From 6d469611d86642bc0b74ce51af72cc36d2af962d Mon Sep 17 00:00:00 2001 From: Instrumental Date: Mon, 26 Mar 2018 12:04:27 -0700 Subject: Remove Code from cadi, it is now in authz Issue-ID: AAF-193 Change-Id: Ib7abdb15ba8a7445a3875cf8c6bb48b7d563f424 Signed-off-by: Instrumental --- .../org/onap/aaf/cadi/filter/CadiHTTPManip.java | 227 --------------------- 1 file changed, 227 deletions(-) delete mode 100644 core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java (limited to 'core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java') diff --git a/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java b/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java deleted file mode 100644 index a3df1c0..0000000 --- a/core/src/main/java/org/onap/aaf/cadi/filter/CadiHTTPManip.java +++ /dev/null @@ -1,227 +0,0 @@ -/******************************************************************************* - * ============LICENSE_START==================================================== - * * org.onap.aaf - * * =========================================================================== - * * Copyright © 2017 AT&T Intellectual Property. All rights reserved. - * * =========================================================================== - * * Licensed under the Apache License, Version 2.0 (the "License"); - * * you may not use this file except in compliance with the License. - * * You may obtain a copy of the License at - * * - * * http://www.apache.org/licenses/LICENSE-2.0 - * * - * * Unless required by applicable law or agreed to in writing, software - * * distributed under the License is distributed on an "AS IS" BASIS, - * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * * See the License for the specific language governing permissions and - * * limitations under the License. - * * ============LICENSE_END==================================================== - * * - * * ECOMP is a trademark and service mark of AT&T Intellectual Property. - * * - ******************************************************************************/ -package org.onap.aaf.cadi.filter; - -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.onap.aaf.cadi.Access; -import org.onap.aaf.cadi.CadiException; -import org.onap.aaf.cadi.CadiWrap; -import org.onap.aaf.cadi.Connector; -import org.onap.aaf.cadi.CredVal; -import org.onap.aaf.cadi.Lur; -import org.onap.aaf.cadi.Taf; -import org.onap.aaf.cadi.TrustChecker; -import org.onap.aaf.cadi.Access.Level; -import org.onap.aaf.cadi.config.Config; -import org.onap.aaf.cadi.lur.EpiLur; -import org.onap.aaf.cadi.taf.HttpTaf; -import org.onap.aaf.cadi.taf.TafResp; -import org.onap.aaf.cadi.util.UserChainManip; - -/** - * Encapsulate common HTTP Manipulation Behavior. It will appropriately set - * HTTPServletResponse for Redirect or Forbidden, as needed. - * - * Further, this is useful, because it avoids multiple creates of Connections, where some Filters - * are created and destroyed regularly. - * - * - * - */ -public class CadiHTTPManip { - private static final String ACCESS_CADI_CONTROL = ".access|cadi|control"; - private static final String METH = "OPTIONS"; - private static final String CADI = "/cadi/"; - private static final String CADI_CACHE_PRINT = "/cadi/cache/print"; - private static final String CADI_CACHE_CLEAR = "/cadi/cache/clear"; - private static final String CADI_LOG_SET = "/cadi/log/set/"; - private Access access; - private HttpTaf taf; - private CredVal up; - private Lur lur; - private String thisPerm,companyPerm,aaf_id; - - public static final Object[] noAdditional = new Object[0]; // CadiFilter can be created each call in some systems - - - public CadiHTTPManip(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { - synchronized(CADI) { - this.access = access; -// Get getter = new AccessGetter(access); - Config.setDefaultRealm(access); - - aaf_id = access.getProperty(Config.CADI_ALIAS,access.getProperty(Config.AAF_MECHID, null)); - if(aaf_id==null) { - access.printf(Level.INIT, "%s is not set. %s can be used instead",Config.AAF_MECHID,Config.CADI_ALIAS); - } else { - access.printf(Level.INIT, "%s is set to %s",Config.AAF_MECHID,aaf_id); - } - String ns = aaf_id==null?null:UserChainManip.idToNS(aaf_id); - if(ns!