diff options
author | Lee, Tian (tl5884) <TianL@amdocs.com> | 2018-05-08 12:01:21 +0100 |
---|---|---|
committer | Lee, Tian (tl5884) <TianL@amdocs.com> | 2018-05-08 12:01:21 +0100 |
commit | ee07ee287cab944dfc7371b3eeb230d1ba7e736e (patch) | |
tree | add8f7a8546d31fa17b663defb3b6c7259db1760 /src | |
parent | 4229965d8a112a9311505224e2bae254d25710dc (diff) |
Fix Babel authorisation mechanismv1.2.02.0.0-ONAPbeijing2.0.0-ONAP
Change-Id: Iae3139b33e315fae0c205fd7e0df67554d91cd5b
Issue-ID: AAI-1126
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
Diffstat (limited to 'src')
5 files changed, 29 insertions, 50 deletions
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java index 67eee9a..0412c1a 100644 --- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java +++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java @@ -51,30 +51,6 @@ public class AAIMicroServiceAuth { } /** - * @param username - * @param policyFunction - * @return - * @throws AAIAuthException - */ - public boolean authorize(String username, String policyFunction) throws AAIAuthException { - return AAIMicroServiceAuthCore.authorize(username, policyFunction); - } - - /** - * @param authUser - * @param policyFunction - * @return - * @throws AAIAuthException - */ - public String authenticate(String authUser, String policyFunction) throws AAIAuthException { - if (authorize(authUser, policyFunction)) { - return "OK"; - } else { - return "AAI_9101"; - } - } - - /** * @param headers * @param req * @param action @@ -94,11 +70,7 @@ public class AAIMicroServiceAuth { } String[] ps = apiPath.split("/"); - String authPolicyFunctionName = ps[0]; - if (ps.length > 1 && authPolicyFunctionName.matches("v\\d+")) { - authPolicyFunctionName = ps[1]; - } - + String authPolicyFunctionName = ps[ps.length - 1]; String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite"); String authUser = null; @@ -110,7 +82,8 @@ public class AAIMicroServiceAuth { } if (authUser != null) { - return "OK".equals(authenticate(authUser.toLowerCase(), action.toString() + ":" + authPolicyFunctionName)); + return AAIMicroServiceAuthCore.authorize(authUser.toLowerCase(), + action.toString() + ":" + authPolicyFunctionName); } else { return false; } diff --git a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java index 17d0b65..532d8c7 100644 --- a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java +++ b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java @@ -30,6 +30,7 @@ import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.PathSegment; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriInfo; @@ -49,8 +50,10 @@ import org.onap.aai.babel.service.data.BabelArtifact; import org.onap.aai.babel.service.data.BabelRequest; import org.onap.aai.babel.util.RequestValidationException; import org.onap.aai.babel.util.RequestValidator; +import org.springframework.stereotype.Service; /** Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version */ +@Service public class GenerateArtifactsServiceImpl implements GenerateArtifactsService { private static final LogHelper applicationLogger = LogHelper.INSTANCE; @@ -96,8 +99,12 @@ public class GenerateArtifactsServiceImpl implements GenerateArtifactsService { Response response; try { + // Get last URI path segment to use for authentication + List<PathSegment> pathSegments = uriInfo.getPathSegments(); + String lastPathSegment = pathSegments.isEmpty() ? "" : pathSegments.get(pathSegments.size() - 1).getPath(); + boolean authorized = aaiMicroServiceAuth.validateRequest(headers, servletRequest, - AAIMicroServiceAuthCore.HTTP_METHODS.POST, uriInfo.getPath(false)); + AAIMicroServiceAuthCore.HTTP_METHODS.POST, lastPathSegment); response = authorized ? generateArtifacts(requestBody) : buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation."); diff --git a/src/main/java/org/onap/aai/babel/service/InfoService.java b/src/main/java/org/onap/aai/babel/service/InfoService.java index c993746..e115568 100644 --- a/src/main/java/org/onap/aai/babel/service/InfoService.java +++ b/src/main/java/org/onap/aai/babel/service/InfoService.java @@ -31,6 +31,7 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; +import org.springframework.stereotype.Service; /** * Information service for the micro-service. Return status details to the caller. @@ -38,6 +39,7 @@ import javax.ws.rs.QueryParam; * @exclude */ @Path("/core/core-service") +@Service public class InfoService { private Clock clock = Clock.systemDefaultZone(); diff --git a/src/main/resources/babel-beans.xml b/src/main/resources/babel-beans.xml index f4cc32c..e979a2e 100644 --- a/src/main/resources/babel-beans.xml +++ b/src/main/resources/babel-beans.xml @@ -1,5 +1,6 @@ <?xml version="1.0" encoding="UTF-8"?> -<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" +<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"> @@ -8,7 +9,9 @@ <!-- PROPERTY AND CONFIGURATION FILES --> <!-- ////////////////////////////////////////////////////////////////// --> - <context:property-placeholder location="file:${CONFIG_HOME}/babel-auth.properties" ignore-unresolvable="true" /> + <context:property-placeholder + location="file:${CONFIG_HOME}/babel-auth.properties" + ignore-unresolvable="true" /> <!-- ////////////////////////////////////////////////////////////////// --> <!-- CONFIG BEANS --> @@ -23,13 +26,8 @@ <!-- IMPLEMENTATION BEANS --> <!-- ////////////////////////////////////////////////////////////////// --> - <bean id="aaiMicroServiceAuth" class="org.onap.aai.auth.AAIMicroServiceAuth" > + <bean id="aaiMicroServiceAuth" class="org.onap.aai.auth.AAIMicroServiceAuth"> <constructor-arg ref="babelAuthConfig" /> </bean> - - <bean id="generateArtifacts" class="org.onap.aai.babel.service.GenerateArtifactsServiceImpl" > - <constructor-arg ref="aaiMicroServiceAuth" /> - </bean> - </beans> diff --git a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java index 99eb4e9..e6f5aa6 100644 --- a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java +++ b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java @@ -20,7 +20,6 @@ */ package org.onap.aai.babel; -import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertThat; @@ -80,9 +79,9 @@ public class MicroServiceAuthTest { @Test public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException { JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func")); - AAIMicroServiceAuth auth = createAuthService(roles); - assertThat(auth.authorize("nosuchuser", "method:func"), is(false)); - assertThat(auth.authorize("user", "method:func"), is(true)); + createAuthService(roles); + assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false)); + assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true)); } /** @@ -112,9 +111,9 @@ public class MicroServiceAuthTest { @Test public void testAuthUser() throws AAIAuthException { - AAIMicroServiceAuth auth = createStandardAuth(); - assertThat(auth.authenticate(VALID_ADMIN_USER, "GET:actions"), is(equalTo("OK"))); - assertThat(auth.authenticate(VALID_ADMIN_USER, "WRONG:action"), is(equalTo("AAI_9101"))); + createStandardAuth(); + assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false)); } @@ -158,10 +157,10 @@ public class MicroServiceAuthTest { * @throws AAIAuthException */ private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException { - assertThat(auth.authorize(adminUser, "GET:actions"), is(true)); - assertThat(auth.authorize(adminUser, "POST:actions"), is(true)); - assertThat(auth.authorize(adminUser, "PUT:actions"), is(true)); - assertThat(auth.authorize(adminUser, "DELETE:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true)); } private JSONArray createFunctionObject(String functionName) throws JSONException { |