1 files changed, 19 insertions, 43 deletions

diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java
index 511b9509..4a35f458 100644
--- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java
+++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java
@@ -5,6 +5,8 @@
  * Copyright (C) 2019 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
+ * Modifications Copyright (c) 2019 Samsung
+ * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
@@ -39,8 +41,6 @@ import org.onap.clamp.util.PrincipalUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContext;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
 
 /**
@@ -57,12 +57,8 @@ public class AuthorizationController {
     @Autowired
     private ClampProperties refProp;
 
-    private SecurityContext securityContext = SecurityContextHolder.getContext();
-    private static final String permPrefix = "security.permission.type.";
-    private static final String permInstance = "security.permission.instance";
-
-    public AuthorizationController() {
-    }
+    private static final String PERM_PREFIX = "security.permission.type.";
+    private static final String PERM_INSTANCE = "security.permission.instance";
 
     /**
      * Insert authorize the api based on the permission
@@ -77,8 +73,8 @@ public class AuthorizationController {
      *        The action of the permissions. e.g. read
      */
     public void authorize(Exchange camelExchange, String typeVar, String instanceVar, String action) {
-        String type = refProp.getStringValue(permPrefix + typeVar);
-        String instance = refProp.getStringValue(permInstance);
+        String type = refProp.getStringValue(PERM_PREFIX + typeVar);
+        String instance = refProp.getStringValue(PERM_INSTANCE);
 
         if (null == type || type.isEmpty()) {
             //authorization is turned off, since the permission is not defined
@@ -93,9 +89,8 @@ public class AuthorizationController {
         LoggingUtils.setTargetContext("Clamp", "authorize");
         LoggingUtils.setTimeContext(startTime, new Date());
         securityLogger.debug("checking if {} has permission: {}", principalName, perm);
-        try {
-            isUserPermitted(perm);
-        } catch (NotAuthorizedException nae) {
+
+        if (!isUserPermitted(perm)){
             String msg = principalName + " does not have permission: " + perm;
             LoggingUtils.setErrorContext("100", "Authorization Error");
             securityLogger.warn(msg);
@@ -103,45 +98,26 @@ public class AuthorizationController {
         }
     }
 
-    private boolean isUserPermitted(SecureServicePermission inPermission) {
-        boolean authorized = false;
+    public boolean isUserPermitted(SecureServicePermission inPermission) {
+
         String principalName = PrincipalUtils.getPrincipalName();
         // check if the user has the permission key or the permission key with a
         // combination of  all instance and/or all action.
-        if (hasRole(inPermission.getKey())) {
-            auditLogger.info("{} authorized because user has permission with * for instance: {}", 
-                  principalName, inPermission.getKey());
-            authorized = true;
+        if (hasRole(inPermission.getKey()) || hasRole(inPermission.getKeyAllInstance())) {
+            auditLogger.info("{} authorized because user has permission with * for instance: {}",
+                    principalName, inPermission.getKey());
+            return true;
             // the rest of these don't seem to be required - isUserInRole method
             // appears to take * as a wildcard
-        } else if (hasRole(inPermission.getKeyAllInstance())) {
-            auditLogger.info("{} authorized because user has permission with * for instance: {}", 
-                  principalName, inPermission.getKey());
-            authorized = true;
         } else if (hasRole(inPermission.getKeyAllInstanceAction())) {
-            auditLogger.info("{} authorized because user has permission with * for instance and * for action: {}", 
-                  principalName, inPermission.getKey());
-            authorized = true;
+            auditLogger.info("{} authorized because user has permission with * for instance and * for action: {}",
+                    principalName, inPermission.getKey());
+            return true;
         } else if (hasRole(inPermission.getKeyAllAction())) {
             auditLogger.info("{} authorized because user has permission with * for action: {}",
-                  principalName, inPermission.getKey());
-            authorized = true;
+                    principalName, inPermission.getKey());
+            return true;
         } else {
-            throw new NotAuthorizedException("");
-        }
-        return authorized;
-    }
-
-    /**
-     * Verify whether the user has the permission.
-     *
-     * @param inPermission
-     *        The permissions to verify
-     */
-    public boolean isUserPermittedNoException(SecureServicePermission inPermission) {
-        try {
-            return isUserPermitted(inPermission);
-        } catch (NotAuthorizedException e) {
             return false;
         }
     }