summaryrefslogtreecommitdiffstats
path: root/cadi/servlet-sample/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'cadi/servlet-sample/src/main')
-rw-r--r--cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java127
-rw-r--r--cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java45
-rw-r--r--cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java112
-rw-r--r--cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java46
-rw-r--r--cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java101
5 files changed, 431 insertions, 0 deletions
diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java
new file mode 100644
index 00000000..7d1eae96
--- /dev/null
+++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/MyServlet.java
@@ -0,0 +1,127 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.sample.cadi;
+
+import java.io.IOException;
+import java.security.Principal;
+
+import javax.servlet.Servlet;
+import javax.servlet.ServletConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+
+import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
+import org.onap.aaf.cadi.client.Future;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.principal.TaggedPrincipal;
+
+// Uncomment if you utilized the "MiniJASPIWrap" in the Servlet setup in "main()", and want to protect your service via Permission or mapped role
+// @RolesAllowed({"com.att.aaf.myPerm|myInstance|myAction"})
+ public class MyServlet implements Servlet {
+ private ServletConfig servletConfig;
+
+ public void init(ServletConfig config) throws ServletException {
+ servletConfig = config;
+ }
+
+ public ServletConfig getServletConfig() {
+ return servletConfig;
+ }
+
+ public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {
+ HttpServletRequest request;
+ try {
+ request = (HttpServletRequest)req;
+ } catch (ClassCastException e) {
+ throw new ServletException("Only serving HTTP today",e);
+ }
+
+ res.getOutputStream().println("<html><header><title>CSP Servlet Test</title></header><body><h1>You're good to go!</h1><pre>" +
+ request.getUserPrincipal());
+
+ String perm = request.getParameter("PERM");
+ if (perm!=null) {
+ if (request.isUserInRole(perm)) {
+ if (perm.indexOf('|')<0) {
+ res.getOutputStream().println("\nCongrats!, You are in Role " + perm);
+ } else {
+ res.getOutputStream().println("\nCongrats!, You have Permission " + perm);
+ }
+ } else {
+ if (perm.indexOf('|')<0) {
+ res.getOutputStream().println("\nSorry, you are NOT in Role " + perm);
+ } else {
+ res.getOutputStream().println("\nSorry, you do NOT have Permission " + perm);
+ }
+ }
+ }
+
+ // You can get the working AAFCon from Trans
+ AAFCon<?> aafcon = AAFCon.obtain(req);
+ if (aafcon!=null) {
+ try {
+ res.getOutputStream().println("----- Perms JSON from direct call -----");
+ final Principal up = request.getUserPrincipal();
+ TaggedPrincipal tp;
+ if (up instanceof TaggedPrincipal) {
+ tp = (TaggedPrincipal)up;
+ } else {
+ tp = new TaggedPrincipal() {
+ @Override
+ public String getName() {
+ return up.getName();
+ }
+
+ @Override
+ public String tag() {
+ return "Unknown";
+ }
+ };
+ }
+ // This call will be "as the user calling", but only if permission is set to trust.
