summaryrefslogtreecommitdiffstats
path: root/aai-aaf-auth/src/main/java
diff options
context:
space:
mode:
Diffstat (limited to 'aai-aaf-auth/src/main/java')
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java21
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java17
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java3
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java13
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java19
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java56
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java52
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java37
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java30
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java10
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java37
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java15
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java38
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java1
-rw-r--r--aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java66
15 files changed, 214 insertions, 201 deletions
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java
index 0e170301..f591125c 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AAIAuthCore.java
@@ -20,18 +20,11 @@
package org.onap.aai.aaf.auth;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
-import org.eclipse.jetty.util.security.Password;
-import org.onap.aai.aaf.auth.exceptions.AAIUnrecognizedFunctionException;
-import org.onap.aai.logging.ErrorLogHelper;
-import org.onap.aai.util.AAIConfig;
-import org.onap.aai.util.AAIConstants;
import java.io.File;
import java.io.FileNotFoundException;
@@ -43,6 +36,14 @@ import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
+import org.eclipse.jetty.util.security.Password;
+import org.onap.aai.aaf.auth.exceptions.AAIUnrecognizedFunctionException;
+import org.onap.aai.logging.ErrorLogHelper;
+import org.onap.aai.util.AAIConfig;
+import org.onap.aai.util.AAIConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
/**
* The Class AAIAuthCore.
*/
@@ -69,14 +70,14 @@ public final class AAIAuthCore {
this(basePath, AAIConstants.AAI_AUTH_CONFIG_FILENAME);
}
- public AAIAuthCore(String basePath, String filename){
+ public AAIAuthCore(String basePath, String filename) {
this.basePath = basePath;
this.globalAuthFileName = filename;
authPolicyPattern = Pattern.compile("^" + this.basePath + "/v\\d+/([\\w\\-]*)");
init();
}
- public AAIAuthCore(String basePath, String filename, String pattern){
+ public AAIAuthCore(String basePath, String filename, String pattern) {
this.basePath = basePath;
this.globalAuthFileName = filename;
authPolicyPattern = Pattern.compile(pattern);
@@ -364,7 +365,7 @@ public final class AAIAuthCore {
* @return true, if successful
*/
private boolean authorize(AAIUser aaiUser, String aaiMethod, String httpMethod) {
- if ("info".equalsIgnoreCase(aaiMethod)|| aaiUser.hasAccess(aaiMethod, httpMethod)) {
+ if ("info".equalsIgnoreCase(aaiMethod) || aaiUser.hasAccess(aaiMethod, httpMethod)) {
LOGGER.debug("AUTH ACCEPTED: " + aaiUser.getUsername() + " on function " + aaiMethod + " request type "
+ httpMethod);
return true;
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java
index 9a02fe2c..cfaa61be 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestFilter.java
@@ -20,20 +20,21 @@
package org.onap.aai.aaf.auth;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.onap.aaf.cadi.filter.CadiFilter;
+import static org.onap.aai.aaf.auth.ResponseFormatter.errorResponse;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Enumeration;
import java.util.List;
import java.util.Properties;
-import static org.onap.aai.aaf.auth.ResponseFormatter.errorResponse;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/**
* The Class AafRequestFilter provides common auth filter methods
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java
index 0ecca679..f74ed3e4 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/AafRequestWrapper.java
@@ -20,9 +20,10 @@
package org.onap.aai.aaf.auth;
+import java.util.*;
+
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
-import java.util.*;
/**
* The AafRequestWrapper sets the user in the principal name
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java
index 26273a6a..139e46c8 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/CertUtil.java
@@ -20,18 +20,19 @@
package org.onap.aai.aaf.auth;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Properties;
+import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.stream.Collectors;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -39,8 +40,8 @@ import org.slf4j.LoggerFactory;
* The Class CertUtil provides cert related utility methods.
