diff options
author | sg481n <sg481n@att.com> | 2017-08-28 12:11:35 -0400 |
---|---|---|
committer | sg481n <sg481n@att.com> | 2017-08-28 12:11:47 -0400 |
commit | bd890c575163e4d87ac24198b9c68a39cf4bbc4d (patch) | |
tree | 2d6c5baa66d1df8f8c841d39646e93020ed203bc /authz-gw/src/main/java/org/onap | |
parent | 72b21f2ac109b0d95fef3ef608c0c343337d4ce2 (diff) |
Update project structure to org.onap.aaf
Update project structure of authz module in aaf from
com.att to org.onap.aaf and add distribution management
and repositories.
Issue-id: AAF-21
Change-Id: Ia2486954e99f2bd60f18122ed60d32d5590781e9
Signed-off-by: sg481n <sg481n@att.com>
Diffstat (limited to 'authz-gw/src/main/java/org/onap')
15 files changed, 1664 insertions, 0 deletions
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java new file mode 100644 index 00000000..5872e7d3 --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwAPI.java @@ -0,0 +1,248 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw;
+
+import java.net.HttpURLConnection;
+import java.util.ArrayList;
+import java.util.EnumSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.gw.api.API_AAFAccess;
+import org.onap.aaf.authz.gw.api.API_Api;
+import org.onap.aaf.authz.gw.api.API_Find;
+import org.onap.aaf.authz.gw.api.API_Proxy;
+import org.onap.aaf.authz.gw.api.API_TGuard;
+import org.onap.aaf.authz.gw.facade.GwFacade_1_0;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.server.AbsServer;
+import org.onap.aaf.cache.Cache;
+import org.onap.aaf.cache.Cache.Dated;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.api.DME2Exception;
+
+import com.att.aft.dme2.api.DME2Manager;
+import com.att.aft.dme2.api.DME2Server;
+import com.att.aft.dme2.api.DME2ServerProperties;
+import com.att.aft.dme2.api.DME2ServiceHolder;
+import com.att.aft.dme2.api.util.DME2FilterHolder;
+import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;
+import com.att.aft.dme2.api.util.DME2ServletHolder;
+import org.onap.aaf.cadi.CadiException;
+//import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
+import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.inno.env.APIException;
+
+public class GwAPI extends AbsServer {
+ private static final String USER_PERMS = "userPerms";
+ private GwFacade_1_0 facade; // this is the default Facade
+ private GwFacade_1_0 facade_1_0_XML;
+ public Map<String, Dated> cacheUser;
+ public final String aafurl;
+ public final AAFAuthn<HttpURLConnection> aafAuthn;
+ public final AAFLurPerm aafLurPerm;
+ public DME2Manager dme2Man;
+
+
+ /**
+ * Construct AuthzAPI with all the Context Supporting Routes that Authz needs
+ *
+ * @param env
+ * @param si
+ * @param dm
+ * @param decryptor
+ * @throws APIException
+ */
+ public GwAPI(AuthzEnv env) throws Exception {
+ super(env,"AAF GW");
+ aafurl = env.getProperty(Config.AAF_URL);
+
+ // Setup Logging
+ //env.setLog4JNames("log4j.properties","authz","gw","audit","init","trace");
+
+ aafLurPerm = aafCon.newLur();
+ // Note: If you need both Authn and Authz construct the following:
+ aafAuthn = aafCon.newAuthn(aafLurPerm);
+
+ // Initialize Facade for all uses
+ //AuthzTrans trans = env.newTrans();
+
+ // facade = GwFacadeFactory.v1_0(env,trans,Data.TYPE.JSON); // Default Facade
+ // facade_1_0_XML = GwFacadeFactory.v1_0(env,trans,Data.TYPE.XML);
+
+ synchronized(env) {
+ if(cacheUser == null) {
+ cacheUser = Cache.obtain(USER_PERMS);
+ //Cache.startCleansing(env, USER_PERMS);
+ Cache.addShutdownHook(); // Setup Shutdown Hook to close cache
+ }
+ }
+
+ ////////////////////////////////////////////////////////////////////////////
+ // Time Critical
+ // These will always be evaluated first
+ ////////////////////////////////////////////////////////////////////////
+ API_AAFAccess.init(this,facade);
+ API_Find.init(this, facade);
+ API_TGuard.init(this, facade);
+ API_Proxy.init(this, facade);
+