+// Future<String> future = aafcon.clientAs(Config.AAF_DEFAULT_VERSION,tp).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
+ Future<String> future = aafcon.client(Config.AAF_DEFAULT_VERSION).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
+ if (future.get(4000 /* timeout */)) {
+ res.getOutputStream().print(future.value);
+ } else {
+ System.err.println(future.code() + ", " + future.body());
+ res.getOutputStream().print(future.code() + ", " + future.body());
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ } else {
+ res.getOutputStream().println("No AAFCon instantiated");
+ }
+ res.getOutputStream().print("</pre></body></html>");
+
+ }
+
+ public String getServletInfo() {
+ return "MyServlet";
+ }
+
+ public void destroy() {
+ }
+ } \ No newline at end of file
diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java
new file mode 100644
index 00000000..a45725d7
--- /dev/null
+++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/Config.java
@@ -0,0 +1,45 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.sample.cadi.jetty;
+
+import java.util.EnumSet;
+
+import javax.servlet.DispatcherType;
+
+import org.eclipse.jetty.webapp.WebAppContext;
+import org.onap.aaf.cadi.filter.CadiFilter;
+
+
+
+public class Config {
+ /**
+ * Method to make jetty configurations (others?) with more complex function possible
+ *
+ * @param sc
+ */
+ public static final void addToContext(WebAppContext sc, String propFile) {
+ sc.addFilter(CadiFilter.class,"/*",EnumSet.of(DispatcherType.REQUEST));
+ sc.setInitParameter(org.onap.aaf.cadi.config.Config.CADI_PROP_FILES, propFile);
+ }
+
+
+}
diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java
new file mode 100644
index 00000000..165acffb
--- /dev/null
+++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyServletServer.java
@@ -0,0 +1,112 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.sample.cadi.jetty;
+
+import java.net.Inet4Address;
+import java.util.concurrent.ArrayBlockingQueue;
+
+import javax.servlet.Servlet;
+
+import org.eclipse.jetty.server.Server;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.handler.ContextHandler;
+import org.eclipse.jetty.servlet.FilterHolder;
+import org.eclipse.jetty.servlet.FilterMapping;
+import org.eclipse.jetty.servlet.ServletContextHandler;
+import org.eclipse.jetty.servlet.ServletHandler;
+import org.eclipse.jetty.servlet.ServletHolder;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.eclipse.jetty.util.thread.QueuedThreadPool;
+import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.cadi.PropAccess;
+import org.onap.aaf.cadi.config.Config;
+import org.onap.aaf.cadi.config.SecurityInfo;
+import org.onap.aaf.cadi.filter.CadiFilter;
+
+public abstract class JettyServletServer implements Servlet {
+
+ public static Server run(PropAccess access, String context, Class<? extends Servlet> servletCls, int port, String ...args) throws Exception {
+ // Defaults:
+ int blockingQueueSize = 10;
+ int corePoolSize = 10;
+ int maxPoolSize = 10;
+ int keepAliveTime = 3000;
+ String hostname = access.getProperty(Config.HOSTNAME, null);
+ if (hostname==null) {
+ hostname = Inet4Address.getLocalHost().getHostName();
+ }
+
+ // Add your own Properties to override defaults
+
+ ArrayBlockingQueue<Runnable> queue = new ArrayBlockingQueue<Runnable>(blockingQueueSize);
+ QueuedThreadPool pool = new QueuedThreadPool(maxPoolSize,corePoolSize,keepAliveTime,queue);
+ Server server = new Server(pool);
+
+ String protocol;
+ if (access.getProperty(Config.CADI_KEYSTORE_PASSWORD,null)==null) {
+ ServerConnector conn = new ServerConnector(server);
+ conn.setHost(hostname);
+ conn.setPort(port);
+ server.addConnector(conn);
+ protocol = "http";
+ } else {
+ // Setup Security
+ SecurityInfo securityInfo = new SecurityInfo(access);
+ SslContextFactory scf = new SslContextFactory();
+ scf.setSslContext(securityInfo.getSSLContext());
+ scf.setWantClientAuth(true);
+ ServerConnector sslConnector = new ServerConnector(server,scf);
+ sslConnector.setHost(hostname);
+ sslConnector.setPort(port);
+ server.addConnector(sslConnector);
+ protocol = "https";
+ }
+
+ // Setup Sample Servlet
+ CadiFilter cf = new CadiFilter(true,access);
+ FilterHolder cfh = new FilterHolder(cf);
+
+ ServletHandler shand = new ServletHandler();
+ shand.addFilterWithMapping(cfh, "/*", FilterMapping.ALL);
