summaryrefslogtreecommitdiffstats
path: root/src/main/java
diff options
context:
space:
mode:
authorTomek Kaminski <tomasz.kaminski@nokia.com>2019-06-06 15:16:36 +0200
committerTomek Kaminski <tomasz.kaminski@nokia.com>2019-06-06 15:16:36 +0200
commit93d5487de40e143e4e22d3eb856543ab29b34ab5 (patch)
tree3eeb802963daa874530fe75633a2664988646aca /src/main/java
parent32a312c7094841489ee5611d8c9fca55382954bd (diff)
DMaaPAuthFilter refactor
- added client certificate handling - fixed forceAAF flag reading Issue-ID: DMAAP-1214 Signed-off-by: Tomek Kaminski <tomasz.kaminski@nokia.com> Change-Id: Icaa80cc40f8c6b50f36096c205d67d14cdbebd2a
Diffstat (limited to 'src/main/java')
-rw-r--r--src/main/java/org/onap/dmaap/util/DMaaPAuthFilter.java116
1 files changed, 63 insertions, 53 deletions
diff --git a/src/main/java/org/onap/dmaap/util/DMaaPAuthFilter.java b/src/main/java/org/onap/dmaap/util/DMaaPAuthFilter.java
index 547c4cd..5c7170b 100644
--- a/src/main/java/org/onap/dmaap/util/DMaaPAuthFilter.java
+++ b/src/main/java/org/onap/dmaap/util/DMaaPAuthFilter.java
@@ -8,19 +8,20 @@
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
-*
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
- *
+ *
* ECOMP is a trademark and service mark of AT&T Intellectual Property.
- *
+ *
*******************************************************************************/
- package org.onap.dmaap.util;
+package org.onap.dmaap.util;
+import com.att.ajsc.filemonitor.AJSCPropertiesMap;
import java.io.IOException;
import javax.servlet.FilterChain;
@@ -29,62 +30,71 @@ import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
+import org.onap.dmaap.dmf.mr.constants.CambriaConstants;
import org.onap.dmaap.dmf.mr.utils.Utils;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import org.springframework.stereotype.Component;
import org.onap.aaf.cadi.filter.CadiFilter;
-//import ajsc.external.plugins.cadi.AjscCadiFilter;
-import javax.servlet.FilterConfig;
/**
- * This is a Servlet Filter class
- * overriding the AjscCadiFilter
- */
-@Component
+ * This is a Servlet Filter class overriding the AjscCadiFilter
+ */
+@Component
public class DMaaPAuthFilter extends CadiFilter {
-
- //private Logger log = Logger.getLogger(DMaaPAuthFilter.class.toString());
-
- private static final EELFLogger log = EELFManager.getInstance().getLogger(DMaaPAuthFilter.class);
-
- public DMaaPAuthFilter() throws Exception {
- super();
- }
-
- /* public void init(FilterConfig filterConfig) throws ServletException {
-
- super.init(filterConfig);
- System.out.println("---------------------------- in init method");
- }*/
-
- /**
- * This method will disable Cadi Authentication
- * if cambria headers are present in the request
- * else continue with Cadi Authentication
- */
- @Override
- public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException,
- ServletException {
- log.info("inside servlet filter Cambria Auth Headers checking before doing other Authentication");
- HttpServletRequest request = (HttpServletRequest) req;
- boolean forceAAF = Boolean.valueOf(System.getProperty("forceAAF"));
-
- //if (forceAAF || null != request.getHeader("Authorization") ){
- if (Utils.isCadiEnabled()&&(forceAAF || null != request.getHeader("Authorization") ||
- (null != request.getHeader("AppName") && request.getHeader("AppName").equalsIgnoreCase("invenio") &&
- null != request.getHeader("cookie")))){
- super.doFilter(req, res, chain);
-
- } else {
- System.setProperty("CadiAuthN", "authentication-scheme-2");
- chain.doFilter(req, res);
-
-
- }
-
- }
-
- }
+
+ private static final String FORCE_AAF_FLAG = "forceAAF";
+ static final String X509_ATTR = "javax.servlet.request.X509Certificate";
+ static final String AUTH_HEADER = "Authorization";
+ static final String APP_HEADER = "AppName";
+ static final String COOKIE_HEADER = "cookie";
+ private static final EELFLogger log = EELFManager.getInstance().getLogger(DMaaPAuthFilter.class);
+
+ public DMaaPAuthFilter() {
+ super();
+ }
+
+ /**
+ * This method will disable Cadi Authentication if cambria headers are present in the request else continue with
+ * Cadi Authentication
+ */
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
+ log.info("inside servlet filter Cambria Auth Headers checking before doing other Authentication");
+ if (shouldFilterWithCADI((HttpServletRequest) req)) {
+ super.doFilter(req, res, chain);
+ } else {
+ System.setProperty("CadiAuthN", "authentication-scheme-2");
+ chain.doFilter(req, res);
+ }
+ }
+
+ boolean shouldFilterWithCADI(HttpServletRequest request) {
+ return isCadiEnabled() &&
+ (isAAFforced() || isAuthDataProvided(request) || isInvenioApp(request));
+ }
+
+ private boolean isAuthDataProvided(HttpServletRequest request) {
+ return (null != request.getHeader(AUTH_HEADER)) || hasClientCertificate(request);
+ }
+
+ private boolean isInvenioApp(HttpServletRequest request) {
+ return (null != request.getHeader(APP_HEADER)) && request.getHeader(APP_HEADER).equalsIgnoreCase("invenio") &&
+ (null != request.getHeader(COOKIE_HEADER));
+ }
+
+ private boolean hasClientCertificate(HttpServletRequest request) {
+ return request.getAttribute(X509_ATTR) != null;
+ }
+
+ boolean isCadiEnabled() {
+ return Utils.isCadiEnabled();
+ }
+
+ boolean isAAFforced() {
+ return Boolean.valueOf(AJSCPropertiesMap.getProperty(CambriaConstants.msgRtr_prop, FORCE_AAF_FLAG));
+ }
+
+}