+ ////////////////////////////////////////////////////////////////////////
+ // Management APIs
+ ////////////////////////////////////////////////////////////////////////
+ // There are several APIs around each concept, and it gets a bit too
+ // long in this class to create. The initialization of these Management
+ // APIs have therefore been pushed to StandAlone Classes with static
+ // init functions
+ API_Api.init(this, facade);
+
+ ////////////////////////////////////////////////////////////////////////
+ // Default Function
+ ////////////////////////////////////////////////////////////////////////
+ API_AAFAccess.initDefault(this,facade);
+
+ }
+
+ /**
+ * Setup XML and JSON implementations for each supported Version type
+ *
+ * We do this by taking the Code passed in and creating clones of these with the appropriate Facades and properties
+ * to do Versions and Content switches
+ *
+ */
+ public void route(HttpMethods meth, String path, API api, GwCode code) throws Exception {
+ String version = "1.0";
+ // Get Correct API Class from Mapper
+ Class<?> respCls = facade.mapper().getClass(api);
+ if(respCls==null) throw new Exception("Unknown class associated with " + api.getClass().getName() + ' ' + api.name());
+ // setup Application API HTML ContentTypes for JSON and Route
+ String application = applicationJSON(respCls, version);
+ //route(env,meth,path,code,application,"application/json;version="+version,"*/*");
+
+ // setup Application API HTML ContentTypes for XML and Route
+ application = applicationXML(respCls, version);
+ //route(env,meth,path,code.clone(facade_1_0_XML,false),application,"text/xml;version="+version);
+
+ // Add other Supported APIs here as created
+ }
+
+ public void routeAll(HttpMethods meth, String path, API api, GwCode code) throws Exception {
+ //route(env,meth,path,code,""); // this will always match
+ }
+
+
+ /**
+ * Start up AuthzAPI as DME2 Service
+ * @param env
+ * @param props
+ * @throws DME2Exception
+ * @throws CadiException
+ */
+ public void startDME2(Properties props) throws DME2Exception, CadiException {
+
+ dme2Man = new DME2Manager("GatewayDME2Manager",props);
+
+ DME2ServiceHolder svcHolder;
+ List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();
+ svcHolder = new DME2ServiceHolder();
+ String serviceName = env.getProperty("DMEServiceName",null);
+ if(serviceName!=null) {
+ svcHolder.setServiceURI(serviceName);
+ svcHolder.setManager(dme2Man);
+ svcHolder.setContext("/");
+
+
+
+ DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[] {"/dme2","/api"});
+ srvHolder.setContextPath("/*");
+ slist.add(srvHolder);
+
+ EnumSet<RequestDispatcherType> edlist = EnumSet.of(
+ RequestDispatcherType.REQUEST,
+ RequestDispatcherType.FORWARD,
+ RequestDispatcherType.ASYNC
+ );
+
+ ///////////////////////
+ // Apply Filters
+ ///////////////////////
+ List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();
+
+ // Leave Login page un secured
+ // AuthzTransOnlyFilter atof = new AuthzTransOnlyFilter(env);
+ // flist.add(new DME2FilterHolder(atof,"/login", edlist));
+
+ // Secure all other interactions with AuthzTransFilter
+// flist.add(new DME2FilterHolder(
+// new AuthzTransFilter(env, aafCon, new AAFTrustChecker(
+// env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN),
+// Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust"
+// )),
+// "/*", edlist));
+//
+
+ svcHolder.setFilters(flist);
+ svcHolder.setServletHolders(slist);
+
+ DME2Server dme2svr = dme2Man.getServer();
+// dme2svr.setGracefulShutdownTimeMs(1000);
+
+ // env.init().log("Starting GW Jetty/DME2 server...");
+ dme2svr.start();
+ DME2ServerProperties dsprops = dme2svr.getServerProperties();
+ try {
+// if(env.getProperty("NO_REGISTER",null)!=null)
+ dme2Man.bindService(svcHolder);
+// env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());
+
+ while(true) { // Per DME2 Examples...