*/
public class CertUtil {
- public static final String DEFAULT_CADI_ISSUERS = "CN=ATT AAF CADI Test Issuing " +
- "CA 01, OU=CSO, O=ATT, C=US:CN=ATT AAF CADI Test Issuing CA 02, OU=CSO, O=ATT, C=US";
+ public static final String DEFAULT_CADI_ISSUERS = "CN=ATT AAF CADI Test Issuing "
+ + "CA 01, OU=CSO, O=ATT, C=US:CN=ATT AAF CADI Test Issuing CA 02, OU=CSO, O=ATT, C=US";
public static final String CADI_PROP_FILES = "cadi_prop_files";
public static final String CADI_ISSUERS_PROP_NAME = "cadi_x509_issuers";
public static final String CADI_ISSUERS_SEPARATOR = ":";
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java
index f5583b71..1748ed15 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/auth/ResponseFormatter.java
@@ -20,15 +20,16 @@
package org.onap.aai.aaf.auth;
-import org.onap.aai.exceptions.AAIException;
-import org.onap.aai.logging.ErrorLogHelper;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.core.MediaType;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
+
+import org.onap.aai.exceptions.AAIException;
+import org.onap.aai.logging.ErrorLogHelper;
public class ResponseFormatter {
@@ -43,9 +44,10 @@ public class ResponseFormatter {
errorResponse(new AAIException("AAI_3300"), request, response);
}
- public static void errorResponse(AAIException exception, HttpServletRequest request, HttpServletResponse response) throws IOException {
+ public static void errorResponse(AAIException exception, HttpServletRequest request, HttpServletResponse response)
+ throws IOException {
- if(response.isCommitted()){
+ if (response.isCommitted()) {
return;
}
@@ -62,7 +64,8 @@ public class ResponseFormatter {
response.setStatus(exception.getErrorObject().getHTTPResponseCode().getStatusCode());
response.resetBuffer();
- String resp = ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)), exception, new ArrayList<>());
+ String resp = ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)),
+ exception, new ArrayList<>());
response.getOutputStream().print(resp);
response.flushBuffer();
}
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java
index 82651e9f..485fa7e3 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafAuthorizationFilter.java
@@ -20,6 +20,17 @@
package org.onap.aai.aaf.filters;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.onap.aai.aaf.auth.ResponseFormatter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
@@ -28,16 +39,6 @@ import org.springframework.context.annotation.Profile;
import org.springframework.context.annotation.PropertySource;
import org.springframework.stereotype.Component;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.stream.Collectors;
-
/**
* AAF authorization filter
*/
@@ -59,52 +60,49 @@ public class AafAuthorizationFilter extends OrderedRequestContextFilter {
private List<String> advancedKeywordsList;
@Autowired
- public AafAuthorizationFilter(
- GremlinFilter gremlinFilter,
- @Value("${permission.type}") String type,
- @Value("${permission.instance}") String instance,
- @Value("${advanced.keywords.list:}") String advancedKeys
- ) {
+ public AafAuthorizationFilter(GremlinFilter gremlinFilter, @Value("${permission.type}") String type,
+ @Value("${permission.instance}") String instance,
+ @Value("${advanced.keywords.list:}") String advancedKeys) {
this.gremlinFilter = gremlinFilter;
this.type = type;
this.instance = instance;
- if(advancedKeys == null || advancedKeys.isEmpty()){
+ if (advancedKeys == null || advancedKeys.isEmpty()) {
this.advancedKeywordsList = new ArrayList<>();
} else {
- this.advancedKeywordsList = Arrays.stream(advancedKeys.split(","))
- .collect(Collectors.toList());
+ this.advancedKeywordsList = Arrays.stream(advancedKeys.split(",")).collect(Collectors.toList());
}
this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority());
}
@Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
- if(request.getRequestURI().matches("^.*/util/echo$")){
- filterChain.doFilter(request, response);
- }
- if(request.getRequestURI().endsWith("/query")){
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws IOException, ServletException {
+ if (request.getRequestURI().matches("^.*/util/echo$")) {
+ filterChain.doFilter(request, response);
+ }
+ if (request.getRequestURI().endsWith("/query")) {
gremlinFilter.doBasicAuthFilter(request, response, filterChain);
} else {
String permission = null;
- if(advancedKeywordsList == null || advancedKeywordsList.size() == 0) {
