otf-service-api/src/main/java/org/oran/otf/api/config/HttpSecurityConfiguration.java

   1 /*  Copyright (c) 2019 AT&T Intellectual Property.                             #\r
   2 #                                                                              #\r
   3 #   Licensed under the Apache License, Version 2.0 (the "License");            #\r
   4 #   you may not use this file except in compliance with the License.           #\r
   5 #   You may obtain a copy of the License at                                    #\r
   6 #                                                                              #\r
   7 #       http://www.apache.org/licenses/LICENSE-2.0                             #\r
   8 #                                                                              #\r
   9 #   Unless required by applicable law or agreed to in writing, software        #\r
  10 #   distributed under the License is distributed on an "AS IS" BASIS,          #\r
  11 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #\r
  12 #   See the License for the specific language governing permissions and        #\r
  13 #   limitations under the License.                                             #\r
  14 ##############################################################################*/\r
  15 \r
  16 \r
  17 package org.oran.otf.api.config;\r
  18 \r
  19 import org.apache.catalina.Context;\r
  20 import org.apache.catalina.connector.Connector;\r
  21 import org.apache.tomcat.util.descriptor.web.SecurityCollection;\r
  22 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;\r
  23 import org.springframework.beans.factory.annotation.Value;\r
  24 import org.springframework.boot.context.properties.EnableConfigurationProperties;\r
  25 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;\r
  26 import org.springframework.boot.web.servlet.server.ServletWebServerFactory;\r
  27 import org.springframework.context.annotation.Bean;\r
  28 import org.springframework.context.annotation.Configuration;\r
  29 \r
  30 @Configuration\r
  31 @EnableConfigurationProperties\r
  32 public class HttpSecurityConfiguration {\r
  33   @Value("${server.port.http}")\r
  34   private int httpPort;\r
  35 \r
  36   @Value("${server.port}")\r
  37   private int httpsPort;\r
  38 \r
  39   @Value("${ssl.flag}")\r
  40   private boolean httpsOnly;\r
  41 \r
  42   @Bean\r
  43   public ServletWebServerFactory servletContainer() {\r
  44     TomcatServletWebServerFactory tomcat =\r
  45         new TomcatServletWebServerFactory(){\r
  46           @Override\r
  47           protected void postProcessContext(Context context) {\r
  48             SecurityConstraint securityConstraint = new SecurityConstraint();\r
  49             if(httpsOnly){ securityConstraint.setUserConstraint("CONFIDENTIAL");}\r
  50             SecurityCollection collection = new SecurityCollection();\r
  51             collection.addPattern("/*");\r
  52             securityConstraint.addCollection(collection);\r
  53             context.addConstraint(securityConstraint);\r
  54           }\r
  55         };\r
  56     tomcat.addAdditionalTomcatConnectors(redirectConnector());\r
  57     return tomcat;\r
  58   }\r
  59 \r
  60   private Connector redirectConnector() {\r
  61     Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");\r
  62     connector.setScheme("http");\r
  63     connector.setPort(httpPort);\r
  64     connector.setSecure(false);\r
  65     if(httpsOnly) { connector.setRedirectPort(httpsPort); }\r
  66     return connector;\r
  67   }\r
  68 }\r