+ Thread.sleep(5000);
+ }
+ } catch(InterruptedException e) {
+ // env.init().log("AAF Jetty Server interrupted!");
+ } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process
+ // env.init().log(e,"DME2 Initialization Error");
+ dme2svr.stop();
+ System.exit(1);
+ }
+ } else {
+ //env.init().log("Properties must contain DMEServiceName");
+ }
+ }
+
+ public static void main(String[] args) {
+ setup(GwAPI.class,"authGW.props");
+ }
+
+// public void route(PropAccess env, HttpMethods get, String string, GwCode gwCode, String string2, String string3,
+// String string4) {
+// // TODO Auto-generated method stub
+//
+// }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java new file mode 100644 index 00000000..a9e6eb21 --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/GwCode.java @@ -0,0 +1,45 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.cssa.rserv.HttpCode;
+
+public abstract class GwCode extends HttpCode<AuthzTrans, GwFacade> implements Cloneable {
+ public boolean useJSON;
+
+ public GwCode(GwFacade facade, String description, boolean useJSON, String ... roles) {
+ super(facade, description, roles);
+ this.useJSON = useJSON;
+ }
+
+ public <D extends GwCode> D clone(GwFacade facade, boolean useJSON) throws Exception {
+ @SuppressWarnings("unchecked")
+ D d = (D)clone();
+ d.useJSON = useJSON;
+ d.context = facade;
+ return d;
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java new file mode 100644 index 00000000..202ec58e --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_AAFAccess.java @@ -0,0 +1,363 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import java.io.IOException;
+import java.net.ConnectException;
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.security.Principal;
+
+import javax.servlet.ServletOutputStream;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cache.Cache.Dated;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.Locator;
+import org.onap.aaf.cadi.Locator.Item;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.cadi.dme2.DME2Locator;
+import org.onap.aaf.cadi.principal.BasicPrincipal;
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Env;
+import org.onap.aaf.inno.env.TimeTaken;
+
+public class API_AAFAccess {
+ private static final String AUTHZ_DME2_GUI = "com.att.authz.authz-gui";
+ static final String AFT_ENVIRONMENT="AFT_ENVIRONMENT";
+ static final String AFT_ENV_CONTEXT="AFT_ENV_CONTEXT";
+ static final String AFTUAT="AFTUAT";
+
+ private static final String PROD = "PROD";
+ private static final String IST = "IST"; // main NONPROD system
+ private static final String PERF = "PERF";
+ private static final String TEST = "TEST";
+ private static final String DEV = "DEV";
+
+// private static String service, version, envContext;
+ private static String routeOffer;
+
+ private static final String GET_PERMS_BY_USER = "Get Perms by User";
+ private static final String USER_HAS_PERM ="User Has Perm";
+// private static final String USER_IN_ROLE ="User Has Role";
+ private static final String BASIC_AUTH ="AAF Basic Auth";
+
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);
+ if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");
+
+ int equals, count=0;
+ for(int slash = gwAPI.aafurl.indexOf('/');slash>0;++count) {
+ equals = gwAPI.aafurl.indexOf('=',slash)+1;
+ slash = gwAPI.aafurl.indexOf('/',slash+1);
+ switch(count) {
+ case 2:
+// service = gwAPI.aafurl.substring(equals, slash);
+ break;
+ case 3:
+// version = gwAPI.aafurl.substring(equals, slash);
+ break;
+ case 4:
+// envContext = gwAPI.aafurl.substring(equals, slash);
+ break;
+ case 5:
+ routeOffer = gwAPI.aafurl.substring(equals);
+ break;
+ }
+ }
+ if(count<6) throw new MalformedURLException(gwAPI.aafurl);
+
+ gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new GwCode(facade,GET_PERMS_BY_USER, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
+ try {
+ final String accept = req.getHeader("ACCEPT");
+ final String user = pathParam(req,":user");
+ if(!user.contains("@")) {
+ context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
+ return;
+ }
+ String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
+ TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
+ Dated d;
+ try {
+ d = gwAPI.cacheUser.get(key);
+ } finally {
+ tt2.done();
+ }
+
+ if(d==null || d.data.isEmpty()) {
+ tt2 = trans.start("AAF Service Call",Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<String> fp = client.read("/authz/perms/user/"+user,accept);
+ if(fp.get(5000)) {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));
+ resp.setStatus(HttpStatus.OK_200);
+ ServletOutputStream sos;
+ try {
+ sos = resp.getOutputStream();
+ sos.print(fp.value);
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
+ } else {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body())));
+ context.error(trans,resp,fp.code(),fp.body());
+ }
+ return null;
+ }
+ });
+ } finally {
+ tt2.done();
+ }
+ } else {
+ User u = (User)d.data.get(0);
+ resp.setStatus(u.code);
+ ServletOutputStream sos = resp.getOutputStream();
+ sos.print(u.resp);
+ }
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new GwCode(facade,BASIC_AUTH, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Principal p = trans.getUserPrincipal();
+ if(p == null) {
+ trans.error().log("Transaction not Authenticated... no Principal");
+ resp.setStatus(HttpStatus.FORBIDDEN_403);
+ } else if (p instanceof BasicPrincipal) {
+ // the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok
+ // otherwise, it wouldn't have gotten here.