+ if (advancedKeywordsList == null || advancedKeywordsList.size() == 0) {
permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase());
} else {
boolean isAdvanced = this.containsAdvancedKeywords(request);
- //if the URI contains advanced.keywords it's an advanced query
+ // if the URI contains advanced.keywords it's an advanced query
String queryType = isAdvanced ? ADVANCED : BASIC;
permission = String.format("%s|%s|%s", type, instance, queryType);
}
boolean isAuthorized = request.isUserInRole(permission);
- if(!isAuthorized){
+ if (!isAuthorized) {
ResponseFormatter.errorResponse(request, response);
} else {
- filterChain.doFilter(request,response);
+ filterChain.doFilter(request, response);
}
}
@@ -112,7 +110,7 @@ public class AafAuthorizationFilter extends OrderedRequestContextFilter {
private boolean containsAdvancedKeywords(HttpServletRequest request) {
String uri = request.getRequestURI();
- for (String keyword: advancedKeywordsList) {
+ for (String keyword : advancedKeywordsList) {
if (uri.contains(keyword)) {
return true;
}
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java
index e0adf191..56799f1c 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertAuthorizationFilter.java
@@ -20,6 +20,17 @@
package org.onap.aai.aaf.filters;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.onap.aai.aaf.auth.AafRequestFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
@@ -28,18 +39,6 @@ import org.springframework.context.annotation.Profile;
import org.springframework.context.annotation.PropertySource;
import org.springframework.stereotype.Component;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Properties;
-import java.util.stream.Collectors;
-
-
/**
* AAF with client cert authorization filter
*/
@@ -62,42 +61,41 @@ public class AafCertAuthorizationFilter extends OrderedRequestContextFilter {
private List<String> advancedKeywordsList;
@Autowired
- public AafCertAuthorizationFilter(
- @Value("${permission.type}") String type,
- @Value("${permission.instance}") String instance,
- @Value("${advanced.keywords.list:}") String advancedKeys,
- CadiProps cadiProps
- ) {
+ public AafCertAuthorizationFilter(@Value("${permission.type}") String type,
+ @Value("${permission.instance}") String instance, @Value("${advanced.keywords.list:}") String advancedKeys,
+ CadiProps cadiProps) {
this.type = type;
this.instance = instance;
this.cadiProps = cadiProps;
- if(advancedKeys == null || advancedKeys.isEmpty()){
+ if (advancedKeys == null || advancedKeys.isEmpty()) {
this.advancedKeywordsList = new ArrayList<>();
} else {
- this.advancedKeywordsList = Arrays.stream(advancedKeys.split(","))
- .collect(Collectors.toList());
+ this.advancedKeywordsList = Arrays.stream(advancedKeys.split(",")).collect(Collectors.toList());
}
this.setOrder(FilterPriority.AAF_CERT_AUTHORIZATION.getPriority());
}
@Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
- if(advancedKeywordsList == null || advancedKeywordsList.size() == 0){
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws IOException, ServletException {
+ if (advancedKeywordsList == null || advancedKeywordsList.size() == 0) {
String permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase());
- AafRequestFilter.authorizationFilter(request, response, filterChain, permission, cadiProps.getCadiProperties());
+ AafRequestFilter.authorizationFilter(request, response, filterChain, permission,
+ cadiProps.getCadiProperties());
} else {
boolean isAdvanced = this.containsAdvancedKeywords(request);
- //if the URI contains advanced.keywords it's an advanced query
+ // if the URI contains advanced.keywords it's an advanced query
String queryType = isAdvanced ? ADVANCED : BASIC;
String permission = String.format("%s|%s|%s", type, instance, queryType);
- AafRequestFilter.authorizationFilter(request, response, filterChain, permission, cadiProps.getCadiProperties());
+ AafRequestFilter.authorizationFilter(request, response, filterChain, permission,
+ cadiProps.getCadiProperties());
}
}
private boolean containsAdvancedKeywords(HttpServletRequest request) {
String uri = request.getRequestURI();
- for (String keyword: advancedKeywordsList) {
+ for (String keyword : advancedKeywordsList) {
if (uri.contains(keyword)) {
return true;
}
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java
index 7a47b972..e423dc0a 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafCertFilter.java