=null) { - thisPerm = ns+ACCESS_CADI_CONTROL; - int dot = ns.indexOf('.'); - if(dot>=0) { - int dot2=ns.indexOf('.',dot+1); - if(dot2<0) { - dot2=dot; - } - companyPerm = ns.substring(0, dot2)+ACCESS_CADI_CONTROL; - } else { - companyPerm = "com"+ACCESS_CADI_CONTROL; - } - } else { - thisPerm = companyPerm = "com"+ACCESS_CADI_CONTROL; - } - - if(con!=null) { // try to reutilize connector - List ll = null; - for(Object tl : additionalTafLurs) { - if(tl instanceof Lur) { - if(ll==null) { - ll = new ArrayList(); - ll.add(con.newLur()); - } - ll.add((Lur)tl); - } - } - if(ll==null) { - lur = con.newLur(); - } else { - lur = new EpiLur((Lur[])ll.toArray()); - } - } else { - lur = Config.configLur(access, additionalTafLurs); - } - tc.setLur(lur); - if(lur instanceof EpiLur) { - up = ((EpiLur)lur).getUserPassImpl(); - } else if(lur instanceof CredVal) { - up = (CredVal)lur; - } else { - up = null; - } - taf = Config.configHttpTaf(access, tc, up, lur, additionalTafLurs); - } - } - - public TafResp validate(HttpServletRequest hreq, HttpServletResponse hresp) throws IOException { - TafResp tresp = taf.validate(Taf.LifeForm.LFN, hreq, hresp); - switch(tresp.isAuthenticated()) { - case IS_AUTHENTICATED: - access.printf(Level.INFO,"Authenticated: %s from %s:%d" - , tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort()); - break; - case TRY_AUTHENTICATING: - switch (tresp.authenticate()) { - case IS_AUTHENTICATED: - access.printf(Level.INFO,"Authenticated: %s from %s:%d" - , tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort()); - break; - case HTTP_REDIRECT_INVOKED: - access.log(Level.INFO,"Authenticating via redirection: ", tresp.desc()); - break; - case NO_FURTHER_PROCESSING: - access.printf(Level.AUDIT,"Authentication Failure: %s from %s:%d" - , tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort()); - hresp.sendError(403, tresp.desc()); // Forbidden - break; - - default: - access.printf(Level.AUDIT,"No TAF will authorize for request from %s:%d" - , hreq.getRemoteAddr(), hreq.getRemotePort()); - hresp.sendError(403, tresp.desc()); // Forbidden - } - break; - case NO_FURTHER_PROCESSING: - access.printf(Level.AUDIT,"Authentication Failure: %s from %s:%d", - tresp.desc(), hreq.getRemoteAddr(), hreq.getRemotePort()); - hresp.sendError(403, "Access Denied"); // FORBIDDEN - break; - default: - access.printf(Level.AUDIT,"No TAF will authorize for request from %s:%d" - , hreq.getRemoteAddr(), hreq.getRemotePort()); - hresp.sendError(403, "Access Denied"); // FORBIDDEN - } - return tresp; - } - - public boolean notCadi(CadiWrap req, HttpServletResponse resp) { - - String pathInfo = req.getPathInfo(); - if(METH.equalsIgnoreCase(req.getMethod()) && pathInfo!=null && pathInfo.contains(CADI)) { - if(req.getUser().equals(aaf_id) || req.isUserInRole(thisPerm) || req.isUserInRole(companyPerm)) { - try { - if(pathInfo.contains(CADI_CACHE_PRINT)) { - resp.getOutputStream().println(lur.toString()); - resp.setStatus(200); - return false; - } else if(pathInfo.contains(CADI_CACHE_CLEAR)) { - StringBuilder report = new StringBuilder(); - lur.clear(req.getUserPrincipal(), report); - resp.getOutputStream().println(report.toString()); - resp.setStatus(200); - return false; - } else if(pathInfo.contains(CADI_LOG_SET)) { - Level l; - int slash = pathInfo.lastIndexOf('/'); - String level = pathInfo.substring(slash+1); - try { - l = Level.valueOf(level); - access.printf(Level.AUDIT, "%s has set CADI Log Level to '%s'",req.getUser(),l.name()); - access.setLogLevel(l); - } catch (IllegalArgumentException e) { - access.printf(Level.AUDIT, "'%s' is not a valid CADI Log Level",level); - } - return false; - } - } catch (IOException e) { - access.log(e); - } - } - } - return true; - } - - public Lur getLur() { - return lur; - } - - public void destroy() { - access.log(Level.INFO,"CadiHttpChecker destroyed."); - if(lur!=null) { - lur.destroy(); - lur=null; - } - } - - public Access getAccess() { - return access; - } - -} -- cgit 1.2.3-korg