diff options
Diffstat (limited to 'cadi/core/src/main')
5 files changed, 72 insertions, 73 deletions
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java index 99bdb49c..ea126f54 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java @@ -47,8 +47,7 @@ import org.onap.aaf.cadi.util.JsonOutputStream; */ public class CmdLine { - public static Access access; - + private static boolean systemExit = true; /** * @param args */ @@ -349,10 +348,13 @@ public class CmdLine { System.out.println(" sha256 <text> <salts(s)> (Digest String into SHA256 Hash)"); System.out.println(" md5 <text> (Digest String into MD5 Hash)"); } - String forceExit = access.getProperty("force_exit", null); - if (forceExit == null) { + if (systemExit) { System.exit(1); } } + public static void setSystemExit(boolean shouldExit) { + systemExit = shouldExit; + } + } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java index f7c4b7f1..f72a99bf 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java @@ -47,7 +47,7 @@ public class AUTHZServlet<S extends Servlet> implements Servlet { delegate = null; } RolesAllowed rolesAllowed = cls.getAnnotation(RolesAllowed.class); - if(rolesAllowed == null) { + if (rolesAllowed == null) { roles = null; } else { roles = rolesAllowed.value(); @@ -55,7 +55,9 @@ public class AUTHZServlet<S extends Servlet> implements Servlet { } public void init(ServletConfig sc) throws ServletException { - if(delegate == null) throw new ServletException("Invalid Servlet Delegate"); + if (delegate == null) { + throw new ServletException("Invalid Servlet Delegate"); + } delegate.init(sc); } @@ -68,27 +70,24 @@ public class AUTHZServlet<S extends Servlet> implements Servlet { } public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException { - if(roles==null) { - delegate.service(req,resp); - } else { // Validate - try { - HttpServletRequest hreq = (HttpServletRequest)req; - boolean proceed = false; - for(String role : roles) { - if(hreq.isUserInRole(role)) { - proceed = true; - break; - } - } - if(proceed) { - delegate.service(req,resp); - } else { - //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles); - ((HttpServletResponse)resp).sendError(403); // forbidden + if (roles == null) { + delegate.service(req, resp); + return; + } + + // Validate + try { + HttpServletRequest hreq = (HttpServletRequest)req; + for (String role : roles) { + if (hreq.isUserInRole(role)) { + delegate.service(req, resp); + return; } - } catch(ClassCastException e) { - throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse"); } + + ((HttpServletResponse)resp).sendError(403); // forbidden + } catch (ClassCastException e) { + throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse"); } } @@ -96,5 +95,4 @@ public class AUTHZServlet<S extends Servlet> implements Servlet { delegate.destroy(); } - } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java index 052b9ff1..f0786b12 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java @@ -34,7 +34,7 @@ public class MapPermConverter implements PermConverter { * @param value */ public MapPermConverter() { - map = new HashMap<String,String>(); + map = new HashMap<>(); } /** @@ -48,7 +48,7 @@ public class MapPermConverter implements PermConverter { public String convert(String minimal) { String rv = map.get(minimal); - return rv==null?minimal:rv; + return (rv == null) ? minimal : rv; } } diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java index 211a4bfe..8b70d95d 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -23,18 +23,20 @@ package org.onap.aaf.cadi.filter; /** - * A NullPermConverter - * + * A NullPermConverter + * * Obey the PermConverter Interface, but passed in "minimal" String is not converted. - * + * * @author Jonathan * */ public class NullPermConverter implements PermConverter { - private NullPermConverter() {} private static final NullPermConverter singleton = new NullPermConverter(); - public static NullPermConverter singleton() {return singleton;} + + private NullPermConverter() {} + + public static NullPermConverter singleton() { return singleton; } public String convert(String minimal) { return minimal; diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java index c508a5ce..cf87c840 100644 --- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java +++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -39,44 +39,44 @@ import