diff options
Diffstat (limited to 'src/main/java/org/onap/music/authentication')
-rwxr-xr-x | src/main/java/org/onap/music/authentication/CachingUtil.java | 14 | ||||
-rw-r--r-- | src/main/java/org/onap/music/authentication/CadiAuthFilter.java | 110 | ||||
-rw-r--r-- | src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java (renamed from src/main/java/org/onap/music/authentication/MusicAuthentication.java) | 115 | ||||
-rw-r--r-- | src/main/java/org/onap/music/authentication/MusicAuthenticator.java | 6 |
4 files changed, 117 insertions, 128 deletions
diff --git a/src/main/java/org/onap/music/authentication/CachingUtil.java b/src/main/java/org/onap/music/authentication/CachingUtil.java index 80eed1e6..5c379c6e 100755 --- a/src/main/java/org/onap/music/authentication/CachingUtil.java +++ b/src/main/java/org/onap/music/authentication/CachingUtil.java @@ -72,7 +72,6 @@ public class CachingUtil implements Runnable { private static CacheAccess<String, Map<String, String>> musicValidateCache = JCS.getInstance("musicValidateCache"); private static Map<String, Number> userAttempts = new HashMap<>(); private static Map<String, Calendar> lastFailedTime = new HashMap<>(); - private static CacheAccess<String, PreparedStatement> queryBank = JCS.getInstance("statementBank"); private static CacheAccess<String, String> adminUserCache = JCS.getInstance("adminUserCache"); public static CacheAccess<String, String> getAdminUserCache() { @@ -83,19 +82,6 @@ public class CachingUtil implements Runnable { adminUserCache.put(authorization,userId); } - - public static void updateStatementBank(String query,PreparedStatement statement) { - queryBank.put(query, statement); - } - - public static void resetStatementBank() { - queryBank.clear(); - } - - public static CacheAccess<String, PreparedStatement> getStatementBank() { - return queryBank; - } - private static final String USERNAME="username"; private static final String PASSWORD="password"; diff --git a/src/main/java/org/onap/music/authentication/CadiAuthFilter.java b/src/main/java/org/onap/music/authentication/CadiAuthFilter.java new file mode 100644 index 00000000..56371c7d --- /dev/null +++ b/src/main/java/org/onap/music/authentication/CadiAuthFilter.java @@ -0,0 +1,110 @@ +/* + * ============LICENSE_START========================================== + * org.onap.music + * =================================================================== + * Copyright (c) 2017 AT&T Intellectual Property + * =================================================================== + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================= + * ==================================================================== + */ + +package org.onap.music.authentication; +import java.util.ArrayList; +import java.util.List; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.http.HttpServletRequest; + +import com.att.eelf.configuration.EELFLogger; +import org.onap.aaf.cadi.CadiWrap; +import org.onap.aaf.cadi.Permission; +import org.onap.aaf.cadi.PropAccess; +import org.onap.aaf.cadi.aaf.AAFPermission; +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.music.eelf.logging.EELFLoggerDelegate; +import org.onap.music.main.MusicCore; + +public class CadiAuthFilter extends CadiFilter { + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(CadiAuthFilter.class); + + public CadiAuthFilter(PropAccess access) throws ServletException { + super(true, access); + } + + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + } + + + private boolean matchPattern(String requestedPath, String includeUrl) { + includeUrl = includeUrl.substring(1); + String[] path = requestedPath.split("/"); + if (path.length > 1) { + String[] roleFunctionArray = includeUrl.split("/"); + boolean match = true; + for (int i = 0; i < roleFunctionArray.length; i++) { + if (match) { + if (!"*".equals(roleFunctionArray[i])) { + Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE); + Matcher m = p.matcher(roleFunctionArray[i]); + match = m.matches(); + } else if (roleFunctionArray[i].equals("*")) { + match = true; + } + + } + } + if (match) + return match; + } else { + if (requestedPath.matches(includeUrl)) + return true; + else if ("*".equals(includeUrl)) + return true; + } + return false; + } + + + public static List<AAFPermission> getAAFPermissions(HttpServletRequest request) { + CadiWrap wrapReq = (CadiWrap) request; + List<Permission> perms = wrapReq.getPermissions(wrapReq.getUserPrincipal()); + List<AAFPermission> aafPermsList = new ArrayList<>(); + for (Permission perm : perms) { + AAFPermission aafPerm = (AAFPermission) perm; + aafPermsList.add(aafPerm); + logger.info(aafPerm.toString()); + logger.info(aafPerm.getType()); + } + return aafPermsList; + } + + public static List<AAFPermission> getAAFPermissions(ServletRequest request) { + CadiWrap wrapReq = (CadiWrap) request; + List<Permission> perms = wrapReq.getPermissions(wrapReq.getUserPrincipal()); + List<AAFPermission> aafPermsList = new ArrayList<>(); + for (Permission perm : perms) { + AAFPermission aafPerm = (AAFPermission) perm; + aafPermsList.add(aafPerm); + } + return aafPermsList; + } + +}
