diff options
Diffstat (limited to 'src/main/java/org/onap/dmaap/dmf/mr/security/DMaaPAuthenticatorImpl.java')
-rw-r--r-- | src/main/java/org/onap/dmaap/dmf/mr/security/DMaaPAuthenticatorImpl.java | 132 |
1 files changed, 132 insertions, 0 deletions
diff --git a/src/main/java/org/onap/dmaap/dmf/mr/security/DMaaPAuthenticatorImpl.java b/src/main/java/org/onap/dmaap/dmf/mr/security/DMaaPAuthenticatorImpl.java new file mode 100644 index 0000000..0fd1a5c --- /dev/null +++ b/src/main/java/org/onap/dmaap/dmf/mr/security/DMaaPAuthenticatorImpl.java @@ -0,0 +1,132 @@ +/******************************************************************************* + * ============LICENSE_START======================================================= + * org.onap.dmaap + * ================================================================================ + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * http://www.apache.org/licenses/LICENSE-2.0 +* + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + * + *******************************************************************************/ +package org.onap.dmaap.dmf.mr.security; + +import com.att.nsa.security.NsaApiKey; +import com.att.nsa.security.db.NsaApiDb; +import com.att.nsa.security.db.simple.NsaSimpleApiKey; +import org.onap.dmaap.dmf.mr.beans.DMaaPContext; +import org.onap.dmaap.dmf.mr.security.impl.DMaaPOriginalUebAuthenticator; + +import javax.servlet.http.HttpServletRequest; +import java.util.LinkedList; + +/** + * + * @author anowarul.islam + * + * @param <K> + */ +public class DMaaPAuthenticatorImpl<K extends NsaApiKey> implements DMaaPAuthenticator<K> { + + private final LinkedList<DMaaPAuthenticator<K>> fAuthenticators; + + + + // Setting timeout to a large value for testing purpose. + + // 10 minutes + private static final long kDefaultRequestTimeWindow = 1000L * 60 * 10 * 10 * 10 * 10 * 10; + + /** + * Construct the security manager against an API key database + * + * @param db + * the API key db + */ + public DMaaPAuthenticatorImpl(NsaApiDb<K> db) { + this(db, kDefaultRequestTimeWindow); + } + + + + + /** + * Construct the security manager against an API key database with a + * specific request time window size + * + * @param db + * the API key db + * @param authTimeWindowMs + * the size of the time window for request authentication + */ + public DMaaPAuthenticatorImpl(NsaApiDb<K> db, long authTimeWindowMs) { + fAuthenticators = new LinkedList<>(); + + fAuthenticators.add(new DMaaPOriginalUebAuthenticator<K>(db, authTimeWindowMs)); + } + + /** + * Authenticate a user's request. This method returns the API key if the + * user is authentic, null otherwise. + * + * @param ctx + * @return an api key record, or null + */ + public K authenticate(DMaaPContext ctx) { + final HttpServletRequest req = ctx.getRequest(); + for (DMaaPAuthenticator<K> a : fAuthenticators) { + if (a.qualify(req)) { + final K k = a.isAuthentic(req); + if (k != null) + return k; + } + // else: this request doesn't look right to the authenticator + } + return null; + } + + /** + * Get the user associated with the incoming request, or null if the user is + * not authenticated. + * + * @param ctx + * @return + */ + public static NsaSimpleApiKey getAuthenticatedUser(DMaaPContext ctx) { + final DMaaPAuthenticator<NsaSimpleApiKey> m = ctx.getConfigReader().getfSecurityManager(); + return m.authenticate(ctx); + } + + /** + * method by default returning false + * @param req + * @return false + */ + public boolean qualify(HttpServletRequest req) { + return false; + } +/** + * method by default returning null + * @param req + * @return null + */ + public K isAuthentic(HttpServletRequest req) { + return null; + } + + public void addAuthenticator ( DMaaPAuthenticator<K> a ) + { + this.fAuthenticators.add(a); + } + +} |