+ resp.setStatus(HttpStatus.OK_200);
+ } else {
+ trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");
+ // For Auth Security questions, we don't give any info to client on why failed
+ resp.setStatus(HttpStatus.FORBIDDEN_403);
+ }
+ }
+ },"text/plain","*/*","*");
+
+ /**
+ * Query User Has Perm
+ */
+ gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new GwCode(facade,USER_HAS_PERM, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ resp.getOutputStream().print(
+ gwAPI.aafLurPerm.fish(pathParam(req,":user"), new AAFPermission(
+ pathParam(req,":type"),
+ pathParam(req,":instance"),
+ pathParam(req,":action"))));
+ resp.setStatus(HttpStatus.OK_200);
+ } catch(Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ if(AFTUAT.equals(aftenv)) {
+ gwAPI.route(HttpMethods.GET,"/ist/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access UAT GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try{
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), IST, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ gwAPI.route(HttpMethods.GET,"/test/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access TEST GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try{
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), TEST, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ gwAPI.route(HttpMethods.GET,"/perf/aaf/:version/:path*",API.VOID ,new GwCode(facade,"Access PERF GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try{
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PERF, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ gwAPI.route(HttpMethods.GET,"/dev/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access DEV GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), DEV, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ } else {
+ gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new GwCode(facade,"Access PROD GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, pathParam(req,":version"), PROD, routeOffer),
+ pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ }
+
+ }
+
+ public static void initDefault(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ String aftenv = gwAPI.env.getProperty(AFT_ENVIRONMENT);
+ if(aftenv==null) throw new Exception(AFT_ENVIRONMENT + " must be set");
+
+ String aftctx = gwAPI.env.getProperty(AFT_ENV_CONTEXT);
+ if(aftctx==null) throw new Exception(AFT_ENV_CONTEXT + " must be set");
+
+ /**
+ * "login" url
+ */
+ gwAPI.route(HttpMethods.GET,"/login",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer),
+ "login");
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ /**
+ * Default URL
+ */
+ gwAPI.route(HttpMethods.GET,"/",API.VOID,new GwCode(facade,"Access " + aftctx + " GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ new DME2Locator(gwAPI.env, gwAPI.dme2Man, AUTHZ_DME2_GUI, "2.0", aftctx, routeOffer),
+ "gui/home");
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+ }
+
+ private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, GwFacade context, Locator loc, String path) throws IOException {
+ try {
+ if(loc.hasItems()) {
+ Item item = loc.best();
+ URI uri = (URI) loc.get(item);
+ StringBuilder redirectURL = new StringBuilder(uri.toString());
+ redirectURL.append('/');
+ redirectURL.append(path);
+ String str = req.getQueryString();
+ if(str!=null) {
+ redirectURL.append('?');
+ redirectURL.append(str);
+ }
+ trans.info().log("Redirect to",redirectURL);
+ resp.sendRedirect(redirectURL.toString());
+ } else {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));
+ }
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));
+ }
+ }
+
+ private static class User {
+ public final int code;
+ public final String resp;
+
+ public User(int code, String resp) {
+ this.code = code;
+ this.resp = resp;
+ }
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java new file mode 100644 index 00000000..0a828f92 --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Api.java @@ -0,0 +1,99 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import static org.onap.aaf.authz.layer.Result.OK;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+import org.onap.aaf.cadi.Symm;
+
+/**
+ * API Apis
+ *
+ */
+public class API_Api {
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ ////////
+ // Overall APIs
+ ///////
+ gwAPI.route(HttpMethods.GET,"/api",API.VOID,new GwCode(facade,"Document API", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Result<Void> r = context.getAPI(trans,resp,gwAPI);
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+
+ }
+ });
+
+ ////////
+ // Overall Examples
+ ///////
+ gwAPI.route(HttpMethods.GET,"/api/example/*",API.VOID,new GwCode(facade,"Document API", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ String pathInfo = req.getPathInfo();
+ int question = pathInfo.lastIndexOf('?');
+
+ pathInfo = pathInfo.substring(13, question<0?pathInfo.length():question);// IMPORTANT, this is size of "/api/example/"
+ String nameOrContextType=Symm.base64noSplit.decode(pathInfo);
+// String param = req.getParameter("optional");
+ Result<Void> r = context.getAPIExample(trans,resp,nameOrContextType,
+ question>=0 && "optional=true".equalsIgnoreCase(req.getPathInfo().substring(question+1))
+ );
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+
+ }
+ });
+
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java new file mode 100644 index 00000000..63595f0e --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Find.java @@ -0,0 +1,87 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import java.net.URI;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import org.onap.aaf.cadi.Locator;
+import org.onap.aaf.cadi.Locator.Item;
+import org.onap.aaf.cadi.LocatorException;
+import org.onap.aaf.cadi.dme2.DME2Locator;
+
+/**
+ * API Apis.. using Redirect for mechanism
+ *
+ *
+ */
+public class API_Find {
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ ////////
+ // Overall APIs
+ ///////
+ gwAPI.route(HttpMethods.GET,"/dme2/:service/:version/:envContext/:routeOffer/:path*",API.VOID,new GwCode(facade,"Document API", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ //TODO cache this...
