diff options
Diffstat (limited to 'aai-traversal')
6 files changed, 1 insertions, 301 deletions
diff --git a/aai-traversal/pom.xml b/aai-traversal/pom.xml index ae9a333..5848ee1 100644 --- a/aai-traversal/pom.xml +++ b/aai-traversal/pom.xml @@ -28,7 +28,7 @@ <parent> <groupId>org.onap.aai.traversal</groupId> <artifactId>traversal</artifactId> - <version>1.7.1-SNAPSHOT</version> + <version>1.7.2-SNAPSHOT</version> </parent> <groupId>org.onap.aai.traversal</groupId> <artifactId>aai-traversal</artifactId> diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java deleted file mode 100644 index 4cfcb91..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java +++ /dev/null @@ -1,96 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.config.aaf; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import org.apache.commons.io.IOUtils; -import org.onap.aai.Profiles; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; -import org.springframework.context.annotation.Profile; -import org.springframework.context.annotation.PropertySource; -import org.springframework.stereotype.Component; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.nio.charset.StandardCharsets; - -/** - * AAF authorization filter - */ - -@Component -@Profile(Profiles.AAF_AUTHENTICATION) -@PropertySource("file:${server.local.startpath}/aaf/permissions.properties") -public class AafAuthorizationFilter extends OrderedRequestContextFilter { - - private static final EELFLogger logger = EELFManager.getInstance().getLogger(AafAuthorizationFilter.class.getName()); - - private static final String ADVANCED = "advanced"; - private static final String BASIC = "basic"; - private static final String ECHO_ENDPOINT = "^.*/util/echo$"; - - @Value("${permission.type}") - String type; - - @Value("${permission.instance}") - String instance; - - public AafAuthorizationFilter() { - this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority()); - } - - @Override - protected void doFilterInternal(HttpServletRequest req, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { - - PayloadBufferingRequestWrapper request = new PayloadBufferingRequestWrapper(req); - - if(request.getRequestURI().matches(ECHO_ENDPOINT)){ - filterChain.doFilter(request, response); - } - - String payload = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.name()); - boolean containsWordGremlin = payload.contains("\"gremlin\""); - - //if the request contains the word "gremlin" it's an "advanced" query needing an "advanced" role - String permissionBasic = String.format("%s|%s|%s", type, instance, ADVANCED); - String permissionAdvanced = String.format("%s|%s|%s", type, instance, BASIC); - - boolean isAuthorized; - - if(containsWordGremlin){ - isAuthorized = request.isUserInRole(permissionAdvanced); - }else{ - isAuthorized = request.isUserInRole(permissionAdvanced) || request.isUserInRole(permissionBasic); - } - - if(!isAuthorized){ - String name = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : "unknown"; - logger.info("User " + name + " does not have a role for " + (containsWordGremlin ? "gremlin" : "non-gremlin") + " query" ); - response.setStatus(403); - }else{ - filterChain.doFilter(request,response); - } - } -} diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java deleted file mode 100644 index 6ab97ac..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java +++ /dev/null @@ -1,72 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.config.aaf; - -import com.att.eelf.configuration.EELFLogger; -import com.att.eelf.configuration.EELFManager; -import org.onap.aaf.cadi.PropAccess; -import org.onap.aaf.cadi.filter.CadiFilter; -import org.onap.aai.Profiles; -import org.onap.aai.TraversalApp; -import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter; -import org.springframework.context.annotation.Profile; -import org.springframework.stereotype.Component; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.Properties; - -import static org.onap.aai.config.aaf.ResponseFormatter.errorResponse; - -/** - * AAF authentication filter - */ - -@Component -@Profile(Profiles.AAF_AUTHENTICATION) -public class AafFilter extends OrderedRequestContextFilter { - - private static final EELFLogger log = EELFManager.getInstance().getLogger(AafFilter.class.getName()); - - private final CadiFilter cadiFilter; - - public AafFilter() throws IOException, ServletException { - Properties cadiProperties = new Properties(); - cadiProperties.load(TraversalApp.class.getClassLoader().getResourceAsStream("cadi.properties")); - cadiFilter = new CadiFilter(new PropAccess(cadiProperties)); - this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority()); - } - - @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException { - if(!request.getRequestURI().matches("^.*/util/echo$")) { - cadiFilter.doFilter(request, response, filterChain); - if (response.getStatus() == 401 || response.getStatus() == 403) { - log.info("User does not have permissions to run the query" ); - errorResponse(request, response); - } - } - } - - -} diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java deleted file mode 100644 index 910db69..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java +++ /dev/null @@ -1,35 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.config.aaf; - -import org.springframework.core.Ordered; - -public enum FilterPriority { - AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE), - AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1); //higher number = lower priority - - private final int priority; - - FilterPriority(final int p) { - priority = p; - } - - public int getPriority() { return priority; } -} diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java deleted file mode 100644 index ea0260c..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java +++ /dev/null @@ -1,49 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.config.aaf; - -import org.apache.commons.io.IOUtils; -import org.onap.aaf.cadi.BufferedServletInputStream; - -import javax.servlet.ServletInputStream; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; -import java.io.*; - -/** - * This class buffers the payload of the servlet request. The reason is that we access the payload multiple times, - * which is not supported by the request per se. - */ - -class PayloadBufferingRequestWrapper extends HttpServletRequestWrapper { - - private byte[] buffer; - - PayloadBufferingRequestWrapper(HttpServletRequest req) throws IOException { - super(req); - this.buffer = IOUtils.toByteArray(req.getInputStream()); - } - - @Override - public ServletInputStream getInputStream() { - ByteArrayInputStream bais = new ByteArrayInputStream(this.buffer); - return new BufferedServletInputStream(bais); - } -} diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java deleted file mode 100644 index 0fc64bc..0000000 --- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java +++ /dev/null @@ -1,48 +0,0 @@ -/** - * ============LICENSE_START======================================================= - * org.onap.aai - * ================================================================================ - * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ -package org.onap.aai.config.aaf; - -import org.onap.aai.exceptions.AAIException; -import org.onap.aai.logging.ErrorLogHelper; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.ws.rs.core.MediaType; -import java.io.IOException; -import java.util.ArrayList; -import java.util.Collections; - -class ResponseFormatter { - - private static final String ACCEPT_HEADER = "accept"; - - static void errorResponse(HttpServletRequest request, HttpServletResponse response) throws IOException { - if (response.isCommitted()){ - return; - } - - String accept = request.getHeader(ACCEPT_HEADER) == null ? MediaType.APPLICATION_XML : request.getHeader(ACCEPT_HEADER); - AAIException aaie = new AAIException("AAI_3300"); - response.setStatus(aaie.getErrorObject().getHTTPResponseCode().getStatusCode()); - response.resetBuffer(); - response.getOutputStream().print(ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)), aaie, new ArrayList<>())); - response.flushBuffer(); - } -} |