aboutsummaryrefslogtreecommitdiffstats
path: root/core/src/main/java/org/onap/aaf/cadi/taf/localhost/LocalhostTaf.java
diff options
context:
space:
mode:
Diffstat (limited to 'core/src/main/java/org/onap/aaf/cadi/taf/localhost/LocalhostTaf.java')
-rw-r--r--core/src/main/java/org/onap/aaf/cadi/taf/localhost/LocalhostTaf.java130
1 files changed, 0 insertions, 130 deletions
diff --git a/core/src/main/java/org/onap/aaf/cadi/taf/localhost/LocalhostTaf.java b/core/src/main/java/org/onap/aaf/cadi/taf/localhost/LocalhostTaf.java
deleted file mode 100644
index af9554f..0000000
--- a/core/src/main/java/org/onap/aaf/cadi/taf/localhost/LocalhostTaf.java
+++ /dev/null
@@ -1,130 +0,0 @@
-/*******************************************************************************
- * ============LICENSE_START====================================================
- * * org.onap.aaf
- * * ===========================================================================
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * * ===========================================================================
- * * Licensed under the Apache License, Version 2.0 (the "License");
- * * you may not use this file except in compliance with the License.
- * * You may obtain a copy of the License at
- * *
- * * http://www.apache.org/licenses/LICENSE-2.0
- * *
- * * Unless required by applicable law or agreed to in writing, software
- * * distributed under the License is distributed on an "AS IS" BASIS,
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * * See the License for the specific language governing permissions and
- * * limitations under the License.
- * * ============LICENSE_END====================================================
- * *
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
- * *
- ******************************************************************************/
-package org.onap.aaf.cadi.taf.localhost;
-
-import java.net.InetAddress;
-import java.net.NetworkInterface;
-import java.net.SocketException;
-import java.net.UnknownHostException;
-import java.util.Enumeration;
-import java.util.TreeSet;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.onap.aaf.cadi.Access;
-import org.onap.aaf.cadi.CachedPrincipal;
-import org.onap.aaf.cadi.Taf;
-import org.onap.aaf.cadi.Access.Level;
-import org.onap.aaf.cadi.CachedPrincipal.Resp;
-import org.onap.aaf.cadi.taf.HttpTaf;
-import org.onap.aaf.cadi.taf.TafResp;
-import org.onap.aaf.cadi.taf.TafResp.RESP;
-
-/**
- * Implement the ability to utilize LocalHost as a TAF.
- *
- * Configure with two properties,
- * localhost.deny
- * localhost.accept
- *
- * 1) If localhost.deny==true, then no localhost requests are allowed
- * 2) If localhost.deny==false, but accept==false, return "Try Another TAF" (i.e. allow further checking of the
- * chain, but don't treat localhost as an acceptable credential)
- * 3) If localhost.deny=false and accept=true, then the processes coming from the same machine, given logins are needed,
- * to run, are treated as validated. This is primarily for Developer purposes.
- *
- *
- *
- */
-public class LocalhostTaf implements HttpTaf {
- private TafResp isLocalHost,isNotLocalHost;
- private static final TreeSet<String> addrSet;
-
- static {
- addrSet = new TreeSet<String>();
- try {
- for(Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces();en.hasMoreElements();) {
- NetworkInterface ni = en.nextElement();
- for(Enumeration<InetAddress> eia = ni.getInetAddresses();eia.hasMoreElements();) {
- InetAddress ia = eia.nextElement();
- addrSet.add(ia.getHostAddress());
- }
- }
- } catch (SocketException e) {
- }
-
- }
-
- public LocalhostTaf(Access access, boolean accept, boolean isDenied) {
- String hostname = access.getProperty("hostname",null);
- if(hostname !=null) {
- try {
- addrSet.add(InetAddress.getByName(hostname).getHostAddress());
- } catch (UnknownHostException e) {
- access.log(e,"Unknown Host");
- }
- }
-
- if(isDenied) {
- access.log(Level.INFO,"LocalhostTaf will deny all localhost traffic");
- } else {
- access.log(Level.INFO,"LocalhostTaf will not deny localhost requests, ",
- (accept?"and will treat them as authenticated":"but will require other authentication"));
- }
- // Set the appropriate behavior for when ID coming in is from localhost
- isLocalHost = isDenied?
- new LocalhostTafResp(access, RESP.NO_FURTHER_PROCESSING,"Localhost is denied"):
- accept?
- new LocalhostTafResp(access, RESP.IS_AUTHENTICATED,"Localhost is allowed"):
- new LocalhostTafResp(access, RESP.TRY_ANOTHER_TAF,"Localhost is allowed");
- isNotLocalHost = new LocalhostTafResp(access, RESP.TRY_ANOTHER_TAF,"Address is not Localhost");
- }
-
-// @Override
- public TafResp validate(Taf.LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {
- String remote = req.getRemoteAddr();
- return addrSet.contains(remote)
- ?isLocalHost
- :isNotLocalHost;
- }
-
- /**
- * This function used for other TAFs (i.e. CSP, which can't work on localhost address)
- *
- * @param address
- * @return
- */
- public static boolean isLocalAddress(String address) {
- return addrSet.contains(address);
- }
-
- public String toString() {
- return "Localhost TAF activated: " + isLocalHost.desc();
- }
-
- public Resp revalidate(CachedPrincipal prin) {
- // shouldn't get here, since there's no need to Cache, but if so, LocalHost is always valid...
- return Resp.REVALIDATED;
- }
-}