diff options
4 files changed, 120 insertions, 79 deletions
diff --git a/src/main/java/org/onap/music/authentication/AuthUtil.java b/src/main/java/org/onap/music/authentication/AuthUtil.java index de9c2729..223fa74e 100644 --- a/src/main/java/org/onap/music/authentication/AuthUtil.java +++ b/src/main/java/org/onap/music/authentication/AuthUtil.java @@ -37,14 +37,16 @@ import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Permission; import org.onap.aaf.cadi.aaf.AAFPermission; import org.onap.music.eelf.logging.EELFLoggerDelegate; +import org.onap.music.exceptions.MusicAuthenticationException; public class AuthUtil { - private static final String decodeValueOfForwardSlash = "2f"; - private static final String decodeValueOfHyphen = "2d"; - private static final String decodeValueOfAsterisk = "2a"; private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AuthUtil.class); + private AuthUtil() { + throw new IllegalStateException("Utility class"); + } + /** * Get the list of permissions from the Request object. * @@ -104,20 +106,23 @@ public class AuthUtil { * @return returns the decoded string. * @throws Exception throws excpetion */ - public static String decodeFunctionCode(String str) throws Exception { + public static String decodeFunctionCode(String str) throws MusicAuthenticationException { + final String DECODEVALUE_FORWARDSLASH = "2f"; + final String DECODEVALUE_HYPHEN = "2d"; + final String DECODEVALUE_ASTERISK = "2a"; String decodedString = str; List<Pattern> decodingList = new ArrayList<>(); - decodingList.add(Pattern.compile(decodeValueOfForwardSlash)); - decodingList.add(Pattern.compile(decodeValueOfHyphen)); - decodingList.add(Pattern.compile(decodeValueOfAsterisk)); + decodingList.add(Pattern.compile(DECODEVALUE_FORWARDSLASH)); + decodingList.add(Pattern.compile(DECODEVALUE_HYPHEN)); + decodingList.add(Pattern.compile(DECODEVALUE_ASTERISK)); for (Pattern xssInputPattern : decodingList) { try { decodedString = decodedString.replaceAll("%" + xssInputPattern, new String(Hex.decodeHex(xssInputPattern.toString().toCharArray()))); } catch (DecoderException e) { - logger.error(EELFLoggerDelegate.applicationLogger, + logger.error(EELFLoggerDelegate.securityLogger, "AuthUtil Decode Failed! for instance: " + str); - throw new Exception("decode failed", e); + throw new MusicAuthenticationException("Decode failed", e); } } @@ -132,23 +137,21 @@ public class AuthUtil { * @return boolean value if the access is allowed * @throws Exception throws exception */ - public static boolean isAccessAllowed(ServletRequest request, String nameSpace) throws Exception { + public static boolean isAccessAllowed(ServletRequest request, String nameSpace) throws MusicAuthenticationException { if (request==null) { - throw new Exception("Request cannot be null"); + throw new MusicAuthenticationException("Request cannot be null"); } if (nameSpace==null || nameSpace.isEmpty()) { - throw new Exception("NameSpace not Declared!"); + throw new MusicAuthenticationException("NameSpace not Declared!"); } boolean isauthorized = false; List<AAFPermission> aafPermsList = getAAFPermissions(request); - //logger.info(EELFLoggerDelegate.applicationLogger, - // "AAFPermission of the requested MechId for all the namespaces: " + aafPermsList); - - logger.debug(EELFLoggerDelegate.applicationLogger, "Requested nameSpace: " + nameSpace); - + logger.info(EELFLoggerDelegate.securityLogger, + "AAFPermission of the requested MechId for all the namespaces: " + aafPermsList); + logger.debug(EELFLoggerDelegate.securityLogger, "Requested nameSpace: " + nameSpace); List<AAFPermission> aafPermsFinalList = filterNameSpacesAAFPermissions(nameSpace, aafPermsList); @@ -162,10 +165,10 @@ public class AuthUtil { logger.debug(EELFLoggerDelegate.securityLogger, "AuthUtil requestUri :::" + requestUri); - for (Iterator iterator = aafPermsFinalList.iterator(); iterator.hasNext();) { + for (Iterator<AAFPermission> iterator = aafPermsFinalList.iterator(); iterator.hasNext();) { AAFPermission aafPermission = (AAFPermission) iterator.next(); if(!isauthorized) { - isauthorized = isMatchPatternWithInstanceAndAction(aafPermission, requestUri, httpRequest.getMethod()); + isauthorized = isMatchPattern(aafPermission, requestUri, httpRequest.getMethod()); } } @@ -205,23 +208,21 @@ public class AuthUtil { * @return returns a boolean * @throws Exception - throws an exception */ - private static boolean isMatchPatternWithInstanceAndAction( + private static boolean isMatchPattern( AAFPermission aafPermission, String requestUri, - String method) throws Exception { + String method) throws MusicAuthenticationException { if (null == aafPermission || null == requestUri || null == method) { return false; } String permKey = aafPermission.getKey(); - logger.debug(EELFLoggerDelegate.auditLogger, "isMatchPattern permKey: " + logger.debug(EELFLoggerDelegate.securityLogger, "isMatchPattern permKey: " + permKey + ", requestUri " + requestUri + " ," + method); String[] keyArray = permKey.split("\\|"); String[] subPath = null; - //String type = null; - //type = keyArray[0]; String instance = keyArray[1]; String action = keyArray[2]; @@ -251,13 +252,7 @@ public class AuthUtil { subPath = path[i].split("\\."); for (int j = 0; j < subPath.length; j++) { if (instanceList.contains(subPath[j])) { - if ("*".equals(action) || "ALL".equalsIgnoreCase(action)) { - return true; - } else if (method.equalsIgnoreCase(action)) { - return true; - } else { - return false; - } + return checkAction(method,action); } else { continue; } @@ -265,4 +260,15 @@ public class AuthUtil { } return false; } + + private static boolean checkAction(String method, String action) { + if ("*".equals(action) || "ALL".equalsIgnoreCase(action)) { + return true; + } else { + return (method.equalsIgnoreCase(action)); + } + } + + + }
