#2533 Basic auth by HTTPS for API httpds - added httpds-basic user

WebContent/WEB-INF/spring-security.xml

@@ -17,6 +17,11 @@
         </headers>
         <csrf disabled="true"/>
         <intercept-url pattern="/services/API" access="permitAll" method="GET" requires-channel="https"/>
+
+        <!-- Only Admin -->
+        <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" method="DELETE" />
+
+        <!-- Other -->
         <intercept-url pattern="/**" access="hasRole('ROLE_SERVICES')" requires-channel="https"/>
 
         <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthFilter"/>
@@ -34,7 +39,13 @@
             <header ref="headersFromSystemSettingsWriter"/>
         </headers>
         <csrf disabled="true"/>
-        <intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')" requires-channel="https"/>
+
+        <!-- Only Admin -->
+        <intercept-url pattern="/**" access="hasRole('ROLE_ADMIN')" method="DELETE" />
+
+        <!-- Other -->
+        <intercept-url pattern="/**" access="hasAnyRole('ROLE_HTTPDS')" />
+        <intercept-url pattern="/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER', 'ROLE_HTTPDS')" requires-channel="https"/>
 
         <custom-filter position="BASIC_AUTH_FILTER" ref="basicAuthFilter"/>
         <session-management session-fixation-protection="newSession" />
@@ -195,6 +206,7 @@
                                authorities-by-username-query="SELECT username,
                                CASE WHEN admin = 'Y' THEN 'ROLE_ADMIN'
                                     WHEN username = 'soap-services' THEN 'ROLE_SERVICES'
+                                    WHEN username = 'httpds-basic' THEN 'ROLE_HTTPDS'
                                     ELSE 'ROLE_USER'
                                END AS role FROM users WHERE username = ?"/>
         </authentication-provider>

src/org/scada_lts/dao/migration/mysql/V2_7_5_3_1__AddHttpdsUser.java

@@ -0,0 +1,54 @@
+package org.scada_lts.dao.migration.mysql;
+
+import com.serotonin.mango.Common;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.flywaydb.core.api.migration.BaseJavaMigration;
+import org.flywaydb.core.api.migration.Context;
+import org.scada_lts.dao.DAO;
+import org.springframework.jdbc.core.ArgumentPreparedStatementSetter;
+import org.springframework.jdbc.core.JdbcTemplate;
+
+import java.sql.PreparedStatement;
+import java.util.List;
+
+public class V2_7_5_3_1__AddHttpdsUser extends BaseJavaMigration {
+
+    private static final Log LOG = LogFactory.getLog(V2_7_5_3_1__AddHttpdsUser.class);
+
+    @Override
+    public void migrate(Context context) throws Exception {
+
+        try {
+            final JdbcTemplate jdbcTemplate = DAO.getInstance().getJdbcTemp();
+
+            String userInsert = "insert into users (username, password, email, phone, admin, disabled, " +
+                    "homeUrl, receiveAlarmEmails, receiveOwnAuditEvents) values (?,?,?,?,?,?,?,?,?);";
+            addHttpdsBasicUser(jdbcTemplate, userInsert);
+        } catch (Exception ex) {
+            LOG.error(ex.getMessage(), ex);
+            throw ex;
+        }
+    }
+
+    private void addHttpdsBasicUser(JdbcTemplate jdbcTmp, String userInsert) {
+        List<Integer> ids = jdbcTmp.queryForList("select id from users where username = ?", new Object[]{"httpds-basic"}, Integer.class);
+        if(ids.isEmpty()) {
+            jdbcTmp.update(connection -> {
+                PreparedStatement preparedStatement = connection.prepareStatement(userInsert);
+                new ArgumentPreparedStatementSetter(new Object[]{
+                        "httpds-basic",
+                        Common.encrypt("httpds-basic"),
+                        "null@null.com",
+                        "",
+                        "N",
+                        "Y",
+                        "",
+                        0,
+                        "N"
+                }).setValues(preparedStatement);
+                return preparedStatement;
+            });
+        }
+    }
+}