+ try {
+ Locator loc = new DME2Locator(gwAPI.env, gwAPI.dme2Man,
+ pathParam(req,":service"),
+ pathParam(req,":version"),
+ pathParam(req,":envContext"),
+ pathParam(req,":routeOffer")
+ );
+ if(loc.hasItems()) {
+ Item item = loc.best();
+ URI uri = (URI) loc.get(item);
+ String redirectURL = uri.toString() + '/' + pathParam(req,":path");
+ trans.warn().log("Redirect to",redirectURL);
+ resp.sendRedirect(redirectURL);
+ } else {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"%s is not valid",req.getPathInfo()));
+ }
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.err(Result.ERR_NotFound,"No DME2 Endpoints found for %s",req.getPathInfo()));
+ }
+ }
+ });
+
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java new file mode 100644 index 00000000..90d754ec --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_Proxy.java @@ -0,0 +1,156 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import java.net.ConnectException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+import org.onap.aaf.cadi.CadiException;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.client.Rcli;
+import org.onap.aaf.cadi.client.Retryable;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Env;
+import org.onap.aaf.inno.env.TimeTaken;
+
+/**
+ * API Apis.. using Redirect for mechanism
+ *
+ *
+ */
+public class API_Proxy {
+
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+
+ String aafurl = gwAPI.env.getProperty(Config.AAF_URL);
+ if(aafurl==null) {
+ } else {
+
+ ////////
+ // Transferring APIs
+ ///////
+ gwAPI.routeAll(HttpMethods.GET,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy GET", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.routeAll(HttpMethods.POST,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy POST", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.CREATED_201);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.routeAll(HttpMethods.PUT,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy PUT", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+ gwAPI.routeAll(HttpMethods.DELETE,"/proxy/:path*",API.VOID,new GwCode(facade,"Proxy DELETE", true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start("Forward to AAF Service", Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<Void> ft = client.transfer(req,resp,pathParam(req, ":path"),HttpStatus.OK_200);
+ ft.get(10000); // Covers return codes and err messages
+ return null;
+ }
+ });
+ } catch (CadiException | APIException e) {
+ trans.error().log(e);
+ } finally {
+ tt.done();
+ }
+ }
+ });
+ }
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java new file mode 100644 index 00000000..876782fa --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/api/API_TGuard.java @@ -0,0 +1,75 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.api;
+
+import static org.onap.aaf.authz.layer.Result.OK;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.GwAPI;
+import org.onap.aaf.authz.gw.GwCode;
+import org.onap.aaf.authz.gw.facade.GwFacade;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.HttpMethods;
+
+import com.att.aft.dme2.internal.jetty.http.HttpStatus;
+
+/**
+ * API Apis
+ *
+ */
+public class API_TGuard {
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final GwAPI gwAPI, GwFacade facade) throws Exception {
+ String aftenv = gwAPI.env.getProperty(API_AAFAccess.AFT_ENVIRONMENT);
+ if(aftenv==null) throw new Exception(API_AAFAccess.AFT_ENVIRONMENT + " must be set");
+
+ ////////
+ // Do not deploy these to PROD
+ ///////
+ if(API_AAFAccess.AFTUAT.equals(aftenv)) {
+ gwAPI.route(HttpMethods.GET,"/tguard/:path*",API.VOID,new GwCode(facade,"TGuard Test", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ Result<Void> r = context.getAPI(trans,resp,gwAPI);
+ switch(r.status) {
+ case OK:
+ resp.setStatus(HttpStatus.OK_200);
+ break;
+ default:
+ context.error(trans,resp,r);
+ }
+ }
+ });
+ }
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java new file mode 100644 index 00000000..e5f3919d --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade.java @@ -0,0 +1,74 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.RServlet;
+
+
+/**
+ *
+ *
+ */
+public interface GwFacade {
+
+///////////////////// STANDARD ELEMENTS //////////////////
+ /**
+ * @param trans
+ * @param response
+ * @param result
+ */
+ void error(AuthzTrans trans, HttpServletResponse response, Result<?> result);
+
+ /**
+ *
+ * @param trans
