Port to java 17

Update to java 17 / springboot 3 to align with OpenDaylight Argon. Copied and ported CADI library from AAF Issue-ID: CCSDK-3917 Signed-off-by: Dan Timoney <dtimoney@att.com> Change-Id: Idecb0cf43c48ccbbc0c61bf4278b87a37f92a56e
author: Dan Timoney <dtimoney@att.com> 2023-06-19 16:05:33 -0400
committer: Dan Timoney <dtimoney@att.com> 2023-08-10 14:48:32 -0400
commit: 6a7f13fa7e284cbec5b0743c10fdd33286aaf2ec (patch)
tree: 42fa7649ca8f912af8d47f35bad4b284369fae9d /cadi/core/src/main/java/org/onap/ccsdk/apps/cadi/filter/PathFilter.java
parent: a76d3f0de616b542baea9360e80a921f5f028a78 (diff)
1 files changed, 180 insertions, 0 deletions
diff --git a/cadi/core/src/main/java/org/onap/ccsdk/apps/cadi/filter/PathFilter.java b/cadi/core/src/main/java/org/onap/ccsdk/apps/cadi/filter/PathFilter.java
new file mode 100644
index 00000000..458a4440
--- /dev/null
+++ b/cadi/core/src/main/java/org/onap/ccsdk/apps/cadi/filter/PathFilter.java
@@ -0,0 +1,180 @@
+/**
+ * ============LICENSE_START====================================================
+ * org.onap.ccsdk
+ * ===========================================================================
+ * Copyright (c) 2023 AT&T Intellectual Property. All rights reserved.
+ * ===========================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END====================================================
+ *
+ */
+
+package org.onap.ccsdk.apps.cadi.filter;
+
+import java.io.IOException;
+
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.FilterConfig;
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import org.onap.ccsdk.apps.cadi.Access;
+import org.onap.ccsdk.apps.cadi.Access.Level;
+import org.onap.ccsdk.apps.cadi.config.Config;
+
+/**
+ * PathFilter
+ *
+ * This class implements Servlet Filter, and uses AAF to validate access to a Path.
+ *
+ * This class can be used in a standard J2EE Servlet manner.
+ *
+ * @author Jonathan, collaborating with Xue Gao
+ *
+ */
+public class PathFilter implements Filter {
+    private final Log log;
+
+    private ServletContext context;
+    private String aafType;
+    private String notAuthorizedMsg;
+
+    /**
+     * Construct a viable Filter for installing in Container WEB.XML, etc.
+     *
+     */
+    public PathFilter() {
+        log = new Log() {
+            public void info(String ... msg) {
+                context.log(build("INFO:", msg));
+            }
+            public void audit(String ... msg) {
+                context.log(build("AUDIT:", msg));
+            }
+            private String build(String type, String []msg) {
+                StringBuilder sb = new StringBuilder(type);
+                for (String s : msg) {
+                    sb.append(' ');
+                    sb.append(s);
+                }
+                return sb.toString();
+            }
+        };
+    }
+
+    /**
+     * Filter that can be constructed within Java
+     * @param access
+     */
+    public PathFilter(final Access access) {
+        log = new Log() {
+            public void info(String ... msg) {
+                access.log(Level.INFO, (Object[])msg);
+            }
+            public void audit(String ... msg) {
+                access.log(Level.AUDIT, (Object[])msg);
+            }
+        };
+    }
+
+    /**
+     * Init
+     *
+     * Standard Filter "init" call with FilterConfig to obtain properties.  POJOs can construct a
+     * FilterConfig with the mechanism of their choice, and standard J2EE Servlet engines utilize this
+     * mechanism already.
+     */
+    public void init(FilterConfig filterConfig) throws ServletException {
+        // need the Context for Logging, instantiating ClassLoader, etc
+        context = filterConfig.getServletContext();
+        StringBuilder sb = new StringBuilder();
+        StringBuilder err = new StringBuilder();
+        Object attr = context.getAttribute(Config.PATHFILTER_NS);
+        if (attr == null) {
+            err.append("PathFilter - pathfilter_ns is not set");
+        } else {
+            sb.append(attr.toString());
+        }
+
+        attr = context.getAttribute(Config.PATHFILTER_STACK);
+        if (attr == null) {
+            log.info("PathFilter - No pathfilter_stack set, ignoring");
+        } else {
+            sb.append('.');
+            sb.append(attr.toString());
+        }
+
+        attr = context.getAttribute(Config.PATHFILTER_URLPATTERN);
+        if (attr == null) {
+            log.info("PathFilter - No pathfilter_urlpattern set, defaulting to 'urlpattern'");
+            sb.append(".urlpattern");
+        } else {
+            sb.append('.');
+            sb.append(attr.toString());
+        }
+
+        log.info("PathFilter - AAF Permission Type is", sb.toString());
+
+        sb.append('|');
+
+        aafType = sb.toString();
+
+        attr = context.getAttribute(Config.PATHFILTER_NOT_AUTHORIZED_MSG);
+        if (attr == null) {
+            notAuthorizedMsg = "Forbidden - Not Authorized to access this Path";
+        } else {
+            notAuthorizedMsg = attr.toString();
+        }
+
+        if (err.length() > 0) {
+            throw new ServletException(err.toString());
+        }
+    }
+
+    private interface Log {
+        public void info(String ... msg);
+        public void audit(String ... msg);
+    }
+
+    /**
+     * doFilter
+     *
+     * This is the standard J2EE invocation.  Analyze the request, modify response as necessary, and
+     * only call the next item in the filterChain if request is suitably Authenticated.
+     */
+    //TODO Always validate changes against Tomcat AbsCadiValve and Jaspi CadiSAM functions
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest hreq = (HttpServletRequest)request;
+        HttpServletResponse hresp = (HttpServletResponse)response;
+        String perm = aafType + hreq.getPathInfo() + '|' + hreq.getMethod();
+        if (hreq.isUserInRole(perm)) {
+            chain.doFilter(request, response);
+        } else {
+            log.audit("PathFilter has denied", hreq.getUserPrincipal().getName(), "access to", perm);
+            hresp.sendError(403, notAuthorizedMsg);
+        }
+    }
+
+    /**
+     * Containers call "destroy" when time to cleanup
+     */
+    public void destroy() {
+        log.info("PathFilter destroyed.");
+    }
+
+}
author	Dan Timoney <dtimoney@att.com>	2023-06-19 16:05:33 -0400
committer	Dan Timoney <dtimoney@att.com>	2023-08-10 14:48:32 -0400
commit	6a7f13fa7e284cbec5b0743c10fdd33286aaf2ec (patch)
tree	42fa7649ca8f912af8d47f35bad4b284369fae9d /cadi/core/src/main/java/org/onap/ccsdk/apps/cadi/filter/PathFilter.java
parent	a76d3f0de616b542baea9360e80a921f5f028a78 (diff)