1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
|
/**
* ============LICENSE_START=======================================================
* org.onap.aai
* ================================================================================
* Copyright © 2017 AT&T Intellectual Property. All rights reserved.
* Copyright © 2017 Amdocs
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.onap.aaiauth.auth;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.File;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.onap.aaiauth.util.AuthConstants;
public class AuthCore {
private String authFilename;
public ObjectMapper mapper;
private enum HTTP_METHODS {
POST, GET, PUT, DELETE, PATCH
}
public AuthCore(String filename) throws Exception {
this.authFilename = filename;
loadUsers(filename);
}
private static boolean usersInitialized = false;
private static HashMap<String, AuthUser> users;
public String getConfigFile() {
return this.authFilename;
}
/**
* Loads the auth file and caches a list of authorized users.
*
* @param authFilename
* - Absolute path of the file where authorized users are listed.
*/
public synchronized void loadUsers(String authFilename) throws Exception {
users = new HashMap<>();
mapper = new ObjectMapper(); // can reuse, share globally
JsonNode rootNode = mapper.readTree(new File(authFilename));
JsonNode rolesNode = rootNode.path(AuthConstants.ROLES_NODE_PATH);
for (JsonNode roleNode : rolesNode) {
String roleName = roleNode.path(AuthConstants.ROLE_NAME_PATH).asText();
AuthRole role = new AuthRole();
JsonNode usersNode = roleNode.path(AuthConstants.USERS_NODE_PATH);
JsonNode functionsNode = roleNode.path(AuthConstants.FUNCTIONS_NODE_PATH);
for (JsonNode functionNode : functionsNode) {
String function = functionNode.path(AuthConstants.FUNCTION_NAME_PATH).asText();
JsonNode methodsNode = functionNode.path(AuthConstants.METHODS_NODE_PATH);
boolean hasMethods = handleMethodNode(methodsNode, role, function);
if (!hasMethods) {
// iterate the list from HTTP_METHODS
for (HTTP_METHODS meth : HTTP_METHODS.values()) {
String thisFunction = meth.toString() + ":" + function;
role.addAllowedFunction(thisFunction);
}
}
}
handleUserNode(usersNode, roleName, role);
}
usersInitialized = true;
}
private boolean handleMethodNode(JsonNode methodsNode, AuthRole role, String function) {
boolean hasMethods = false;
for (JsonNode methodNode : methodsNode) {
String methodName = methodNode.path(AuthConstants.METHOD_NAME_PATH).asText();
hasMethods = true;
String thisFunction = methodName + ":" + function;
role.addAllowedFunction(thisFunction);
}
return hasMethods;
}
private void handleUserNode(JsonNode usersNode, String roleName, AuthRole role) {
for (JsonNode userNode : usersNode) {
// make the user lower case
String node = userNode.path(AuthConstants.USER_NODE_PATH).asText().toLowerCase();
AuthUser user;
if (users.containsKey(node)) {
user = users.get(node);
} else {
user = new AuthUser();
}
user.setUser(node);
user.addRole(roleName, role);
users.put(node, user);
}
}
public class AuthUser {
public AuthUser() {
this.roles = new HashMap<>();
}
private String username;
private HashMap<String, AuthRole> roles;
public String getUser() {
return this.username;
}
public Map<String, AuthRole> getRoles() {
return this.roles;
}
public void addRole(String roleName, AuthRole role) {
this.roles.put(roleName, role);
}
/**
* Returns true if the user has permissions for the function, otherwise returns false.
*
* @param checkFunc
* - String value of the function.
*/
public boolean checkAllowed(String checkFunc) {
for (Map.Entry<String, AuthRole> roleEntry : this.roles.entrySet()) {
AuthRole role = roleEntry.getValue();
if (role.hasAllowedFunction(checkFunc)) {
// break out as soon as we find it
return true;
}
}
// we would have got positive confirmation had it been there
return false;
}
public void setUser(String myuser) {
this.username = myuser;
}
}
public static class AuthRole {
public AuthRole() {
this.allowedFunctions = new ArrayList<>();
}
private List<String> allowedFunctions;
public void addAllowedFunction(String func) {
this.allowedFunctions.add(func);
}
/**
* Remove the function from the user's list of allowed functions.
*
* @param delFunc
* - String value of the function.
*/
public void delAllowedFunction(String delFunc) {
if (this.allowedFunctions.contains(delFunc)) {
this.allowedFunctions.remove(delFunc);
}
}
/**
* Returns true if the user has permissions to use the function, otherwise returns false.
*
* @param afunc
* - String value of the function.
*/
public boolean hasAllowedFunction(String afunc) {
return this.allowedFunctions.contains(afunc);
}
}
/**
* Returns a hash-map of all users which have been loaded and initialized.
*/
public Map<String, AuthUser> getUsers(String key) throws Exception {
if (!usersInitialized || (users == null)) {
loadUsers(this.authFilename);
}
return users;
}
/**
* Returns true if the user is allowed to access a function.
*
* @param username
* - String value of user
* @param authFunction
* - String value of the function.
*/
public boolean authorize(String username, String authFunction) {
AuthUser user = users.get(username);
return user != null && user.checkAllowed(authFunction);
}
}
|