\ No newline at end of file diff --git a/src/main/java/org/onap/music/authentication/CadiAuthFilter.java b/src/main/java/org/onap/music/authentication/CadiAuthFilter.java index cd58d354..d043e6d6 100644 --- a/src/main/java/org/onap/music/authentication/CadiAuthFilter.java +++ b/src/main/java/org/onap/music/authentication/CadiAuthFilter.java @@ -58,13 +58,8 @@ public class CadiAuthFilter extends CadiFilter { public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { logger.info(EELFLoggerDelegate.securityLogger, "Request is entering cadifilter"); - long startTime = System.currentTimeMillis(); request.setAttribute("startTime", startTime); - super.doFilter(request, response, chain); - - //Commented by saumya (sp931a) on 04/11/19 for auth filter - //chain.doFilter(request, response); } }
\ No newline at end of file diff --git a/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java b/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java index a9930d88..bde3e205 100644 --- a/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java +++ b/src/main/java/org/onap/music/authentication/MusicAuthorizationFilter.java @@ -25,10 +25,6 @@ package org.onap.music.authentication; import java.io.IOException; -import java.util.Base64; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.Map; import javax.servlet.Filter; import javax.servlet.FilterChain; @@ -36,10 +32,10 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.music.eelf.logging.EELFLoggerDelegate; +import org.onap.music.exceptions.MusicAuthenticationException; import org.onap.music.main.MusicUtil; import com.fasterxml.jackson.databind.ObjectMapper; @@ -62,7 +58,7 @@ public class MusicAuthorizationFilter implements Filter { @Override public void init(FilterConfig filterConfig) throws ServletException { - + // Do Nothing } @Override @@ -83,9 +79,12 @@ public class MusicAuthorizationFilter implements Filter { try { isAuthAllowed = AuthUtil.isAccessAllowed(servletRequest, musicNS); - } catch (Exception e) { + } catch (MusicAuthenticationException e) { + logger.error(EELFLoggerDelegate.securityLogger, + "Error while checking authorization Music Namespace: " + musicNS + " : " + e.getMessage(),e); + } catch ( Exception e) { logger.error(EELFLoggerDelegate.securityLogger, - "Error while checking authorization Music Namespace: " + musicNS + " : " + e.getMessage()); + "Error while checking authorization Music Namespace: " + musicNS + " : " + e.getMessage(),e); } long endTime = System.currentTimeMillis(); @@ -119,39 +118,5 @@ public class MusicAuthorizationFilter implements Filter { String serialized = new ObjectMapper().writeValueAsString(eErrorResponse); return serialized.getBytes(); } - - private Map<String, String> getHeadersInfo(HttpServletRequest request) { - - Map<String, String> map = new HashMap<String, String>(); - - Enumeration headerNames = request.getHeaderNames(); - while (headerNames.hasMoreElements()) { - String key = (String) headerNames.nextElement(); - String value = request.getHeader(key); - map.put(key, value); - } - - return map; - } - - private static String getUserNamefromRequest(HttpServletRequest httpRequest) { - String authHeader = httpRequest.getHeader("Authorization"); - String username = null; - if (authHeader != null) { - String[] split = authHeader.split("\\s+"); - if (split.length > 0) { - String basic = split[0]; - - if ("Basic".equalsIgnoreCase(basic)) { - byte[] decodedBytes = Base64.getDecoder().decode(split[1]); - String decodedString = new String(decodedBytes); - int p = decodedString.indexOf(":"); - if (p != -1) { - username = decodedString.substring(0, p); - } - } - } - } - return username; - } } + diff --git a/src/main/java/org/onap/music/exceptions/MusicAuthenticationException.java b/src/main/java/org/onap/music/exceptions/MusicAuthenticationException.java new file mode 100644 index 00000000..ab44fd6e --- /dev/null +++ b/src/main/java/org/onap/music/exceptions/MusicAuthenticationException.java @@ -0,0 +1,75 @@ +/* + * ============LICENSE_START========================================== + * org.onap.music + * =================================================================== + * Copyright (c) 2019 AT&T Intellectual Property + * =================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================= + * ==================================================================== + */ + +package org.onap.music.exceptions; + +/** + * @author inam + * + */ +public class MusicAuthenticationException extends Exception { + + /** + * + */ + public MusicAuthenticationException() { + + } + + /** + * @param message + */ + public MusicAuthenticationException(String message) { + super(message); + + } + + /** + * @param cause + */ + public MusicAuthenticationException(Throwable cause) { + super(cause); + + } + + /** + * @param message + * @param cause + */ + public MusicAuthenticationException(String message, Throwable cause) { + super(message, cause); + + } + + /** + * @param message + * @param cause + * @param enableSuppression + * @param writableStackTrace + */ + public MusicAuthenticationException(String message, Throwable cause, boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + + } + +} |