\ No newline at end of file diff --git a/src/main/java/org/onap/music/authentication/MusicAuthentication.java b/src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java index 6c38e6df..2d0d4e59 100644 --- a/src/main/java/org/onap/music/authentication/MusicAuthentication.java +++ b/src/main/java/org/onap/music/authentication/MusicAAFAuthentication.java @@ -44,121 +44,10 @@ import com.sun.jersey.api.client.Client; import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.WebResource; -public class MusicAuthentication implements MusicAuthenticator { +public class MusicAAFAuthentication implements MusicAuthenticator { - private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicAuthentication.class); + private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicAAFAuthentication.class); - /** - * authenticate user logic - * - * @param nameSpace - * @param userId - * @param password - * @param keyspace - * @param aid - * @param operation - * @return - * @throws Exception - */ - @Deprecated - public static Map<String, Object> autheticateUser(String nameSpace, String userId, - String password, String keyspace, String aid, String operation) { - logger.info(EELFLoggerDelegate.applicationLogger,"Inside User Authentication......."); - Map<String, Object> resultMap = new HashMap<>(); - String uuid = null; - if(! MusicUtil.getIsCadi()) { - resultMap = CachingUtil.validateRequest(nameSpace, userId, password, keyspace, aid, - operation); - if (!resultMap.isEmpty()) - return resultMap; - String isAAFApp = null; - try { - isAAFApp= CachingUtil.isAAFApplication(nameSpace); - } catch(MusicServiceException e) { - logger.error(e.getErrorMessage(), e); - resultMap.put("Exception", e.getMessage()); - return resultMap; - } - if(isAAFApp == null) { - resultMap.put("Exception", "Namespace: "+nameSpace+" doesn't exist. Please make sure ns(appName)" - + " is correct and Application is onboarded."); - return resultMap; - } - boolean isAAF = Boolean.parseBoolean(isAAFApp); - if (userId == null || password == null) { - logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); - logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing. userId: " + userId - + " :: password: " + password); - resultMap.put("Exception", - "UserId and Password are mandatory for the operation " + operation); - return resultMap; - } - if(!isAAF && !(operation.equals("createKeySpace"))) { - resultMap = CachingUtil.authenticateAIDUser(nameSpace, userId, password, keyspace); - if (!resultMap.isEmpty()) - return resultMap; - - } - if (isAAF && nameSpace != null && userId != null && password != null) { - boolean isValid = true; - try { - isValid = CachingUtil.authenticateAAFUser(nameSpace, userId, password, keyspace); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.errorLogger,"Error while aaf authentication for user:" + userId); - logger.error(EELFLoggerDelegate.errorLogger,"Error: "+ e.getMessage()); - logger.error(EELFLoggerDelegate.errorLogger,e.getMessage(), AppMessages.AUTHENTICATIONERROR ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); - logger.error(EELFLoggerDelegate.errorLogger,"Got exception while AAF authentication for namespace " + nameSpace); - resultMap.put("Exception", e.getMessage()); - } - if (!isValid) { - logger.error(EELFLoggerDelegate.errorLogger,"User not authenticated...", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); - resultMap.put("Exception", "User not authenticated..."); - } - if (!resultMap.isEmpty()) - return resultMap; - - } - } else { - - String cachedKS = CachingUtil.getKSFromCadiCache(userId); - if(cachedKS != null && !cachedKS.equals(keyspace)) { - resultMap.put("Exception", "User not authenticated to access this keyspace..."); - } - } - - if (operation.equals("createKeySpace")) { - logger.info(EELFLoggerDelegate.applicationLogger,"AID is not provided. Creating new UUID for keyspace."); - PreparedQueryObject pQuery = new PreparedQueryObject(); - pQuery.appendQueryString( - "select uuid from admin.keyspace_master where application_name=? and username=? and keyspace_name=? allow filtering"); - try { - pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), nameSpace)); - pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), userId)); - pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), - MusicUtil.DEFAULTKEYSPACENAME)); - } catch (Exception e1) { - logger.error(EELFLoggerDelegate.errorLogger, e1, "Can not authenticate for createkeyspace", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); - resultMap.put("Exception", "Cannot authenticate for createKeyspace"); - return resultMap; - } - - - try { - Row rs = MusicCore.get(pQuery).one(); - uuid = rs.getUUID("uuid").toString(); - resultMap.put("uuid", "existing"); - } catch (Exception e) { - logger.error(EELFLoggerDelegate.applicationLogger,"No UUID found in DB. So creating new UUID."); - uuid = MusicUtil.generateUUID(); - resultMap.put("uuid", "new"); - } - resultMap.put("aid", uuid); - CachingUtil.updateCadiCache(userId, keyspace); - } - - return resultMap; - } - @Override public boolean authenticateAdmin(String authorization) { logger.info(EELFLoggerDelegate.applicationLogger, "MusicCore.authenticateAdmin: "); diff --git a/src/main/java/org/onap/music/authentication/MusicAuthenticator.java b/src/main/java/org/onap/music/authentication/MusicAuthenticator.java index 0b1fd5c8..78f76ab1 100644 --- a/src/main/java/org/onap/music/authentication/MusicAuthenticator.java +++ b/src/main/java/org/onap/music/authentication/MusicAuthenticator.java @@ -33,7 +33,11 @@ public interface MusicAuthenticator { DELETE_FROM_TABLE, DROP_TABLE, SELECT_CRITICAL, - SELECT + SELECT, + CREATE_LOCKREF, + ACQUIRE_LOCK, + CURRENT_LOCK, + DELETE_LOCK } /** |