From 512dcbf89f53113c21e5de3e7b0a56fe13ce44f3 Mon Sep 17 00:00:00 2001
From: "Maharajh, Robby (rx2202)" <rx2202@us.att.com>
Date: Thu, 17 Sep 2020 01:46:33 -0400
Subject: Update to use aai-common 1.7.2 and use common aaf auth

Issue-ID: AAI-3128
Change-Id: I2ae25a9990daa8eafd045229686a2d586b90f66a
Signed-off-by: Maharajh, Robby (rx2202) <rx2202@us.att.com>
---
 .../aai/config/aaf/AafAuthorizationFilter.java     | 96 ----------------------
 .../java/org/onap/aai/config/aaf/AafFilter.java    | 72 ----------------
 .../org/onap/aai/config/aaf/FilterPriority.java    | 35 --------
 .../config/aaf/PayloadBufferingRequestWrapper.java | 49 -----------
 .../org/onap/aai/config/aaf/ResponseFormatter.java | 48 -----------
 5 files changed, 300 deletions(-)
 delete mode 100644 aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java
 delete mode 100644 aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java
 delete mode 100644 aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java
 delete mode 100644 aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java
 delete mode 100644 aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java

(limited to 'aai-traversal/src/main')

diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java
deleted file mode 100644
index 4cfcb91..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafAuthorizationFilter.java
+++ /dev/null
@@ -1,96 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import org.apache.commons.io.IOUtils;
-import org.onap.aai.Profiles;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
-import org.springframework.context.annotation.Profile;
-import org.springframework.context.annotation.PropertySource;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-
-/**
- * AAF authorization filter
- */
-
-@Component
-@Profile(Profiles.AAF_AUTHENTICATION)
-@PropertySource("file:${server.local.startpath}/aaf/permissions.properties")
-public class AafAuthorizationFilter extends OrderedRequestContextFilter {
-
-    private static final EELFLogger logger = EELFManager.getInstance().getLogger(AafAuthorizationFilter.class.getName());
-
-    private static final String ADVANCED = "advanced";
-    private static final String BASIC = "basic";
-    private static final String ECHO_ENDPOINT = "^.*/util/echo$";
-
-    @Value("${permission.type}")
-    String type;
-
-    @Value("${permission.instance}")
-    String instance;
-
-    public AafAuthorizationFilter() {
-        this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority());
-    }
-
-    @Override
-    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
-
-        PayloadBufferingRequestWrapper request = new PayloadBufferingRequestWrapper(req);
-
-        if(request.getRequestURI().matches(ECHO_ENDPOINT)){
-            filterChain.doFilter(request, response);
-        }
-
-        String payload = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.name());
-        boolean containsWordGremlin = payload.contains("\"gremlin\"");
-
-        //if the request contains the word "gremlin" it's an "advanced" query needing an "advanced" role
-        String permissionBasic = String.format("%s|%s|%s", type, instance, ADVANCED);
-        String permissionAdvanced = String.format("%s|%s|%s", type, instance, BASIC);
-
-        boolean isAuthorized;
-
-        if(containsWordGremlin){
-            isAuthorized = request.isUserInRole(permissionAdvanced);
-        }else{
-            isAuthorized = request.isUserInRole(permissionAdvanced) || request.isUserInRole(permissionBasic);
-        }
-
-        if(!isAuthorized){
-            String name = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : "unknown";
-            logger.info("User " + name + " does not have a role for " + (containsWordGremlin ? "gremlin" : "non-gremlin") + " query" );
-            response.setStatus(403);
-        }else{
-            filterChain.doFilter(request,response);
-        }
-    }
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java
deleted file mode 100644
index 6ab97ac..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/AafFilter.java
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-import org.onap.aaf.cadi.PropAccess;
-import org.onap.aaf.cadi.filter.CadiFilter;
-import org.onap.aai.Profiles;
-import org.onap.aai.TraversalApp;
-import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
-import org.springframework.context.annotation.Profile;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Properties;
-
-import static org.onap.aai.config.aaf.ResponseFormatter.errorResponse;