org.onap.aaf.cadi.config.Config; /** * PathFilter - * + * * This class implements Servlet Filter, and uses AAF to validate access to a Path. - * + * * This class can be used in a standard J2EE Servlet manner. - * + * * @author Jonathan, collaborating with Xue Gao * */ public class PathFilter implements Filter { - private ServletContext context; - private String aaf_type; - private String not_authorized_msg; private final Log log; + private ServletContext context; + private String aafType; + private String notAuthorizedMsg; + /** * Construct a viable Filter for installing in Container WEB.XML, etc. - * + * */ public PathFilter() { log = new Log() { public void info(String ... msg) { - context.log(build("INFO:",msg)); + context.log(build("INFO:", msg)); } public void audit(String ... msg) { - context.log(build("AUDIT:",msg)); + context.log(build("AUDIT:", msg)); } private String build(String type, String []msg) { StringBuilder sb = new StringBuilder(type); - for(String s : msg) { + for (String s : msg) { sb.append(' '); sb.append(s); } return sb.toString(); } - }; } - + /** * Filter that can be constructed within Java * @param access @@ -91,10 +91,10 @@ public class PathFilter implements Filter { } }; } - + /** * Init - * + * * Standard Filter "init" call with FilterConfig to obtain properties. POJOs can construct a * FilterConfig with the mechanism of their choice, and standard J2EE Servlet engines utilize this * mechanism already. @@ -103,16 +103,16 @@ public class PathFilter implements Filter { // need the Context for Logging, instantiating ClassLoader, etc context = filterConfig.getServletContext(); StringBuilder sb = new StringBuilder(); - StringBuilder err = new StringBuilder(); + StringBuilder err = new StringBuilder(); Object attr = context.getAttribute(Config.PATHFILTER_NS); - if(attr==null) { + if (attr == null) { err.append("PathFilter - pathfilter_ns is not set"); } else { - sb.append(attr.toString()); + sb.append(attr.toString()); } attr = context.getAttribute(Config.PATHFILTER_STACK); - if(attr==null) { + if (attr == null) { log.info("PathFilter - No pathfilter_stack set, ignoring"); } else { sb.append('.'); @@ -120,7 +120,7 @@ public class PathFilter implements Filter { } attr = context.getAttribute(Config.PATHFILTER_URLPATTERN); - if(attr==null) { + if (attr == null) { log.info("PathFilter - No pathfilter_urlpattern set, defaulting to 'urlpattern'"); sb.append(".urlpattern"); } else { @@ -128,20 +128,20 @@ public class PathFilter implements Filter { sb.append(attr.toString()); } - log.info("PathFilter - AAF Permission Type is",sb.toString()); - + log.info("PathFilter - AAF Permission Type is", sb.toString()); + sb.append('|'); - - aaf_type = sb.toString(); + + aafType = sb.toString(); attr = context.getAttribute(Config.PATHFILTER_NOT_AUTHORIZED_MSG); - if(attr==null) { - not_authorized_msg = "Forbidden - Not Authorized to access this Path"; + if (attr == null) { + notAuthorizedMsg = "Forbidden - Not Authorized to access this Path"; } else { - not_authorized_msg = attr.toString(); + notAuthorizedMsg = attr.toString(); } - if(err.length()>0) { + if (err.length() > 0) { throw new ServletException(err.toString()); } } @@ -153,7 +153,7 @@ public class PathFilter implements Filter { /** * doFilter - * + * * This is the standard J2EE invocation. Analyze the request, modify response as necessary, and * only call the next item in the filterChain if request is suitably Authenticated. */ @@ -161,23 +161,20 @@ public class PathFilter implements Filter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest hreq = (HttpServletRequest)request; HttpServletResponse hresp = (HttpServletResponse)response; - String perm = aaf_type+hreq.getPathInfo()+'|'+hreq.getMethod(); - if(hreq.isUserInRole(perm)) { + String perm = aafType + hreq.getPathInfo() + '|' + hreq.getMethod(); + if (hreq.isUserInRole(perm)) { chain.doFilter(request, response); } else { - log.audit("PathFilter has denied",hreq.getUserPrincipal().getName(),"access to",perm); - hresp.sendError(403,not_authorized_msg); + log.audit("PathFilter has denied", hreq.getUserPrincipal().getName(), "access to", perm); + hresp.sendError(403, notAuthorizedMsg); } } /** - * Containers call "destroy" when time to cleanup + * Containers call "destroy" when time to cleanup */ public void destroy() { log.info("PathFilter destroyed."); } - - } - |