+ * @param response
+ * @param status
+ */
+ void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... detail);
+
+
+ /**
+ *
+ * @param trans
+ * @param resp
+ * @param rservlet
+ * @return
+ */
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet);
+
+ /**
+ *
+ * @param trans
+ * @param resp
+ * @param typeCode
+ * @param optional
+ * @return
+ */
+ public abstract Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String typeCode, boolean optional);
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java new file mode 100644 index 00000000..30f9ce2a --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeFactory.java @@ -0,0 +1,48 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.mapper.Mapper_1_0;
+import org.onap.aaf.authz.gw.service.GwServiceImpl;
+
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Data;
+
+import gw.v1_0.Error;
+import gw.v1_0.InRequest;
+import gw.v1_0.Out;
+
+
+public class GwFacadeFactory {
+ public static GwFacade_1_0 v1_0(AuthzEnv env, AuthzTrans trans, Data.TYPE type) throws APIException {
+ return new GwFacade_1_0(env,
+ new GwServiceImpl<
+ InRequest,
+ Out,
+ Error>(trans,new Mapper_1_0()),
+ type);
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java new file mode 100644 index 00000000..fa610669 --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacadeImpl.java @@ -0,0 +1,258 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+
+import static org.onap.aaf.authz.layer.Result.ERR_ActionNotCompleted;
+import static org.onap.aaf.authz.layer.Result.ERR_BadData;
+import static org.onap.aaf.authz.layer.Result.ERR_ConflictAlreadyExists;
+import static org.onap.aaf.authz.layer.Result.ERR_Denied;
+import static org.onap.aaf.authz.layer.Result.ERR_NotFound;
+import static org.onap.aaf.authz.layer.Result.ERR_NotImplemented;
+import static org.onap.aaf.authz.layer.Result.ERR_Policy;
+import static org.onap.aaf.authz.layer.Result.ERR_Security;
+
+import java.lang.reflect.Method;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.mapper.Mapper;
+import org.onap.aaf.authz.gw.mapper.Mapper.API;
+import org.onap.aaf.authz.gw.service.GwService;
+import org.onap.aaf.authz.gw.service.GwServiceImpl;
+import org.onap.aaf.authz.layer.FacadeImpl;
+import org.onap.aaf.authz.layer.Result;
+import org.onap.aaf.cssa.rserv.RServlet;
+import org.onap.aaf.cssa.rserv.RouteReport;
+import org.onap.aaf.cssa.rserv.doc.ApiDoc;
+
+import org.onap.aaf.cadi.aaf.client.Examples;
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Data;
+import org.onap.aaf.inno.env.Data.TYPE;
+import org.onap.aaf.inno.env.Env;
+import org.onap.aaf.inno.env.TimeTaken;
+import org.onap.aaf.rosetta.env.RosettaDF;
+
+import gw.v1_0.Api;
+
+/**
+ * AuthzFacade
+ *
+ * This Service Facade encapsulates the essence of the API Service can do, and provides
+ * a single created object for elements such as RosettaDF.
+ *
+ * The Responsibilities of this class are to:
+ * 1) Interact with the Service Implementation (which might be supported by various kinds of Backend Storage)
+ * 2) Validate incoming data (if applicable)
+ * 3) Convert the Service response into the right Format, and mark the Content Type
+ * a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.
+ * 4) Log Service info, warnings and exceptions as necessary
+ * 5) When asked by the API layer, this will create and write Error content to the OutputStream
+ *
+ * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be
+ * clearly coordinated with the API Documentation
+ *
+ *
+ */
+public abstract class GwFacadeImpl<IN,OUT,ERROR> extends FacadeImpl implements GwFacade
+ {
+ private GwService<IN,OUT,ERROR> service;
+
+ private final RosettaDF<ERROR> errDF;
+ private final RosettaDF<Api> apiDF;
+
+ public GwFacadeImpl(AuthzEnv env, GwService<IN,OUT,ERROR> service, Data.TYPE dataType) throws APIException {
+ this.service = service;
+ (errDF = env.newDataFactory(mapper().getClass(API.ERROR))).in(dataType).out(dataType);
+ (apiDF = env.newDataFactory(Api.class)).in(dataType).out(dataType);
+ }
+
+ public Mapper<IN,OUT,ERROR> mapper() {
+ return service.mapper();
+ }
+
+ /* (non-Javadoc)
+ * @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, int)
+ *
+ * Note: Conforms to AT&T TSS RESTful Error Structure
+ */
+ @Override
+ public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {
+ String msg = result.details==null?"":result.details.trim();
+ String[] detail;
+ if(result.variables==null) {
