diff options
Diffstat (limited to 'a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/controllers/authorization/AuthorizationCheck.java')
-rw-r--r-- | a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/controllers/authorization/AuthorizationCheck.java | 109 |
1 files changed, 109 insertions, 0 deletions
diff --git a/a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/controllers/authorization/AuthorizationCheck.java b/a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/controllers/authorization/AuthorizationCheck.java new file mode 100644 index 00000000..0f376c06 --- /dev/null +++ b/a1-policy-management/src/main/java/org/onap/ccsdk/oran/a1policymanagementservice/controllers/authorization/AuthorizationCheck.java @@ -0,0 +1,109 @@ +/*- + * ========================LICENSE_START================================= + * ONAP : ccsdk oran + * ====================================================================== + * Copyright (C) 2023 Nordix Foundation. All rights reserved. + * ====================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ========================LICENSE_END=================================== + */ + +package org.onap.ccsdk.oran.a1policymanagementservice.controllers.authorization; + +import com.google.gson.Gson; +import com.google.gson.GsonBuilder; + +import java.lang.invoke.MethodHandles; +import java.util.Map; + +import org.onap.ccsdk.oran.a1policymanagementservice.clients.AsyncRestClient; +import org.onap.ccsdk.oran.a1policymanagementservice.clients.AsyncRestClientFactory; +import org.onap.ccsdk.oran.a1policymanagementservice.clients.SecurityContext; +import org.onap.ccsdk.oran.a1policymanagementservice.configuration.ApplicationConfig; +import org.onap.ccsdk.oran.a1policymanagementservice.controllers.authorization.PolicyAuthorizationRequest.Input.AccessType; +import org.onap.ccsdk.oran.a1policymanagementservice.exceptions.ServiceException; +import org.onap.ccsdk.oran.a1policymanagementservice.repository.Policy; +import org.onap.ccsdk.oran.a1policymanagementservice.repository.PolicyType; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.http.HttpStatus; +import org.springframework.stereotype.Component; + +import reactor.core.publisher.Mono; + +@Component +public class AuthorizationCheck { + + private final ApplicationConfig applicationConfig; + private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass()); + private final AsyncRestClient restClient; + private static Gson gson = new GsonBuilder().disableHtmlEscaping().create(); + + public AuthorizationCheck(ApplicationConfig applicationConfig, SecurityContext securityContext) { + + this.applicationConfig = applicationConfig; + AsyncRestClientFactory restClientFactory = + new AsyncRestClientFactory(applicationConfig.getWebClientConfig(), securityContext); + this.restClient = restClientFactory.createRestClientUseHttpProxy(""); + } + + public Mono<Policy> doAccessControl(Map<String, String> receivedHttpHeaders, Policy policy, AccessType accessType) { + return doAccessControl(receivedHttpHeaders, policy.getType(), accessType) // + .map(x -> policy); + } + + public Mono<PolicyType> doAccessControl(Map<String, String> receivedHttpHeaders, PolicyType type, + AccessType accessType) { + if (this.applicationConfig.getAuthProviderUrl().isEmpty()) { + return Mono.just(type); + } + + String tkn = getAuthToken(receivedHttpHeaders); + PolicyAuthorizationRequest.Input input = PolicyAuthorizationRequest.Input.builder() // + .authToken(tkn) // + .policyTypeId(type.getId()) // + .accessType(accessType).build(); + + PolicyAuthorizationRequest req = PolicyAuthorizationRequest.builder().input(input).build(); + + String url = this.applicationConfig.getAuthProviderUrl(); + return this.restClient.post(url, gson.toJson(req)) // + .doOnError(t -> logger.warn("Error returned from auth server: {}", t.getMessage())) // + .onErrorResume(t -> Mono.just("")) // + .flatMap(this::checkAuthResult) // + .map(rsp -> type); + + } + + private String getAuthToken(Map<String, String> httpHeaders) { + String tkn = httpHeaders.get("authorization"); + if (tkn == null) { + logger.debug("No authorization token received in {}", httpHeaders); + return ""; + } + tkn = tkn.substring("Bearer ".length()); + return tkn; + } + + private Mono<String> checkAuthResult(String response) { + logger.debug("Auth result: {}", response); + try { + AuthorizationResult res = gson.fromJson(response, AuthorizationResult.class); + return res != null && res.isResult() ? Mono.just(response) + : Mono.error(new ServiceException("Not authorized", HttpStatus.UNAUTHORIZED)); + } catch (Exception e) { + return Mono.error(e); + } + } + +} |