@@ -20,11 +20,18 @@
package org.onap.aai.aaf.filters;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.filter.CadiFilter;
import org.onap.aai.aaf.auth.AafRequestFilter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
@@ -32,12 +39,6 @@ import org.springframework.context.annotation.Profile;
import org.springframework.context.annotation.PropertySource;
import org.springframework.stereotype.Component;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
/**
* AAF with client cert authentication filter
*/
@@ -57,12 +58,12 @@ public class AafCertFilter extends OrderedRequestContextFilter {
private final CadiProps cadiProps;
@Autowired
- public AafCertFilter( @Value("${aaf.userchain.pattern}") String aafUserChainPattern,
- CadiProps cadiProps) throws IOException, ServletException {
+ public AafCertFilter(@Value("${aaf.userchain.pattern}") String aafUserChainPattern, CadiProps cadiProps)
+ throws IOException, ServletException {
this.aafUserChainPattern = aafUserChainPattern;
this.cadiProps = cadiProps;
- cadiFilter = new CadiFilter(new PropAccess((level,element)->{
+ cadiFilter = new CadiFilter(new PropAccess((level, element) -> {
switch (level) {
case DEBUG:
LOGGER.debug(buildMsg(element));
@@ -86,22 +87,24 @@ public class AafCertFilter extends OrderedRequestContextFilter {
case NONE:
break;
}
- }, new String[]{"cadi_prop_files=" + cadiProps.getCadiFileName()} ));
+ }, new String[] {"cadi_prop_files=" + cadiProps.getCadiFileName()}));
this.setOrder(FilterPriority.AAF_CERT_AUTHENTICATION.getPriority());
}
@Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
- AafRequestFilter.authenticationFilter(request, response, filterChain, cadiFilter, cadiProps.getCadiProperties(), aafUserChainPattern);
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws IOException, ServletException {
+ AafRequestFilter.authenticationFilter(request, response, filterChain, cadiFilter, cadiProps.getCadiProperties(),
+ aafUserChainPattern);
}
+
private String buildMsg(Object[] objects) {
StringBuilder sb = new StringBuilder();
boolean first = true;
- for ( Object o: objects ) {
+ for (Object o : objects) {
if (first) {
first = false;
- }
- else {
+ } else {
sb.append(' ');
}
sb.append(o.toString());
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java
index e6769dda..5dbc2e7a 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafFilter.java
@@ -20,23 +20,23 @@
package org.onap.aai.aaf.filters;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.io.IOException;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.onap.aaf.cadi.PropAccess;
import org.onap.aaf.cadi.filter.CadiFilter;
import org.onap.aai.aaf.auth.ResponseFormatter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-
-
/**
* AAF authentication filter
*/
@@ -51,7 +51,7 @@ public class AafFilter extends OrderedRequestContextFilter {
@Autowired
public AafFilter(CadiProps cadiProps) throws IOException, ServletException {
- cadiFilter = new CadiFilter(new PropAccess((level,element)->{
+ cadiFilter = new CadiFilter(new PropAccess((level, element) -> {
switch (level) {
case DEBUG:
LOGGER.debug(buildMsg(element));
@@ -75,12 +75,13 @@ public class AafFilter extends OrderedRequestContextFilter {
case NONE:
break;
}
- }, new String[]{"cadi_prop_files=" + cadiProps.getCadiFileName()} ));
+ }, new String[] {"cadi_prop_files=" + cadiProps.getCadiFileName()}));
this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority());
}
@Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws IOException, ServletException {
if (!request.getRequestURI().matches("^.*/util/echo$")) {
cadiFilter.doFilter(request, response, filterChain);
if (response.getStatus() == 401 || response.getStatus() == 403) {
@@ -94,11 +95,10 @@ public class AafFilter extends OrderedRequestContextFilter {
private String buildMsg(Object[] objects) {
StringBuilder sb = new StringBuilder();
boolean first = true;
- for ( Object o: objects ) {
+ for (Object o : objects) {
if (first) {
first = false;
- }
- else {
+ } else {
sb.append(' ');
}
sb.append(o.toString());
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java
index b587716e..e87dc4a5 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/AafProfiles.java
@@ -17,17 +17,19 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.aai.aaf.filters;
public class AafProfiles {
// AAF Basic Auth
- public static final String AAF_AUTHENTICATION = "aaf-auth";
