summaryrefslogtreecommitdiffstats
path: root/cadi/core/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'cadi/core/src/main')
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java10
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java42
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java4
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java16
-rw-r--r--cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java73
5 files changed, 72 insertions, 73 deletions
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
index 99bdb49c..ea126f54 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/CmdLine.java
@@ -47,8 +47,7 @@ import org.onap.aaf.cadi.util.JsonOutputStream;
*/
public class CmdLine {
- public static Access access;
-
+ private static boolean systemExit = true;
/**
* @param args
*/
@@ -349,10 +348,13 @@ public class CmdLine {
System.out.println(" sha256 <text> <salts(s)> (Digest String into SHA256 Hash)");
System.out.println(" md5 <text> (Digest String into MD5 Hash)");
}
- String forceExit = access.getProperty("force_exit", null);
- if (forceExit == null) {
+ if (systemExit) {
System.exit(1);
}
}
+ public static void setSystemExit(boolean shouldExit) {
+ systemExit = shouldExit;
+ }
+
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java
index f7c4b7f1..f72a99bf 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/AUTHZServlet.java
@@ -47,7 +47,7 @@ public class AUTHZServlet<S extends Servlet> implements Servlet {
delegate = null;
}
RolesAllowed rolesAllowed = cls.getAnnotation(RolesAllowed.class);
- if(rolesAllowed == null) {
+ if (rolesAllowed == null) {
roles = null;
} else {
roles = rolesAllowed.value();
@@ -55,7 +55,9 @@ public class AUTHZServlet<S extends Servlet> implements Servlet {
}
public void init(ServletConfig sc) throws ServletException {
- if(delegate == null) throw new ServletException("Invalid Servlet Delegate");
+ if (delegate == null) {
+ throw new ServletException("Invalid Servlet Delegate");
+ }
delegate.init(sc);
}
@@ -68,27 +70,24 @@ public class AUTHZServlet<S extends Servlet> implements Servlet {
}
public void service(ServletRequest req, ServletResponse resp) throws ServletException, IOException {
- if(roles==null) {
- delegate.service(req,resp);
- } else { // Validate
- try {
- HttpServletRequest hreq = (HttpServletRequest)req;
- boolean proceed = false;
- for(String role : roles) {
- if(hreq.isUserInRole(role)) {
- proceed = true;
- break;
- }
- }
- if(proceed) {
- delegate.service(req,resp);
- } else {
- //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles);
- ((HttpServletResponse)resp).sendError(403); // forbidden
+ if (roles == null) {
+ delegate.service(req, resp);
+ return;
+ }
+
+ // Validate
+ try {
+ HttpServletRequest hreq = (HttpServletRequest)req;
+ for (String role : roles) {
+ if (hreq.isUserInRole(role)) {
+ delegate.service(req, resp);
+ return;
}
- } catch(ClassCastException e) {
- throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse");
}
+
+ ((HttpServletResponse)resp).sendError(403); // forbidden
+ } catch (ClassCastException e) {
+ throw new ServletException("JASPIServlet only supports HTTPServletRequest/HttpServletResponse");
}
}
@@ -96,5 +95,4 @@ public class AUTHZServlet<S extends Servlet> implements Servlet {
delegate.destroy();
}
-
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java
index 052b9ff1..f0786b12 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/MapPermConverter.java
@@ -34,7 +34,7 @@ public class MapPermConverter implements PermConverter {
* @param value
*/
public MapPermConverter() {
- map = new HashMap<String,String>();
+ map = new HashMap<>();
}
/**
@@ -48,7 +48,7 @@ public class MapPermConverter implements PermConverter {
public String convert(String minimal) {
String rv = map.get(minimal);
- return rv==null?minimal:rv;
+ return (rv == null) ? minimal : rv;
}
}
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java
index 211a4bfe..8b70d95d 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/NullPermConverter.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -23,18 +23,20 @@ package org.onap.aaf.cadi.filter;
/**
- * A NullPermConverter
- *
+ * A NullPermConverter
+ *
* Obey the PermConverter Interface, but passed in "minimal" String is not converted.
- *
+ *
* @author Jonathan
*
*/
public class NullPermConverter implements PermConverter {
- private NullPermConverter() {}
private static final NullPermConverter singleton = new NullPermConverter();
- public static NullPermConverter singleton() {return singleton;}
+
+ private NullPermConverter() {}
+
+ public static NullPermConverter singleton() { return singleton; }
public String convert(String minimal) {
return minimal;
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java
index c508a5ce..cf87c840 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/filter/PathFilter.java
@@ -7,9 +7,9 @@
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -39,44 +39,44 @@ import org.onap.aaf.cadi.config.Config;
/**
* PathFilter
- *
+ *
* This class implements Servlet Filter, and uses AAF to validate access to a Path.
