summaryrefslogtreecommitdiffstats
path: root/aai-resources
diff options
context:
space:
mode:
authorNeil Derraugh <neil.derraugh@yoppworks.com>2020-09-09 19:04:09 -0400
committerNeil Derraugh <neil.derraugh@yoppworks.com>2020-09-11 14:30:45 +0000
commitf5af91a6d58108d3380c5a2d68f5189e33ee72b6 (patch)
treedb0cbb59552b9aeb6d8b16a37db0604d251d03a1 /aai-resources
parent66747460c4dc42ad2c37951632f9982398561951 (diff)
Pass roles to HttpEntry
- Pass roles to HttpEntry so that OwnerCheck can verify owning-entity Issue-ID: AAI-3177 Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com> Change-Id: Ie1536c625be3637fc62658d74690bddcde0a4cba
Diffstat (limited to 'aai-resources')
-rw-r--r--aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java41
-rw-r--r--aai-resources/src/main/resources/etc/appprops/error.properties1
2 files changed, 31 insertions, 11 deletions
diff --git a/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java b/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java
index 8939d04..4f7049d 100644
--- a/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java
+++ b/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java
@@ -20,7 +20,10 @@
package org.onap.aai.rest;
import io.swagger.jaxrs.PATCH;
+import java.security.Principal;
import org.javatuples.Pair;
+import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
import org.onap.aai.concurrent.AaiCallable;
import org.onap.aai.config.SpringContextAware;
import org.onap.aai.exceptions.AAIException;
@@ -72,8 +75,9 @@ public class LegacyMoxyConsumer extends RESTAPI {
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response update (String content, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) {
- MediaType mediaType = headers.getMediaType();
- return this.handleWrites(mediaType, HttpMethod.PUT, content, versionParam, uri, headers, info);
+ Set<String> roles = getRoles(req.getUserPrincipal());
+ MediaType mediaType = headers.getMediaType();
+ return this.handleWrites(mediaType, HttpMethod.PUT, content, versionParam, uri, headers, info, roles);
}
/**
@@ -162,9 +166,9 @@ public class LegacyMoxyConsumer extends RESTAPI {
@Consumes({ "application/merge-patch+json" })
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response patch (String content, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) {
-
+ Set<String> roles = getRoles(req.getUserPrincipal());
MediaType mediaType = MediaType.APPLICATION_JSON_TYPE;
- return this.handleWrites(mediaType, HttpMethod.MERGE_PATCH, content, versionParam, uri, headers, info);
+ return this.handleWrites(mediaType, HttpMethod.MERGE_PATCH, content, versionParam, uri, headers, info, roles);
}
@@ -186,7 +190,9 @@ public class LegacyMoxyConsumer extends RESTAPI {
@Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
@Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
public Response getLegacy (String content, @DefaultValue("-1") @QueryParam("resultIndex") String resultIndex, @DefaultValue("-1") @QueryParam("resultSize") String resultSize, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @DefaultValue("all") @QueryParam("depth") String depthParam, @DefaultValue("false") @QueryParam("cleanup") String cleanUp, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) {
- return runner(AAIConstants.AAI_CRUD_TIMEOUT_ENABLED,
+ Set<String> roles = getRoles(req.getUserPrincipal());
+
+ return runner(AAIConstants.AAI_CRUD_TIMEOUT_ENABLED,
AAIConstants.AAI_CRUD_TIMEOUT_APP,
AAIConstants.AAI_CRUD_TIMEOUT_LIMIT,
headers,
@@ -195,13 +201,13 @@ public class LegacyMoxyConsumer extends RESTAPI {
new AaiCallable<Response>() {
@Override
public Response process() {
- return getLegacy(content, versionParam, uri, depthParam, cleanUp, headers, info, req, new HashSet<String>(), resultIndex, resultSize);
+ return getLegacy(content, versionParam, uri, depthParam, cleanUp, headers, info, req, new HashSet<String>(), resultIndex, resultSize, roles);
}
}
);
}
- /**
+ /**
* This method exists as a workaround for filtering out undesired query params while routing between REST consumers
*
* @param content
@@ -215,7 +221,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
* @param removeQueryParams
* @return
*/
- public Response getLegacy(String content, String versionParam, String uri, String depthParam, String cleanUp, HttpHeaders headers, UriInfo info, HttpServletRequest req, Set<String> removeQueryParams, String resultIndex, String resultSize) {
+ public Response getLegacy(String content, String versionParam, String uri, String depthParam, String cleanUp, HttpHeaders headers, UriInfo info, HttpServletRequest req, Set<String> removeQueryParams, String resultIndex, String resultSize, Set<String> roles) {
String sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId");
String transId = headers.getRequestHeaders().getFirst("X-TransactionId");
Response response;
@@ -256,7 +262,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
traversalUriHttpEntry.setPaginationIndex(Integer.parseInt(resultIndex));
traversalUriHttpEntry.setPaginationBucket(Integer.parseInt(resultSize));
}
- Pair<Boolean, List<Pair<URI, Response>>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth);
+ Pair<Boolean, List<Pair<URI, Response>>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth, roles);
response = responsesTuple.getValue1().get(0).getValue1();
@@ -577,7 +583,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
* @param info the info
* @return the response
*/
- private Response handleWrites(MediaType mediaType, HttpMethod method, String content, String versionParam, String uri, HttpHeaders headers, UriInfo info) {
+ private Response handleWrites(MediaType mediaType, HttpMethod method, String content, String versionParam, String uri, HttpHeaders headers, UriInfo info, Set<String> roles) {
Response response;
TransactionalGraphEngine dbEngine = null;
@@ -623,7 +629,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
.rawRequestContent(content).build();
List<DBRequest> requests = new ArrayList<>();
requests.add(request);
- Pair<Boolean, List<Pair<URI, Response>>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth);
+ Pair<Boolean, List<Pair<URI, Response>>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth, roles);
response = responsesTuple.getValue1().get(0).getValue1();
success = responsesTuple.getValue0();
@@ -660,4 +666,17 @@ public class LegacyMoxyConsumer extends RESTAPI {
protected boolean isEmptyObject(Introspector obj) {
return "{}".equals(obj.marshal(false));
}
+
+ private Set<String> getRoles(Principal userPrincipal) {
+ KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) userPrincipal;
+ if (token == null) {
+ return Collections.EMPTY_SET;
+ }
+ SimpleKeycloakAccount account = (SimpleKeycloakAccount) token.getDetails();
+ if (account == null) {
+ return Collections.EMPTY_SET;
+ }
+ return account.getRoles();
+ }
}
+
diff --git a/aai-resources/src/main/resources/etc/appprops/error.properties b/aai-resources/src/main/resources/etc/appprops/error.properties
index 6e5630c..86d5337 100644
--- a/aai-resources/src/main/resources/etc/appprops/error.properties
+++ b/aai-resources/src/main/resources/etc/appprops/error.properties
@@ -47,6 +47,7 @@ AAI_3300=5:1:WARN:3300:403:3300:Unauthorized:100
AAI_3301=5:1:WARN:3301:401:3301:Stale credentials:100
AAI_3302=5:1:WARN:3302:401:3301:Not authenticated:100
AAI_3303=5:1:WARN:3303:403:3300:Too many objects would be returned by this request, please refine your request and retry:500
+AAI_3304=5:1:WARN:3304:403:3300:Group not authorized:400
#--- aaigen: 4000-4099
AAI_4000=5:4:ERROR:4000:500:3002:Internal Error:900