+ public static final String AAF_AUTHENTICATION = "aaf-auth";
// AAF Auth with Client Certs
- public static final String AAF_CERT_AUTHENTICATION = "aaf-cert-auth";
+ public static final String AAF_CERT_AUTHENTICATION = "aaf-cert-auth";
- public static final String TWO_WAY_SSL = "two-way-ssl";
+ public static final String TWO_WAY_SSL = "two-way-ssl";
- private AafProfiles(){}
+ private AafProfiles() {
+ }
}
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java
index 35e88f5f..4bf9ea82 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/CadiProps.java
@@ -17,8 +17,17 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.aai.aaf.filters;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Properties;
+
+import javax.annotation.PostConstruct;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -26,20 +35,9 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;
-import javax.annotation.PostConstruct;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.Properties;
-
// This component will be created if and only if any of the following profiles are active
@Component
-@Profile({
- AafProfiles.AAF_CERT_AUTHENTICATION,
- AafProfiles.AAF_AUTHENTICATION,
- AafProfiles.TWO_WAY_SSL
-})
+@Profile({AafProfiles.AAF_CERT_AUTHENTICATION, AafProfiles.AAF_AUTHENTICATION, AafProfiles.TWO_WAY_SSL})
public class CadiProps {
private static final Logger LOGGER = LoggerFactory.getLogger(CadiProps.class);
@@ -49,18 +47,19 @@ public class CadiProps {
private Properties cadiProperties;
@Autowired
- public CadiProps(@Value("${aaf.cadi.file:./resources/cadi.properties}") String filename){
- cadiFileName = filename;
+ public CadiProps(@Value("${aaf.cadi.file:./resources/cadi.properties}") String filename) {
+ cadiFileName = filename;
cadiProperties = new Properties();
}
@PostConstruct
public void init() throws IOException {
- File cadiFile = new File(cadiFileName);
+ File cadiFile = new File(cadiFileName);
- if(!cadiFile.exists()){
- LOGGER.warn("Unable to find the cadi file in the given path {} so loading cadi.properties from classloader", cadiFileName);
+ if (!cadiFile.exists()) {
+ LOGGER.warn("Unable to find the cadi file in the given path {} so loading cadi.properties from classloader",
+ cadiFileName);
InputStream is = this.getClass().getClassLoader().getResourceAsStream("cadi.properties");
cadiProperties.load(is);
} else {
@@ -72,10 +71,12 @@ public class CadiProps {
}
}
+
public String getCadiFileName() {
return cadiFileName;
}
- public Properties getCadiProperties(){
+
+ public Properties getCadiProperties() {
return cadiProperties;
}
}
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java
index 17b9f0e4..e2423425 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/FilterPriority.java
@@ -17,17 +17,18 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.aai.aaf.filters;
import org.springframework.core.Ordered;
public enum FilterPriority {
- AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE),
- AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1), //higher number = lower priority
- AAF_CERT_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE + 2 ),
- AAF_CERT_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 3),
- TWO_WAY_SSL_AUTH(Ordered.HIGHEST_PRECEDENCE + 4);
+ AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE), AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1), // higher number
+ // = lower
+ // priority
+ AAF_CERT_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE + 2), AAF_CERT_AUTHORIZATION(
+ Ordered.HIGHEST_PRECEDENCE + 3), TWO_WAY_SSL_AUTH(Ordered.HIGHEST_PRECEDENCE + 4);
private final int priority;
@@ -35,5 +36,7 @@ public enum FilterPriority {
priority = p;
}
- public int getPriority() { return priority; }
+ public int getPriority() {
+ return priority;
+ }
}
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java
index ce96acf1..dffa74ef 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/GremlinFilter.java
@@ -17,6 +17,7 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.aai.aaf.filters;
import java.io.IOException;
@@ -38,10 +39,7 @@ import org.springframework.context.annotation.Profile;
import org.springframework.stereotype.Component;
@Component
-@Profile({
- AafProfiles.AAF_CERT_AUTHENTICATION,
- AafProfiles.AAF_AUTHENTICATION
-})
+@Profile({AafProfiles.AAF_CERT_AUTHENTICATION, AafProfiles.AAF_AUTHENTICATION})
public class GremlinFilter {