- *
+ *
* This class can be used in a standard J2EE Servlet manner.
- *
+ *
* @author Jonathan, collaborating with Xue Gao
*
*/
public class PathFilter implements Filter {
- private ServletContext context;
- private String aaf_type;
- private String not_authorized_msg;
private final Log log;
+ private ServletContext context;
+ private String aafType;
+ private String notAuthorizedMsg;
+
/**
* Construct a viable Filter for installing in Container WEB.XML, etc.
- *
+ *
*/
public PathFilter() {
log = new Log() {
public void info(String ... msg) {
- context.log(build("INFO:",msg));
+ context.log(build("INFO:", msg));
}
public void audit(String ... msg) {
- context.log(build("AUDIT:",msg));
+ context.log(build("AUDIT:", msg));
}
private String build(String type, String []msg) {
StringBuilder sb = new StringBuilder(type);
- for(String s : msg) {
+ for (String s : msg) {
sb.append(' ');
sb.append(s);
}
return sb.toString();
}
-
};
}
-
+
/**
* Filter that can be constructed within Java
* @param access
@@ -91,10 +91,10 @@ public class PathFilter implements Filter {
}
};
}
-
+
/**
* Init
- *
+ *
* Standard Filter "init" call with FilterConfig to obtain properties. POJOs can construct a
* FilterConfig with the mechanism of their choice, and standard J2EE Servlet engines utilize this
* mechanism already.
@@ -103,16 +103,16 @@ public class PathFilter implements Filter {
// need the Context for Logging, instantiating ClassLoader, etc
context = filterConfig.getServletContext();
StringBuilder sb = new StringBuilder();
- StringBuilder err = new StringBuilder();
+ StringBuilder err = new StringBuilder();
Object attr = context.getAttribute(Config.PATHFILTER_NS);
- if(attr==null) {
+ if (attr == null) {
err.append("PathFilter - pathfilter_ns is not set");
} else {
- sb.append(attr.toString());
+ sb.append(attr.toString());
}
attr = context.getAttribute(Config.PATHFILTER_STACK);
- if(attr==null) {
+ if (attr == null) {
log.info("PathFilter - No pathfilter_stack set, ignoring");
} else {
sb.append('.');
@@ -120,7 +120,7 @@ public class PathFilter implements Filter {
}
attr = context.getAttribute(Config.PATHFILTER_URLPATTERN);
- if(attr==null) {
+ if (attr == null) {
log.info("PathFilter - No pathfilter_urlpattern set, defaulting to 'urlpattern'");
sb.append(".urlpattern");
} else {
@@ -128,20 +128,20 @@ public class PathFilter implements Filter {
sb.append(attr.toString());
}
- log.info("PathFilter - AAF Permission Type is",sb.toString());
-
+ log.info("PathFilter - AAF Permission Type is", sb.toString());
+
sb.append('|');
-
- aaf_type = sb.toString();
+
+ aafType = sb.toString();
attr = context.getAttribute(Config.PATHFILTER_NOT_AUTHORIZED_MSG);
- if(attr==null) {
- not_authorized_msg = "Forbidden - Not Authorized to access this Path";
+ if (attr == null) {
+ notAuthorizedMsg = "Forbidden - Not Authorized to access this Path";
} else {
- not_authorized_msg = attr.toString();
+ notAuthorizedMsg = attr.toString();
}
- if(err.length()>0) {
+ if (err.length() > 0) {
throw new ServletException(err.toString());
}
}
@@ -153,7 +153,7 @@ public class PathFilter implements Filter {
/**
* doFilter
- *
+ *
* This is the standard J2EE invocation. Analyze the request, modify response as necessary, and
* only call the next item in the filterChain if request is suitably Authenticated.
*/
@@ -161,23 +161,20 @@ public class PathFilter implements Filter {
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest hreq = (HttpServletRequest)request;
HttpServletResponse hresp = (HttpServletResponse)response;
- String perm = aaf_type+hreq.getPathInfo()+'|'+hreq.getMethod();
- if(hreq.isUserInRole(perm)) {
+ String perm = aafType + hreq.getPathInfo() + '|' + hreq.getMethod();
+ if (hreq.isUserInRole(perm)) {
chain.doFilter(request, response);
} else {
- log.audit("PathFilter has denied",hreq.getUserPrincipal().getName(),"access to",perm);
- hresp.sendError(403,not_authorized_msg);
+ log.audit("PathFilter has denied", hreq.getUserPrincipal().getName(), "access to", perm);
+ hresp.sendError(403, notAuthorizedMsg);
}
}
/**
- * Containers call "destroy" when time to cleanup
+ * Containers call "destroy" when time to cleanup
*/
public void destroy() {
log.info("PathFilter destroyed.");
}
-
-
}
-