+ detail = new String[1];
+ } else {
+ int l = result.variables.length;
+ detail=new String[l+1];
+ System.arraycopy(result.variables, 0, detail, 1, l);
+ }
+ error(trans, response, result.status,msg,detail);
+ }
+
+ @Override
+ public void error(AuthzTrans trans, HttpServletResponse response, int status, String msg, String ... _detail) {
+ String[] detail = _detail;
+ if(detail.length==0) {
+ detail=new String[1];
+ }
+ String msgId;
+ switch(status) {
+ case 202:
+ case ERR_ActionNotCompleted:
+ msgId = "SVC1202";
+ detail[0] = "Accepted, Action not complete";
+ response.setStatus(/*httpstatus=*/202);
+ break;
+
+ case 403:
+ case ERR_Policy:
+ case ERR_Security:
+ case ERR_Denied:
+ msgId = "SVC1403";
+ detail[0] = "Forbidden";
+ response.setStatus(/*httpstatus=*/403);
+ break;
+
+ case 404:
+ case ERR_NotFound:
+ msgId = "SVC1404";
+ detail[0] = "Not Found";
+ response.setStatus(/*httpstatus=*/404);
+ break;
+
+ case 406:
+ case ERR_BadData:
+ msgId="SVC1406";
+ detail[0] = "Not Acceptable";
+ response.setStatus(/*httpstatus=*/406);
+ break;
+
+ case 409:
+ case ERR_ConflictAlreadyExists:
+ msgId = "SVC1409";
+ detail[0] = "Conflict Already Exists";
+ response.setStatus(/*httpstatus=*/409);
+ break;
+
+ case 501:
+ case ERR_NotImplemented:
+ msgId = "SVC1501";
+ detail[0] = "Not Implemented";
+ response.setStatus(/*httpstatus=*/501);
+ break;
+
+
+ default:
+ msgId = "SVC1500";
+ detail[0] = "General Service Error";
+ response.setStatus(/*httpstatus=*/500);
+ break;
+ }
+
+ try {
+ StringBuilder holder = new StringBuilder();
+ errDF.newData(trans).load(
+ mapper().errorFromMessage(holder,msgId,msg,detail)).to(response.getOutputStream());
+ trans.checkpoint(
+ "ErrResp [" +
+ msgId +
+ "] " +
+ holder.toString(),
+ Env.ALWAYS);
+ } catch (Exception e) {
+ trans.error().log(e,"unable to send response for",msg);
+ }
+ }
+
+ /* (non-Javadoc)
+ * @see com.att.authz.facade.AuthzFacade#getAPI(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse)
+ */
+ public final static String API_REPORT = "apiReport";
+ @Override
+ public Result<Void> getAPI(AuthzTrans trans, HttpServletResponse resp, RServlet<AuthzTrans> rservlet) {
+ TimeTaken tt = trans.start(API_REPORT, Env.SUB);
+ try {
+ Api api = new Api();
+ Api.Route ar;
+ Method[] meths = GwServiceImpl.class.getDeclaredMethods();
+ for(RouteReport rr : rservlet.routeReport()) {
+ api.getRoute().add(ar = new Api.Route());
+ ar.setMeth(rr.meth.name());
+ ar.setPath(rr.path);
+ ar.setDesc(rr.desc);
+ ar.getContentType().addAll(rr.contextTypes);
+ for(Method m : meths) {
+ ApiDoc ad;
+ if((ad = m.getAnnotation(ApiDoc.class))!=null &&
+ rr.meth.equals(ad.method()) &&
+ rr.path.equals(ad.path())) {
+ for(String param : ad.params()) {
+ ar.getParam().add(param);
+ }
+ for(String text : ad.text()) {
+ ar.getComments().add(text);
+ }
+ ar.setExpected(ad.expectedCode());
+ for(int ec : ad.errorCodes()) {
+ ar.getExplicitErr().add(ec);
+ }
+ }
+ }
+ }
+ apiDF.newData(trans).load(api).to(resp.getOutputStream());
+ setContentType(resp,apiDF.getOutType());
+ return Result.ok();
+
+ } catch (Exception e) {
+ trans.error().log(e,IN,API_REPORT);
+ return Result.err(e);
+ } finally {
+ tt.done();
+ }
+ }
+
+ public final static String API_EXAMPLE = "apiExample";
+ /* (non-Javadoc)
+ * @see com.att.authz.facade.AuthzFacade#getAPIExample(org.onap.aaf.authz.env.AuthzTrans, javax.servlet.http.HttpServletResponse, java.lang.String)
+ */
+ @Override
+ public Result<Void> getAPIExample(AuthzTrans trans, HttpServletResponse resp, String nameOrContentType, boolean optional) {
+ TimeTaken tt = trans.start(API_EXAMPLE, Env.SUB);
+ try {
+ String content =Examples.print(apiDF.getEnv(), nameOrContentType, optional);
+ resp.getOutputStream().print(content);
+ setContentType(resp,content.contains("<?xml")?TYPE.XML:TYPE.JSON);
+ return Result.ok();
+ } catch (Exception e) {
+ trans.error().log(e,IN,API_EXAMPLE);
+ return Result.err(Result.ERR_NotImplemented,e.getMessage());
+ } finally {
+ tt.done();
+ }
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java new file mode 100644 index 00000000..188144ce --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/facade/GwFacade_1_0.java @@ -0,0 +1,40 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.facade;
+
+import org.onap.aaf.authz.env.AuthzEnv;
+import org.onap.aaf.authz.gw.service.GwService;
+
+import org.onap.aaf.inno.env.APIException;
