From f5af91a6d58108d3380c5a2d68f5189e33ee72b6 Mon Sep 17 00:00:00 2001 From: Neil Derraugh Date: Wed, 9 Sep 2020 19:04:09 -0400 Subject: Pass roles to HttpEntry - Pass roles to HttpEntry so that OwnerCheck can verify owning-entity Issue-ID: AAI-3177 Signed-off-by: Neil Derraugh Change-Id: Ie1536c625be3637fc62658d74690bddcde0a4cba --- .../java/org/onap/aai/rest/LegacyMoxyConsumer.java | 41 ++++++++++++++++------ .../main/resources/etc/appprops/error.properties | 1 + 2 files changed, 31 insertions(+), 11 deletions(-) (limited to 'aai-resources/src') diff --git a/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java b/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java index 8939d04..4f7049d 100644 --- a/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java +++ b/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java @@ -20,7 +20,10 @@ package org.onap.aai.rest; import io.swagger.jaxrs.PATCH; +import java.security.Principal; import org.javatuples.Pair; +import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount; +import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken; import org.onap.aai.concurrent.AaiCallable; import org.onap.aai.config.SpringContextAware; import org.onap.aai.exceptions.AAIException; @@ -72,8 +75,9 @@ public class LegacyMoxyConsumer extends RESTAPI { @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) public Response update (String content, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) { - MediaType mediaType = headers.getMediaType(); - return this.handleWrites(mediaType, HttpMethod.PUT, content, versionParam, uri, headers, info); + Set roles = getRoles(req.getUserPrincipal()); + MediaType mediaType = headers.getMediaType(); + return this.handleWrites(mediaType, HttpMethod.PUT, content, versionParam, uri, headers, info, roles); } /** @@ -162,9 +166,9 @@ public class LegacyMoxyConsumer extends RESTAPI { @Consumes({ "application/merge-patch+json" }) @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) public Response patch (String content, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) { - + Set roles = getRoles(req.getUserPrincipal()); MediaType mediaType = MediaType.APPLICATION_JSON_TYPE; - return this.handleWrites(mediaType, HttpMethod.MERGE_PATCH, content, versionParam, uri, headers, info); + return this.handleWrites(mediaType, HttpMethod.MERGE_PATCH, content, versionParam, uri, headers, info, roles); } @@ -186,7 +190,9 @@ public class LegacyMoxyConsumer extends RESTAPI { @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML }) public Response getLegacy (String content, @DefaultValue("-1") @QueryParam("resultIndex") String resultIndex, @DefaultValue("-1") @QueryParam("resultSize") String resultSize, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @DefaultValue("all") @QueryParam("depth") String depthParam, @DefaultValue("false") @QueryParam("cleanup") String cleanUp, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) { - return runner(AAIConstants.AAI_CRUD_TIMEOUT_ENABLED, + Set roles = getRoles(req.getUserPrincipal()); + + return runner(AAIConstants.AAI_CRUD_TIMEOUT_ENABLED, AAIConstants.AAI_CRUD_TIMEOUT_APP, AAIConstants.AAI_CRUD_TIMEOUT_LIMIT, headers, @@ -195,13 +201,13 @@ public class LegacyMoxyConsumer extends RESTAPI { new AaiCallable() { @Override public Response process() { - return getLegacy(content, versionParam, uri, depthParam, cleanUp, headers, info, req, new HashSet(), resultIndex, resultSize); + return getLegacy(content, versionParam, uri, depthParam, cleanUp, headers, info, req, new HashSet(), resultIndex, resultSize, roles); } } ); } - /** + /** * This method exists as a workaround for filtering out undesired query params while routing between REST consumers * * @param content @@ -215,7 +221,7 @@ public class LegacyMoxyConsumer extends RESTAPI { * @param removeQueryParams * @return */ - public Response getLegacy(String content, String versionParam, String uri, String depthParam, String cleanUp, HttpHeaders headers, UriInfo info, HttpServletRequest req, Set removeQueryParams, String resultIndex, String resultSize) { + public Response getLegacy(String content, String versionParam, String uri, String depthParam, String cleanUp, HttpHeaders headers, UriInfo info, HttpServletRequest req, Set removeQueryParams, String resultIndex, String resultSize, Set roles) { String sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId"); String transId = headers.getRequestHeaders().getFirst("X-TransactionId"); Response response; @@ -256,7 +262,7 @@ public class LegacyMoxyConsumer extends RESTAPI { traversalUriHttpEntry.setPaginationIndex(Integer.parseInt(resultIndex)); traversalUriHttpEntry.setPaginationBucket(Integer.parseInt(resultSize)); } - Pair>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth); + Pair>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth, roles); response = responsesTuple.getValue1().get(0).getValue1(); @@ -577,7 +583,7 @@ public class LegacyMoxyConsumer extends RESTAPI { * @param info the info * @return the response */ - private Response handleWrites(MediaType mediaType, HttpMethod method, String content, String versionParam, String uri, HttpHeaders headers, UriInfo info) { + private Response handleWrites(MediaType mediaType, HttpMethod method, String content, String versionParam, String uri, HttpHeaders headers, UriInfo info, Set roles) { Response response; TransactionalGraphEngine dbEngine = null; @@ -623,7 +629,7 @@ public class LegacyMoxyConsumer extends RESTAPI { .rawRequestContent(content).build(); List requests = new ArrayList<>(); requests.add(request); - Pair>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth); + Pair>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth, roles); response = responsesTuple.getValue1().get(0).getValue1(); success = responsesTuple.getValue0(); @@ -660,4 +666,17 @@ public class LegacyMoxyConsumer extends RESTAPI { protected boolean isEmptyObject(Introspector obj) { return "{}".equals(obj.marshal(false)); } + + private Set getRoles(Principal userPrincipal) { + KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) userPrincipal; + if (token == null) { + return Collections.EMPTY_SET; + } + SimpleKeycloakAccount account = (SimpleKeycloakAccount) token.getDetails(); + if (account == null) { + return Collections.EMPTY_SET; + } + return account.getRoles(); + } } + diff --git a/aai-resources/src/main/resources/etc/appprops/error.properties b/aai-resources/src/main/resources/etc/appprops/error.properties index 6e5630c..86d5337 100644 --- a/aai-resources/src/main/resources/etc/appprops/error.properties +++ b/aai-resources/src/main/resources/etc/appprops/error.properties @@ -47,6 +47,7 @@ AAI_3300=5:1:WARN:3300:403:3300:Unauthorized:100 AAI_3301=5:1:WARN:3301:401:3301:Stale credentials:100 AAI_3302=5:1:WARN:3302:401:3301:Not authenticated:100 AAI_3303=5:1:WARN:3303:403:3300:Too many objects would be returned by this request, please refine your request and retry:500 +AAI_3304=5:1:WARN:3304:403:3300:Group not authorized:400 #--- aaigen: 4000-4099 AAI_4000=5:4:ERROR:4000:500:3002:Internal Error:900 -- cgit 1.2.3-korg