private static final Logger LOGGER = LoggerFactory.getLogger(GremlinFilter.class);
@@ -57,44 +55,46 @@ public class GremlinFilter {
private CadiProps cadiProps;
@Autowired
- public GremlinFilter(
- @Value("${permission.type}") String type,
- @Value("${permission.instance}") String instance,
- CadiProps cadiProps
- ) {
+ public GremlinFilter(@Value("${permission.type}") String type, @Value("${permission.instance}") String instance,
+ CadiProps cadiProps) {
this.type = type;
this.instance = instance;
this.cadiProps = cadiProps;
}
- public void doBasicAuthFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
+ public void doBasicAuthFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws IOException, ServletException {
PayloadBufferingRequestWrapper requestBufferWrapper = new PayloadBufferingRequestWrapper(request);
- if(ECHO_ENDPOINT.matcher(request.getRequestURI()).matches()){
+ if (ECHO_ENDPOINT.matcher(request.getRequestURI()).matches()) {
filterChain.doFilter(requestBufferWrapper, response);
}
String payload = IOUtils.toString(requestBufferWrapper.getInputStream(), StandardCharsets.UTF_8.name());
boolean containsWordGremlin = payload.contains("\"gremlin\"");
- //if the requestBufferWrapper contains the word "gremlin" it's an "advanced" query needing an "advanced" role
+ // if the requestBufferWrapper contains the word "gremlin" it's an "advanced" query needing an "advanced" role
String permissionBasic = String.format("%s|%s|%s", type, instance, BASIC);
String permissionAdvanced = String.format("%s|%s|%s", type, instance, ADVANCED);
boolean isAuthorized;
- if(containsWordGremlin){
+ if (containsWordGremlin) {
isAuthorized = requestBufferWrapper.isUserInRole(permissionAdvanced);
- }else{
- isAuthorized = requestBufferWrapper.isUserInRole(permissionAdvanced) || requestBufferWrapper.isUserInRole(permissionBasic);
+ } else {
+ isAuthorized = requestBufferWrapper.isUserInRole(permissionAdvanced)
+ || requestBufferWrapper.isUserInRole(permissionBasic);
}
- if(!isAuthorized){
- String name = requestBufferWrapper.getUserPrincipal() != null ? requestBufferWrapper.getUserPrincipal().getName() : "unknown";
- LOGGER.info("User " + name + " does not have a role for " + (containsWordGremlin ? "gremlin" : "non-gremlin") + " query" );
+ if (!isAuthorized) {
+ String name =
+ requestBufferWrapper.getUserPrincipal() != null ? requestBufferWrapper.getUserPrincipal().getName()
+ : "unknown";
+ LOGGER.info("User " + name + " does not have a role for "
+ + (containsWordGremlin ? "gremlin" : "non-gremlin") + " query");
ResponseFormatter.errorResponse(request, response);
} else {
- filterChain.doFilter(requestBufferWrapper,response);
+ filterChain.doFilter(requestBufferWrapper, response);
}
}
}
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java
index 138189e4..e8c72dc3 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/PayloadBufferingRequestWrapper.java
@@ -17,6 +17,7 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.aai.aaf.filters;
import java.io.ByteArrayInputStream;
diff --git a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java
index 150802b8..3dad92df 100644
--- a/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java
+++ b/aai-aaf-auth/src/main/java/org/onap/aai/aaf/filters/TwoWaySslAuthorization.java
@@ -17,29 +17,31 @@
* limitations under the License.
* ============LICENSE_END=========================================================
*/
+
package org.onap.aai.aaf.filters;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.io.IOException;
+import java.security.cert.X509Certificate;
+import java.util.*;
+
+import javax.security.auth.x500.X500Principal;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
import org.onap.aai.aaf.auth.AAIAuthCore;
import org.onap.aai.aaf.auth.CertUtil;
import org.onap.aai.aaf.auth.ResponseFormatter;
import org.onap.aai.exceptions.AAIException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
import org.springframework.context.annotation.Profile;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;
-import javax.security.auth.x500.X500Principal;
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.security.cert.X509Certificate;
-import java.util.*;
-
@Component
@Profile("two-way-ssl")
public class TwoWaySslAuthorization extends OrderedRequestContextFilter {
@@ -59,12 +61,13 @@ public class TwoWaySslAuthorization extends OrderedRequestContextFilter {
