summaryrefslogtreecommitdiffstats
path: root/aai-traversal/src
diff options
context:
space:
mode:
Diffstat (limited to 'aai-traversal/src')
-rw-r--r--aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java96
-rw-r--r--aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java72
-rw-r--r--aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java35
-rw-r--r--aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java49
-rw-r--r--aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java48
5 files changed, 0 insertions, 300 deletions
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java
deleted file mode 100644
index 4cfcb91..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import org.apache.commons.io.IOUtils;
-import org.onap.aai.Profiles;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
-import org.springframework.context.annotation.Profile;
-import org.springframework.context.annotation.PropertySource;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-
-/**
- * AAF authorization filter
- */
-
-@Component
-@Profile(Profiles.AAF_AUTHENTICATION)
-@PropertySource("file:${server.local.startpath}/aaf/permissions.properties")
-public class AafAuthorizationFilter extends OrderedRequestContextFilter {
-
- private static final EELFLogger logger = EELFManager.getInstance().getLogger(AafAuthorizationFilter.class.getName());
-
- private static final String ADVANCED = "advanced";
- private static final String BASIC = "basic";
- private static final String ECHO_ENDPOINT = "^.*/util/echo$";
-
- @Value("${permission.type}")
- String type;
-
- @Value("${permission.instance}")
- String instance;
-
- public AafAuthorizationFilter() {
- this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority());
- }
-
- @Override
- protected void doFilterInternal(HttpServletRequest req, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
-
- PayloadBufferingRequestWrapper request = new PayloadBufferingRequestWrapper(req);
-
- if(request.getRequestURI().matches(ECHO_ENDPOINT)){
- filterChain.doFilter(request, response);
- }
-
- String payload = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.name());
- boolean containsWordGremlin = payload.contains("\"gremlin\"");
-
- //if the request contains the word "gremlin" it's an "advanced" query needing an "advanced" role
- String permissionBasic = String.format("%s|%s|%s", type, instance, ADVANCED);
- String permissionAdvanced = String.format("%s|%s|%s", type, instance, BASIC);
-
- boolean isAuthorized;
-
- if(containsWordGremlin){
- isAuthorized = request.isUserInRole(permissionAdvanced);
- }else{
- isAuthorized = request.isUserInRole(permissionAdvanced) || request.isUserInRole(permissionBasic);
- }
-
- if(!isAuthorized){
- String name = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : "unknown";
- logger.info("User " + name + " does not have a role for " + (containsWordGremlin ? "gremlin" : "non-gremlin") + " query" );
- response.setStatus(403);
- }else{
- filterChain.doFilter(request,response);
- }
- }
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java
deleted file mode 100644
index 6ab97ac..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.filter.CadiFilter;
-import org.onap.aai.Profiles;
-import org.onap.aai.TraversalApp;
-import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
-import org.springframework.context.annotation.Profile;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Properties;
-
-import static org.onap.aai.config.aaf.ResponseFormatter.errorResponse;
-
-/**
- * AAF authentication filter
- */
-
-@Component
-@Profile(Profiles.AAF_AUTHENTICATION)
-public class AafFilter extends OrderedRequestContextFilter {
-
- private static final EELFLogger log = EELFManager.getInstance().getLogger(AafFilter.class.getName());
-
- private final CadiFilter cadiFilter;
-
- public AafFilter() throws IOException, ServletException {
- Properties cadiProperties = new Properties();
- cadiProperties.load(TraversalApp.class.getClassLoader().getResourceAsStream("cadi.properties"));
- cadiFilter = new CadiFilter(new PropAccess(cadiProperties));
- this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority());
- }
-
- @Override
- protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
- if(!request.getRequestURI().matches("^.*/util/echo$")) {
- cadiFilter.doFilter(request, response, filterChain);
- if (response.getStatus() == 401 || response.getStatus() == 403) {
- log.info("User does not have permissions to run the query" );
- errorResponse(request, response);
- }
- }
- }
-
-
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java
deleted file mode 100644
index 910db69..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import org.springframework.core.Ordered;
-
-public enum FilterPriority {
- AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE),
- AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1); //higher number = lower priority
-
- private final int priority;
-
- FilterPriority(final int p) {
- priority = p;
- }
-
- public int getPriority() { return priority; }
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java
deleted file mode 100644
index ea0260c..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import org.apache.commons.io.IOUtils;
-import org.onap.aaf.cadi.BufferedServletInputStream;
-
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import java.io.*;
-
-/**
- * This class buffers the payload of the servlet request. The reason is that we access the payload multiple times,
- * which is not supported by the request per se.
- */
-
-class PayloadBufferingRequestWrapper extends HttpServletRequestWrapper {
-
- private byte[] buffer;
-
- PayloadBufferingRequestWrapper(HttpServletRequest req) throws IOException {
- super(req);
- this.buffer = IOUtils.toByteArray(req.getInputStream());
- }
-
- @Override
- public ServletInputStream getInputStream() {
- ByteArrayInputStream bais = new ByteArrayInputStream(this.buffer);
- return new BufferedServletInputStream(bais);
- }
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java
deleted file mode 100644
index 0fc64bc..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import org.onap.aai.exceptions.AAIException;
-import org.onap.aai.logging.ErrorLogHelper;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.MediaType;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-
-class ResponseFormatter {
-
- private static final String ACCEPT_HEADER = "accept";
-
- static void errorResponse(HttpServletRequest request, HttpServletResponse response) throws IOException {
- if (response.isCommitted()){
- return;
- }
-
- String accept = request.getHeader(ACCEPT_HEADER) == null ? MediaType.APPLICATION_XML : request.getHeader(ACCEPT_HEADER);
- AAIException aaie = new AAIException("AAI_3300");
- response.setStatus(aaie.getErrorObject().getHTTPResponseCode().getStatusCode());
- response.resetBuffer();
- response.getOutputStream().print(ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)), aaie, new ArrayList<>()));
- response.flushBuffer();
- }
-}