diff options
Diffstat (limited to 'src/main/java')
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java | 33 | ||||
-rw-r--r-- | src/main/java/org/onap/dcae/restapi/ApiConfiguration.java | 49 |
2 files changed, 23 insertions, 59 deletions
diff --git a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java index 6259ea20..9b387b84 100644 --- a/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java +++ b/src/main/java/org/onap/dcae/restapi/ApiAuthInterceptor.java @@ -23,7 +23,11 @@ import io.vavr.control.Option; import java.io.IOException; import java.security.cert.X509Certificate; import java.util.Base64; -import java.util.stream.Collectors; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.dcae.ApplicationSettings; @@ -32,9 +36,10 @@ import org.onap.dcae.common.configuration.SubjectMatcher; import org.onap.dcaegen2.services.sdk.security.CryptPassword; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; +import org.springframework.stereotype.Component; -final class ApiAuthInterceptor extends HandlerInterceptorAdapter { +@Component +public class ApiAuthInterceptor implements Filter { private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class); private static final String CERTIFICATE_X_509 = "javax.servlet.request.X509Certificate"; @@ -48,24 +53,32 @@ final class ApiAuthInterceptor extends HandlerInterceptorAdapter { this.errorLogger = errorLogger; } - @Override - public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) - throws IOException { + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { SubjectMatcher subjectMatcher = new SubjectMatcher(settings,(X509Certificate[]) request.getAttribute(CERTIFICATE_X_509)); if(settings.authMethod().equalsIgnoreCase(AuthMethodType.CERT_ONLY.value())){ - return validateCertRequest(response, subjectMatcher); + if( validateCertRequest((HttpServletResponse )response, subjectMatcher)){ + chain.doFilter(request, response); + return; + } + return; } if(isCertSubject(subjectMatcher)){ - return true; + chain.doFilter(request, response); + return; } if (isBasicAuth() ) { - return validateBasicHeader(request, response); + if(validateBasicHeader((HttpServletRequest)request, (HttpServletResponse)response)){ + chain.doFilter(request, response); + return; + } + return; } - return true; + chain.doFilter(request, response); } private boolean validateBasicHeader(HttpServletRequest request, HttpServletResponse response) diff --git a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java b/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java deleted file mode 100644 index c44e0d45..00000000 --- a/src/main/java/org/onap/dcae/restapi/ApiConfiguration.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * ============LICENSE_START======================================================= - * PROJECT - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * Copyright (C) 2018 Nokia. All rights reserved.s - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.dcae.restapi; - -import org.onap.dcae.ApplicationSettings; -import org.slf4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.annotation.Configuration; -import org.springframework.web.servlet.config.annotation.EnableWebMvc; -import org.springframework.web.servlet.config.annotation.InterceptorRegistry; -import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; - -@EnableWebMvc -@Configuration -public class ApiConfiguration implements WebMvcConfigurer { - - private final ApplicationSettings applicationSettings; - private Logger errorLogger; - - @Autowired - ApiConfiguration(ApplicationSettings applicationSettings, Logger errorLogger) { - this.applicationSettings = applicationSettings; - this.errorLogger = errorLogger; - } - - @Override - public void addInterceptors(InterceptorRegistry registry) { - registry.addInterceptor(new ApiAuthInterceptor(applicationSettings, errorLogger)); - } -} |