
  40     private boolean httpsOnly;\r
  41     @Bean\r
  42     public ServletWebServerFactory servletContainer() {\r
  43         TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {\r
  44             @Override\r
  45             protected void postProcessContext(Context context) {\r
  46                 SecurityConstraint securityConstraint = new SecurityConstraint();\r
  47                 if(httpsOnly){ securityConstraint.setUserConstraint("CONFIDENTIAL");}\r
  48                 SecurityCollection collection = new SecurityCollection();\r
  49                 collection.addPattern("/*");\r
  50                 securityConstraint.addCollection(collection);\r
  51                 context.addConstraint(securityConstraint);\r
  52             }\r
  53         };\r
  54         tomcat.addAdditionalTomcatConnectors(redirectConnector());\r
  55         return tomcat;\r
  56     }\r
  57 \r
  58     private Connector redirectConnector() {\r
  59         Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");\r
  60         connector.setScheme("http");\r
  61         connector.setPort(httpPort);\r
  62         connector.setSecure(false);\r
  63         if(httpsOnly) { connector.setRedirectPort(httpsPort); }\r
  64         return connector;\r
  65     }\r
  66 }