Refine access control, peer access
[federation.git] / gateway / src / main / java / org / acumos / federation / gateway / security / X509ResourceFilter.java.noneed
1 /*-
2  * ===============LICENSE_START=======================================================
3  * Acumos
4  * ===================================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property & Tech Mahindra. All rights reserved.
6  * ===================================================================================
7  * This Acumos software file is distributed by AT&T and Tech Mahindra
8  * under the Apache License, Version 2.0 (the "License");
9  * you may not use this file except in compliance with the License.
10  * You may obtain a copy of the License at
11  *  
12  *      http://www.apache.org/licenses/LICENSE-2.0
13  *  
14  * This file is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  * ===============LICENSE_END=========================================================
19  */
20
21 package org.acumos.federation.gateway.security;
22
23 import java.util.List;
24
25 import org.acumos.cds.domain.MLPPeer;
26
27 import org.acumos.federation.gateway.config.EELFLoggerDelegate;
28 import org.acumos.federation.gateway.service.PeerService;
29 import org.acumos.federation.gateway.util.Utils;
30
31 import org.springframework.beans.factory.annotation.Autowired;
32 import org.springframework.beans.factory.annotation.Value;
33 import org.springframework.context.annotation.Bean;
34 import org.springframework.context.annotation.Configuration;
35
36 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
37 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
38 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
39 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
40 import org.springframework.security.core.authority.AuthorityUtils;
41 import org.springframework.security.core.userdetails.User;
42 import org.springframework.security.core.userdetails.UserDetails;
43 import org.springframework.security.core.userdetails.UserDetailsService;
44
45 import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
46 import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
47 import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
48
49 /**
50  * 
51  * X.509 certificate authentication :  verifying the identity of a communication peer when using the HTTPS (HTTP over SSL) protocol.
52  *
53  */
54
55 @Configuration
56 @EnableResourceServer
57 public class X509ResourceFilter extends ResourceServerConfigurerAdapter {
58         
59         private final EELFLoggerDelegate log = EELFLoggerDelegate.getLogger(getClass().getName());
60
61         @Autowired
62         private PeerService peerService;
63
64         public X509ResourceFilter() {
65         }
66
67         @Override
68         public void configure(ResourceServerSecurityConfigurer resources) {
69                 resources
70                         .resourceId("web");
71         }
72
73         @Override
74         public void configure(HttpSecurity http) throws Exception {
75                 http
76                 .authorizeRequests()
77                         .anyRequest().authenticated()
78                 .and()
79                         .x509()
80                                 .subjectPrincipalRegex("CN=(.*?)(?:,|$)")
81                                 .userDetailsService(userDetailsService());
82         }
83         
84         //@Bean
85         public UserDetailsService userDetailsService() {
86                 return (username -> {
87                         log.info(EELFLoggerDelegate.debugLogger, " X509 subject : " + username);
88                         List<MLPPeer> mlpPeers = peerService.getPeer(username);
89                         log.info(EELFLoggerDelegate.debugLogger, " Peers matching X509 subject : " + mlpPeers);
90       if(!Utils.isEmptyList(mlpPeers)) {
91                                 log.info(EELFLoggerDelegate.debugLogger, " We are providing a matching Use ");
92                                 return new Peer(username, Role.PEER.priviledges());
93                         }
94                         else    {
95                                 return new Peer(username, Role.ANY.priviledges());
96                                 //return null;
97                         }
98                 });
99         }
100 }
101