+import org.onap.aaf.inno.env.Data;
+
+import gw.v1_0.Error;
+import gw.v1_0.InRequest;
+import gw.v1_0.Out;
+
+public class GwFacade_1_0 extends GwFacadeImpl<InRequest,Out,Error>
+{
+ public GwFacade_1_0(AuthzEnv env, GwService<InRequest,Out,Error> service, Data.TYPE type) throws APIException {
+ super(env, service, type);
+ }
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java new file mode 100644 index 00000000..230e1b3a --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper.java @@ -0,0 +1,33 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.mapper;
+
+public interface Mapper<IN,OUT,ERROR>
+{
+ public enum API{IN_REQ,OUT,ERROR,VOID};
+ public Class<?> getClass(API api);
+ public<A> A newInstance(API api);
+
+ public ERROR errorFromMessage(StringBuilder holder, String msgID, String text, String... detail);
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java new file mode 100644 index 00000000..ba87631e --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/mapper/Mapper_1_0.java @@ -0,0 +1,69 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.mapper;
+
+import org.onap.aaf.cadi.util.Vars;
+
+import gw.v1_0.Error;
+import gw.v1_0.InRequest;
+import gw.v1_0.Out;
+
+public class Mapper_1_0 implements Mapper<InRequest,Out,Error> {
+
+ @Override
+ public Class<?> getClass(API api) {
+ switch(api) {
+ case IN_REQ: return InRequest.class;
+ case OUT: return Out.class;
+ case ERROR: return Error.class;
+ case VOID: return Void.class;
+ }
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ @Override
+ public <A> A newInstance(API api) {
+ switch(api) {
+ case IN_REQ: return (A) new InRequest();
+ case OUT: return (A) new Out();
+ case ERROR: return (A)new Error();
+ case VOID: return null;
+ }
+ return null;
+ }
+
+ ////////////// Mapping Functions /////////////
+ @Override
+ public gw.v1_0.Error errorFromMessage(StringBuilder holder, String msgID, String text,String... var) {
+ Error err = new Error();
+ err.setMessageId(msgID);
+ // AT&T Restful Error Format requires numbers "%" placements
+ err.setText(Vars.convert(holder, text, var));
+ for(String s : var) {
+ err.getVariables().add(s);
+ }
+ return err;
+ }
+
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java new file mode 100644 index 00000000..c4f240e5 --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwService.java @@ -0,0 +1,29 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.service;
+
+import org.onap.aaf.authz.gw.mapper.Mapper;
+
+public interface GwService<IN,OUT,ERROR> {
+ public Mapper<IN,OUT,ERROR> mapper();
+}
diff --git a/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java new file mode 100644 index 00000000..90039252 --- /dev/null +++ b/authz-gw/src/main/java/org/onap/aaf/authz/gw/service/GwServiceImpl.java @@ -0,0 +1,40 @@ +/*******************************************************************************
+ * ============LICENSE_START====================================================
+ * * org.onap.aaf
+ * * ===========================================================================
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * * ===========================================================================
+ * * Licensed under the Apache License, Version 2.0 (the "License");
+ * * you may not use this file except in compliance with the License.
+ * * You may obtain a copy of the License at
+ * *
+ * * http://www.apache.org/licenses/LICENSE-2.0
+ * *
+ * * Unless required by applicable law or agreed to in writing, software
+ * * distributed under the License is distributed on an "AS IS" BASIS,
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * * See the License for the specific language governing permissions and
+ * * limitations under the License.
+ * * ============LICENSE_END====================================================
+ * *
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ * *
+ ******************************************************************************/
+package org.onap.aaf.authz.gw.service;
+
+import org.onap.aaf.authz.env.AuthzTrans;
+import org.onap.aaf.authz.gw.mapper.Mapper;
+
+public class GwServiceImpl<IN,OUT,ERROR>
+ implements GwService<IN,OUT,ERROR> {
+
+ private Mapper<IN,OUT,ERROR> mapper;
+
+ public GwServiceImpl(AuthzTrans trans, Mapper<IN,OUT,ERROR> mapper) {
+ this.mapper = mapper;
+ }
+
+ public Mapper<IN,OUT,ERROR> mapper() {return mapper;}
+
+//////////////// APIs ///////////////////
+};
|