diff options
author | Jonathan Gathman <jonathan.gathman@att.com> | 2019-03-14 00:16:56 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2019-03-14 00:16:56 +0000 |
commit | 8832889f5707d5983c729753968919bb3aa38b8a (patch) | |
tree | 1307a7100eb3c1a183d60c016f41df8b665b2667 /sidecar/rproxy/src/main/java | |
parent | a2798182d222dad96af88ff486f7c3536c12a6a1 (diff) | |
parent | 94f286b3ab4da2d73f9cbdf3849aebb72c0476ea (diff) |
Merge "Enhance RProxy authorization to use request method"
Diffstat (limited to 'sidecar/rproxy/src/main/java')
2 files changed, 12 insertions, 3 deletions
diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java index 2ef4cc0..5a09f6e 100644 --- a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java +++ b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java @@ -98,13 +98,15 @@ public class ReverseProxyAuthorizationFilter implements Filter { } String requestPath; + String requestMethod; try { requestPath = new URI(((HttpServletRequest) servletRequest).getRequestURI()).getPath(); + requestMethod = ((HttpServletRequest)servletRequest).getMethod(); } catch (URISyntaxException e) { throw new ServletException("Request URI not valid", e); } - if (authorizeRequest(grantedPermissions, requestPath)) { + if (authorizeRequest(grantedPermissions, requestPath, requestMethod)) { LOGGER.info("Authorized"); filterChain.doFilter(servletRequest, servletResponse); } else { @@ -121,12 +123,14 @@ public class ReverseProxyAuthorizationFilter implements Filter { * * @param grantedPermissions The granted permissions for the request path * @param requestPath The request path + * @param requestMethod The request method i.e. HTTP verb e.g. GET, PUT, POST etc * @return true if permissions match */ - private boolean authorizeRequest(List<Permission> grantedPermissions, String requestPath) { + private boolean authorizeRequest(List<Permission> grantedPermissions, String requestPath, String requestMethod) { boolean authorized = false; for (ReverseProxyAuthorization reverseProxyAuthorization : reverseProxyAuthorizations) { - if (requestPath.matches(reverseProxyAuthorization.getUri())) { + if (requestPath.matches(reverseProxyAuthorization.getUri()) && + requestMethod.matches(reverseProxyAuthorization.getMethod())) { LOGGER.debug("The URI:{} matches:{}", requestPath, reverseProxyAuthorization.getUri()); if (checkPermissionsMatch(grantedPermissions, reverseProxyAuthorization)) { authorized = true; diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java index fd9db8e..994121c 100644 --- a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java +++ b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java @@ -22,6 +22,7 @@ package org.onap.aaf.cadi.sidecar.rproxy.utils; public class ReverseProxyAuthorization { private String uri; + private String method; private String[] permissions; public String getUri() { @@ -31,4 +32,8 @@ public class ReverseProxyAuthorization { public String[] getPermissions() { return permissions; } + + public String getMethod() { + return method == null ? "GET" : method; + } } |