+ // To use normal Servlets, just add the class here... Actually, bug in Jetty... need to add with ServletHolder
+ ServletHolder sh = new ServletHolder();
+ sh.setServlet(servletCls.newInstance());
+ shand.addServletWithMapping(sh,"/*");
+
+ // To use JASPI Authorization Style to protect the servlet, wrap the Servlet
+ // with the "MiniJSAPIWrap class, as shown here. Then add "@RolesAllowed" on your
+ // servlet (see sample). Use Pipe delimited Permissions, not AAF Roles in the line
+ // shand.addServletWithMapping(new MiniJASPIWrap(MyServlet.class),"/*");
+ // call initialize after start
+ ContextHandler ch = new ServletContextHandler();
+ ch.setContextPath(context);
+ ch.setHandler(shand);
+ server.setHandler(ch);
+ // Startup the Server
+ server.setStopAtShutdown(true);
+ server.start();
+
+ access.log(Level.INFO,"TestServlet is running at " + protocol + "://"+hostname+':'+port+context);
+ return server;
+ }
+
+}
diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java
new file mode 100644
index 00000000..6edd6f5b
--- /dev/null
+++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/JettyStandalone.java
@@ -0,0 +1,46 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.sample.cadi.jetty;
+
+import org.eclipse.jetty.server.Server;
+import org.onap.aaf.cadi.Access.Level;
+import org.onap.aaf.sample.cadi.MyServlet;
+import org.onap.aaf.cadi.PropAccess;
+
+
+
+
+public class JettyStandalone {
+ public static void main(String[] args) {
+ PropAccess access = new PropAccess(args);
+ try {
+ Server server = JettyServletServer.run(access, "/caditest", MyServlet.class, 3456);
+ server.join();
+ } catch (Exception e) {
+ access.log(Level.ERROR, e);
+ } finally {
+ access.log(Level.INFO,"Stopping Service");
+ }
+
+ }
+
+}
diff --git a/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java
new file mode 100644
index 00000000..4d170f3f
--- /dev/null
+++ b/cadi/servlet-sample/src/main/java/org/onap/aaf/sample/cadi/jetty/MiniJASPIWrap.java
@@ -0,0 +1,101 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.aaf
+ * ===========================================================================
+ * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.aaf.sample.cadi.jetty;
+
+import java.io.IOException;
+
+import javax.servlet.Servlet;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.UnavailableException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.eclipse.jetty.server.Request;
+import org.eclipse.jetty.servlet.ServletHolder;
+import org.onap.aaf.cadi.filter.RolesAllowed;
+
+
+
+/**
+ * MiniJASPIWrap
+ *
+ * Support the ability to check JASPI Annotation Style Authorizations.
+ *
+ * This can be a clean way to enforce API Authorization without mistakes in code.
+ *
+ * @author JonathanGathman
+ *
+ */
+public class MiniJASPIWrap extends ServletHolder {
+ private RolesAllowed rolesAllowed;
+ //private String roles;
+ public MiniJASPIWrap(Class<? extends Servlet> servlet) {
+ super(servlet);
+ this.rolesAllowed = servlet.getAnnotation(RolesAllowed.class);
+ StringBuilder sb = new StringBuilder();
+ boolean first = true;
+ if (rolesAllowed!=null) {
+ for (String str : rolesAllowed.value()) {
+ if (first)first=false;
+ else sb.append(',');
+ sb.append(str);
+ }
+ }
+ //roles = sb.toString();
+ }
+
+ /**
+ * handle
+ *
+ * When utilized, this class authorizes the transaction by first calling the standard J2EE API call
+ * "isUserInRole" with the role(s) found in the class Annotations (JASPI Style)
+ */
+ @Override
+ public void handle(Request baseRequest, ServletRequest request, ServletResponse response) throws ServletException, UnavailableException, IOException {
+ if (rolesAllowed==null) {
+ super.handle(baseRequest, request, response);
+ } else { // Validate
+ try {
+
+ HttpServletRequest hreq = (HttpServletRequest)request;
+ boolean proceed = false;
+ for (String role : rolesAllowed.value()) {
+ if (hreq.isUserInRole(role)) {
+ proceed = true;
+ break;
+ }
+ }
+ if (proceed) {
+ super.handle(baseRequest, request, response);
+ } else {
+ //baseRequest.getServletContext().log(hreq.getUserPrincipal().getName()+" Refused " + roles);
+ ((HttpServletResponse)response).sendError(403); // forbidden
+ }
+ } catch (ClassCastException e) {
+ throw new ServletException("JASPIWrap only supports HTTPServletRequest/HttpServletResponse");
+ }
+ }
+ }
+
+}