diff options
author | IanB <IanB@amdocs.com> | 2019-03-13 11:15:31 +0000 |
---|---|---|
committer | IanB <IanB@amdocs.com> | 2019-03-13 11:30:27 +0000 |
commit | 94f286b3ab4da2d73f9cbdf3849aebb72c0476ea (patch) | |
tree | e3265f0606dcfd179b47bebc6fc9429b5233d8a0 /sidecar/rproxy/src/main | |
parent | 8f1cca674c0430d0d6424778d2a720f2c9f156c7 (diff) |
Enhance RProxy authorization to use request method
Authorization filter now takes into account the
request method. The desired method can now be
added to the authorization file defaulting to
GET if not supplied. The request URI & method
can now be checked against the authorization
configuration along with the needed permissions.
Issue-ID: AAF-786
Change-Id: I25f6f2180ac9d94a30ca5ba1aa349fb424c18d81
Signed-off-by: IanB <IanB@amdocs.com>
Diffstat (limited to 'sidecar/rproxy/src/main')
2 files changed, 12 insertions, 3 deletions
diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java index 2ef4cc0..5a09f6e 100644 --- a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java +++ b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/ReverseProxyAuthorizationFilter.java @@ -98,13 +98,15 @@ public class ReverseProxyAuthorizationFilter implements Filter { } String requestPath; + String requestMethod; try { requestPath = new URI(((HttpServletRequest) servletRequest).getRequestURI()).getPath(); + requestMethod = ((HttpServletRequest)servletRequest).getMethod(); } catch (URISyntaxException e) { throw new ServletException("Request URI not valid", e); } - if (authorizeRequest(grantedPermissions, requestPath)) { + if (authorizeRequest(grantedPermissions, requestPath, requestMethod)) { LOGGER.info("Authorized"); filterChain.doFilter(servletRequest, servletResponse); } else { @@ -121,12 +123,14 @@ public class ReverseProxyAuthorizationFilter implements Filter { * * @param grantedPermissions The granted permissions for the request path * @param requestPath The request path + * @param requestMethod The request method i.e. HTTP verb e.g. GET, PUT, POST etc * @return true if permissions match */ - private boolean authorizeRequest(List<Permission> grantedPermissions, String requestPath) { + private boolean authorizeRequest(List<Permission> grantedPermissions, String requestPath, String requestMethod) { boolean authorized = false; for (ReverseProxyAuthorization reverseProxyAuthorization : reverseProxyAuthorizations) { - if (requestPath.matches(reverseProxyAuthorization.getUri())) { + if (requestPath.matches(reverseProxyAuthorization.getUri()) && + requestMethod.matches(reverseProxyAuthorization.getMethod())) { LOGGER.debug("The URI:{} matches:{}", requestPath, reverseProxyAuthorization.getUri()); if (checkPermissionsMatch(grantedPermissions, reverseProxyAuthorization)) { authorized = true; diff --git a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java index fd9db8e..994121c 100644 --- a/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java +++ b/sidecar/rproxy/src/main/java/org/onap/aaf/cadi/sidecar/rproxy/utils/ReverseProxyAuthorization.java @@ -22,6 +22,7 @@ package org.onap.aaf.cadi.sidecar.rproxy.utils; public class ReverseProxyAuthorization { private String uri; + private String method; private String[] permissions; public String getUri() { @@ -31,4 +32,8 @@ public class ReverseProxyAuthorization { public String[] getPermissions() { return permissions; } + + public String getMethod() { + return method == null ? "GET" : method; + } } |