1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
/**
* ============LICENSE_START====================================================
* org.onap.aaf
* ===========================================================================
* Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
* ===========================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END====================================================
*
*/
package org.onap.aaf.auth.locate;
import java.security.Principal;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.jetty.http.HttpStatus;
import org.onap.aaf.auth.env.AuthzTrans;
import org.onap.aaf.auth.locate.facade.LocateFacade;
import org.onap.aaf.cadi.Symm;
import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
import org.onap.aaf.cadi.principal.BasicPrincipal;
import org.onap.aaf.cadi.principal.X509Principal;
public class BasicAuthCode extends LocateCode {
private AAFAuthn<?> authn;
public BasicAuthCode(AAFAuthn<?> authn, LocateFacade facade) {
super(facade, "AAF Basic Auth",true);
this.authn = authn;
}
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
Principal p = trans.getUserPrincipal();
if(p == null) {
trans.error().log("Transaction not Authenticated... no Principal");
} else if (p instanceof BasicPrincipal) {
// the idea is that if call is made with this credential, and it's a BasicPrincipal, it's ok
// otherwise, it wouldn't have gotten here.
resp.setStatus(HttpStatus.OK_200);
return;
} else if (p instanceof X509Principal) {
// Since X509Principal has priority, BasicAuth Info might be there, but not validated.
String ba;
if((ba=req.getHeader("Authorization"))!=null && ba.startsWith("Basic ")) {
ba = Symm.base64noSplit.decode(ba.substring(6));
int colon = ba.indexOf(':');
if(colon>=0) {
String err;
if((err=authn.validate(ba.substring(0, colon), ba.substring(colon+1),trans))==null) {
resp.setStatus(HttpStatus.OK_200);
} else {
trans.audit().log(ba.substring(0,colon),": ",err);
resp.setStatus(HttpStatus.UNAUTHORIZED_401);
}
return;
}
}
}
trans.checkpoint("Basic Auth Check Failed: This wasn't a Basic Auth Trans");
// For Auth Security questions, we don't give any info to client on why failed
resp.setStatus(HttpStatus.FORBIDDEN_403);
}
}
|