-
-/**
- * AAF authentication filter
- */
-
-@Component
-@Profile(Profiles.AAF_AUTHENTICATION)
-public class AafFilter extends OrderedRequestContextFilter {
-
-    private static final EELFLogger log = EELFManager.getInstance().getLogger(AafFilter.class.getName());
-
-    private final CadiFilter cadiFilter;
-
-    public AafFilter() throws IOException, ServletException {
-        Properties cadiProperties = new Properties();
-        cadiProperties.load(TraversalApp.class.getClassLoader().getResourceAsStream("cadi.properties"));
-        cadiFilter = new CadiFilter(new PropAccess(cadiProperties));
-        this.setOrder(FilterPriority.AAF_AUTHENTICATION.getPriority());
-    }
-
-    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
-        if(!request.getRequestURI().matches("^.*/util/echo$")) {
-            cadiFilter.doFilter(request, response, filterChain);
-            if (response.getStatus() == 401 || response.getStatus() == 403) {
-                log.info("User does not have permissions to run the query" );
-                errorResponse(request, response);
-            }
-        }
-    }
-
-
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java
deleted file mode 100644
index 910db69..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/FilterPriority.java
+++ /dev/null
@@ -1,35 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import org.springframework.core.Ordered;
-
-public enum FilterPriority {
-    AAF_AUTHENTICATION(Ordered.HIGHEST_PRECEDENCE),
-    AAF_AUTHORIZATION(Ordered.HIGHEST_PRECEDENCE + 1); //higher number = lower priority
-
-    private final int priority;
-
-    FilterPriority(final int p) {
-        priority = p;
-    }
-
-    public int getPriority() { return priority; }
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java
deleted file mode 100644
index ea0260c..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/PayloadBufferingRequestWrapper.java
+++ /dev/null
@@ -1,49 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import org.apache.commons.io.IOUtils;
-import org.onap.aaf.cadi.BufferedServletInputStream;
-
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import java.io.*;
-
-/**
- * This class buffers the payload of the servlet request. The reason is that we access the payload multiple times,
- * which is not supported by the request per se.
- */
-
-class PayloadBufferingRequestWrapper extends HttpServletRequestWrapper {
-
-    private byte[] buffer;
-
-    PayloadBufferingRequestWrapper(HttpServletRequest req) throws IOException {
-        super(req);
-        this.buffer = IOUtils.toByteArray(req.getInputStream());
-    }
-
-    @Override
-    public ServletInputStream getInputStream() {
-        ByteArrayInputStream bais = new ByteArrayInputStream(this.buffer);
-        return new BufferedServletInputStream(bais);
-    }
-}
diff --git a/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java b/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java
deleted file mode 100644
index 0fc64bc..0000000
--- a/aai-traversal/src/main/java/org/onap/aai/config/aaf/ResponseFormatter.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/**
- * ============LICENSE_START=======================================================
- * org.onap.aai
- * ================================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *    http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-package org.onap.aai.config.aaf;
-
-import org.onap.aai.exceptions.AAIException;
-import org.onap.aai.logging.ErrorLogHelper;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.ws.rs.core.MediaType;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Collections;
-
-class ResponseFormatter {
-
-    private static final String ACCEPT_HEADER = "accept";
-
-    static void errorResponse(HttpServletRequest request, HttpServletResponse response) throws IOException {
-        if (response.isCommitted()){
-            return;
-        }
-
-        String accept = request.getHeader(ACCEPT_HEADER) == null ? MediaType.APPLICATION_XML : request.getHeader(ACCEPT_HEADER);
-        AAIException aaie = new AAIException("AAI_3300");
-        response.setStatus(aaie.getErrorObject().getHTTPResponseCode().getStatusCode());
-        response.resetBuffer();
-        response.getOutputStream().print(ErrorLogHelper.getRESTAPIErrorResponse(Collections.singletonList(MediaType.valueOf(accept)), aaie, new ArrayList<>()));
-        response.flushBuffer();
-    }
-}
-- 
cgit 1.2.3-korg