@Autowired
private CadiProps cadiProps;
- public TwoWaySslAuthorization(){
+ public TwoWaySslAuthorization() {
this.setOrder(FilterPriority.TWO_WAY_SSL_AUTH.getPriority());
}
@Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
+ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+ throws IOException, ServletException {
String uri = request.getRequestURI();
String httpMethod = getHttpMethod(request);
@@ -80,11 +83,11 @@ public class TwoWaySslAuthorization extends OrderedRequestContextFilter {
ResponseFormatter.errorResponse(aaie, request, response);
return;
}
- issuer = issuer.replaceAll("\\s+","").toUpperCase();
+ issuer = issuer.replaceAll("\\s+", "").toUpperCase();
List<String> cadiConfiguredIssuers = CertUtil.getCadiCertIssuers(cadiProperties);
boolean isAafAuthProfileActive = this.isAafAuthProfileActive();
- if ((!isAafAuthProfileActive) || (!cadiConfiguredIssuers.contains(issuer)) ) {
+ if ((!isAafAuthProfileActive) || (!cadiConfiguredIssuers.contains(issuer))) {
try {
this.authorize(uri, httpMethod, authUser.get(), this.getHaProxyUser(request), issuer);
} catch (AAIException e) {
@@ -100,11 +103,9 @@ public class TwoWaySslAuthorization extends OrderedRequestContextFilter {
filterChain.doFilter(request, response);
}
-
private String getHttpMethod(HttpServletRequest request) {
String httpMethod = request.getMethod();
- if ("POST".equalsIgnoreCase(httpMethod)
- && "PATCH".equals(request.getHeader(HTTP_METHOD_OVERRIDE))) {
+ if ("POST".equalsIgnoreCase(httpMethod) && "PATCH".equals(request.getHeader(HTTP_METHOD_OVERRIDE))) {
httpMethod = MERGE_PATCH;
}
if (httpMethod.equalsIgnoreCase(MERGE_PATCH) || "patch".equalsIgnoreCase(httpMethod)) {
@@ -148,26 +149,26 @@ public class TwoWaySslAuthorization extends OrderedRequestContextFilter {
private String getHaProxyUser(HttpServletRequest hsr) {
String haProxyUser;
- if (Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-CN"))
- || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-OU"))
- || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-O"))
- || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-L"))
- || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-ST"))
- || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-C"))) {
+ if (Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-CN")) || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-OU"))
+ || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-O"))
+ || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-L"))
+ || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-ST"))
+ || Objects.isNull(hsr.getHeader("X-AAI-SSL-Client-C"))) {
haProxyUser = "";
} else {
haProxyUser = String.format("CN=%s, OU=%s, O=\"%s\", L=%s, ST=%s, C=%s",
- Objects.toString(hsr.getHeader("X-AAI-SSL-Client-CN"), ""),
- Objects.toString(hsr.getHeader("X-AAI-SSL-Client-OU"), ""),
- Objects.toString(hsr.getHeader("X-AAI-SSL-Client-O"), ""),
- Objects.toString(hsr.getHeader("X-AAI-SSL-Client-L"), ""),
- Objects.toString(hsr.getHeader("X-AAI-SSL-Client-ST"), ""),
- Objects.toString(hsr.getHeader("X-AAI-SSL-Client-C"), "")).toLowerCase();
+ Objects.toString(hsr.getHeader("X-AAI-SSL-Client-CN"), ""),
+ Objects.toString(hsr.getHeader("X-AAI-SSL-Client-OU"), ""),
+ Objects.toString(hsr.getHeader("X-AAI-SSL-Client-O"), ""),
+ Objects.toString(hsr.getHeader("X-AAI-SSL-Client-L"), ""),
+ Objects.toString(hsr.getHeader("X-AAI-SSL-Client-ST"), ""),
+ Objects.toString(hsr.getHeader("X-AAI-SSL-Client-C"), "")).toLowerCase();
}
return haProxyUser;
}
- private void authorize(String uri, String httpMethod, String authUser, String haProxyUser, String issuer) throws AAIException {
+ private void authorize(String uri, String httpMethod, String authUser, String haProxyUser, String issuer)
+ throws AAIException {
if (!aaiAuthCore.authorize(authUser, uri, httpMethod, haProxyUser, issuer)) {
throw new AAIException("AAI_9101", "Request on " + httpMethod + " " + uri + " status is not OK");
}
@@ -176,8 +177,7 @@ public class TwoWaySslAuthorization extends OrderedRequestContextFilter {
private boolean isAafAuthProfileActive() {
String[] profiles = environment.getActiveProfiles();
if (profiles != null) {
- if (Arrays.stream(profiles).anyMatch(
- env -> (env.equalsIgnoreCase(AafProfiles.AAF_CERT_AUTHENTICATION)))) {
+ if (Arrays.stream(profiles).anyMatch(env -> (env.equalsIgnoreCase(AafProfiles.AAF_CERT_AUTHENTICATION)))) {
return true;
}
}