aboutsummaryrefslogtreecommitdiffstats
path: root/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
diff options
context:
space:
mode:
Diffstat (limited to 'src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java')
-rw-r--r--src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java37
1 files changed, 26 insertions, 11 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
index 3b76ae46..e2ac74c7 100644
--- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
+++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java
@@ -25,6 +25,7 @@ import java.util.Base64;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.onap.dcae.ApplicationSettings;
+import org.onap.dcae.common.configuration.AuthMethodType;
import org.onap.dcaegen2.services.sdk.security.CryptPassword;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,37 +35,51 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
private final CryptPassword cryptPassword = new CryptPassword();
- private final ApplicationSettings applicationSettings;
+ private final ApplicationSettings settings;
+ private Logger errorLogger;
- private Logger errorLog;
- ApiAuthInterceptor(ApplicationSettings applicationSettings, Logger errorLog) {
- this.applicationSettings = applicationSettings;
- this.errorLog = errorLog;
+ public ApiAuthInterceptor(ApplicationSettings applicationSettings, Logger errorLogger) {
+ this.settings = applicationSettings;
+ this.errorLogger = errorLogger;
}
@Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
- Object handler) throws IOException {
- if (applicationSettings.authorizationEnabled()) {
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+ throws IOException {
+
+ if(settings.authMethod().equalsIgnoreCase(AuthMethodType.CERT_BASIC_AUTH.value())){
+ if (request.getAttribute("javax.servlet.request.X509Certificate") != null){
+ LOG.info("Request is authorized by certificate ");
+ return true;
+ }
+ }
+
+ if (isBasicAuth()) {
String authorizationHeader = request.getHeader("Authorization");
if (authorizationHeader == null || !isAuthorized(authorizationHeader)) {
- response.setStatus(400);
- errorLog.error("EVENT_RECEIPT_FAILURE: Unauthorized user");
+ response.setStatus(401);
+ errorLogger.error("EVENT_RECEIPT_FAILURE: Unauthorized user");
response.getWriter().write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
return false;
}
+ LOG.info("Request is authorized by basic auth");
}
return true;
}
+ private boolean isBasicAuth() {
+ return settings.authMethod().equalsIgnoreCase(AuthMethodType.BASIC_AUTH.value())
+ || settings.authMethod().equalsIgnoreCase(AuthMethodType.CERT_BASIC_AUTH.value());
+ }
+
private boolean isAuthorized(String authorizationHeader) {
try {
String encodedData = authorizationHeader.split(" ")[1];
String decodedData = new String(Base64.getDecoder().decode(encodedData));
String providedUser = decodedData.split(":")[0].trim();
String providedPassword = decodedData.split(":")[1].trim();
- Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
+ Option<String> maybeSavedPassword = settings.validAuthorizationCredentials().get(providedUser);
boolean userRegistered = maybeSavedPassword.isDefined();
return userRegistered && cryptPassword.matches(providedPassword,maybeSavedPassword.get());
} catch (Exception e) {