diff options
Diffstat (limited to 'vid-app-common/src/main/java/org/onap/vid/roles')
4 files changed, 144 insertions, 76 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java new file mode 100644 index 000000000..4e5340fc2 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java @@ -0,0 +1,43 @@ +/*- + * ============LICENSE_START======================================================= + * VID + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.vid.roles; + +public class AlwaysValidRoleValidator implements RoleValidator { + + AlwaysValidRoleValidator() { + // package visibility, only for RoleValidator's factory + } + + @Override + public boolean isSubscriberPermitted(String subscriberName) { + return true; + } + + @Override + public boolean isServicePermitted(String subscriberName, String serviceType) { + return true; + } + + @Override + public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { + return true; + } +} diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java index d3d2b80e2..6c0fd3f52 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java @@ -24,6 +24,14 @@ package org.onap.vid.roles; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import io.joshworks.restclient.http.HttpResponse; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.function.Function; +import java.util.stream.Collectors; +import javax.servlet.http.HttpServletRequest; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.web.support.UserUtils; import org.onap.vid.aai.exceptions.RoleParsingException; @@ -34,11 +42,6 @@ import org.onap.vid.services.AaiService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import javax.servlet.http.HttpServletRequest; -import java.util.*; -import java.util.function.Function; -import java.util.stream.Collectors; - /** * Created by Oren on 7/1/17. @@ -159,7 +162,7 @@ public class RoleProvider { } public RoleValidator getUserRolesValidator(HttpServletRequest request) { - return new RoleValidator(getUserRoles(request)); + return RoleValidator.by(getUserRoles(request)); } } diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java index 4b92b6413..d37477610 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java @@ -3,6 +3,7 @@ * VID * ================================================================================ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2018 - 2019 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,82 +22,23 @@ package org.onap.vid.roles; import java.util.List; -import java.util.Map; +import org.apache.commons.lang3.StringUtils; import org.onap.portalsdk.core.util.SystemProperties; -import org.onap.vid.mso.rest.RequestDetails; -/** - * Created by Oren on 7/12/17. - */ -public class RoleValidator { - - private boolean disableRoles; - private final List<Role> userRoles; - - public RoleValidator(List<Role> roles) { - this.userRoles = roles; - disableRoles = SystemProperties.getProperty("role_management_activated").equals("false"); - } - - public boolean isSubscriberPermitted(String subscriberName) { - if (this.disableRoles) { - return true; - } - - for (Role role : userRoles) { - if (role.getSubscribeName().equals(subscriberName)) { - return true; - } - } - return false; - } - - public boolean isServicePermitted(String subscriberName, String serviceType) { - if (this.disableRoles) { - return true; - } - - for (Role role : userRoles) { - if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) { - return true; - } - } - return false; - } +public interface RoleValidator { - boolean isMsoRequestValid(RequestDetails msoRequest) { - if (this.disableRoles) { - return true; - } + static RoleValidator by(List<Role> roles) { + boolean disableRoles = + StringUtils.equals(SystemProperties.getProperty("role_management_activated"), "false"); - try { - String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties() - .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); - String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails")) - .get("requestParameters")).get("subscriptionServiceType"); - return isServicePermitted(globalSubscriberIdRequested, serviceType); - } catch (Exception e) { - //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso - return true; - } + return disableRoles + ? new AlwaysValidRoleValidator() + : new RoleValidatorByRoles(roles); } - public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { - if (this.disableRoles) { - return true; - } + boolean isSubscriberPermitted(String subscriberName); - for (Role role : userRoles) { - if (role.getSubscribeName().equals(globalCustomerId) - && role.getServiceType().equals(serviceType) - && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) { - return true; - } - } - return false; - } + boolean isServicePermitted(String subscriberName, String serviceType); - void enableRoles() { - this.disableRoles = false; - } + boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName); } diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java new file mode 100644 index 000000000..ad5b519c4 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java @@ -0,0 +1,80 @@ +/*- + * ============LICENSE_START======================================================= + * VID + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.vid.roles; + +import java.util.List; +import java.util.Map; +import org.onap.vid.mso.rest.RequestDetails; + +public class RoleValidatorByRoles implements RoleValidator { + + private final List<Role> userRoles; + + RoleValidatorByRoles(List<Role> roles) { + this.userRoles = roles; + } + + @Override + public boolean isSubscriberPermitted(String subscriberName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName)) { + return true; + } + } + return false; + } + + @Override + public boolean isServicePermitted(String subscriberName, String serviceType) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) { + return true; + } + } + return false; + } + + @Override + public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(globalCustomerId) + && role.getServiceType().equals(serviceType) + && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) { + return true; + } + } + return false; + } + + boolean isMsoRequestValid(RequestDetails msoRequest) { + try { + String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties() + .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); + String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails")) + .get("requestParameters")).get("subscriptionServiceType"); + return isServicePermitted(globalSubscriberIdRequested, serviceType); + } catch (Exception e) { + //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso + return true; + } + } + +} |