/* * ============LICENSE_START========================================== * org.onap.music * =================================================================== * Copyright (c) 2017 AT&T Intellectual Property * =================================================================== * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * ============LICENSE_END============================================= * ==================================================================== */ package org.onap.music.authentication; import java.util.HashMap; import java.util.Map; import javax.ws.rs.core.MediaType; import org.apache.commons.jcs.access.CacheAccess; import org.onap.music.datastore.PreparedQueryObject; import org.onap.music.eelf.logging.EELFLoggerDelegate; import org.onap.music.eelf.logging.format.AppMessages; import org.onap.music.eelf.logging.format.ErrorSeverity; import org.onap.music.eelf.logging.format.ErrorTypes; import org.onap.music.exceptions.MusicServiceException; import org.onap.music.authentication.MusicAuthenticator.Operation; import org.onap.music.main.MusicCore; import org.onap.music.main.MusicUtil; import com.datastax.driver.core.DataType; import com.datastax.driver.core.Row; import com.sun.jersey.api.client.Client; import com.sun.jersey.api.client.ClientResponse; import com.sun.jersey.api.client.WebResource; public class MusicAuthentication implements MusicAuthenticator { private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicAuthentication.class); /** * authenticate user logic * * @param nameSpace * @param userId * @param password * @param keyspace * @param aid * @param operation * @return * @throws Exception */ @Deprecated public static Map autheticateUser(String nameSpace, String userId, String password, String keyspace, String aid, String operation) { logger.info(EELFLoggerDelegate.applicationLogger,"Inside User Authentication......."); Map resultMap = new HashMap<>(); String uuid = null; if(! MusicUtil.getIsCadi()) { resultMap = CachingUtil.validateRequest(nameSpace, userId, password, keyspace, aid, operation); if (!resultMap.isEmpty()) return resultMap; String isAAFApp = null; try { isAAFApp= CachingUtil.isAAFApplication(nameSpace); } catch(MusicServiceException e) { logger.error(e.getErrorMessage(), e); resultMap.put("Exception", e.getMessage()); return resultMap; } if(isAAFApp == null) { resultMap.put("Exception", "Namespace: "+nameSpace+" doesn't exist. Please make sure ns(appName)" + " is correct and Application is onboarded."); return resultMap; } boolean isAAF = Boolean.parseBoolean(isAAFApp); if (userId == null || password == null) { logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); logger.error(EELFLoggerDelegate.errorLogger,"One or more required headers is missing. userId: " + userId + " :: password: " + password); resultMap.put("Exception", "UserId and Password are mandatory for the operation " + operation); return resultMap; } if(!isAAF && !(operation.equals("createKeySpace"))) { resultMap = CachingUtil.authenticateAIDUser(nameSpace, userId, password, keyspace); if (!resultMap.isEmpty()) return resultMap; } if (isAAF && nameSpace != null && userId != null && password != null) { boolean isValid = true; try { isValid = CachingUtil.authenticateAAFUser(nameSpace, userId, password, keyspace); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger,"Error while aaf authentication for user:" + userId); logger.error(EELFLoggerDelegate.errorLogger,"Error: "+ e.getMessage()); logger.error(EELFLoggerDelegate.errorLogger,e.getMessage(), AppMessages.AUTHENTICATIONERROR ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); logger.error(EELFLoggerDelegate.errorLogger,"Got exception while AAF authentication for namespace " + nameSpace); resultMap.put("Exception", e.getMessage()); } if (!isValid) { logger.error(EELFLoggerDelegate.errorLogger,"User not authenticated...", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); resultMap.put("Exception", "User not authenticated..."); } if (!resultMap.isEmpty()) return resultMap; } } else { String cachedKS = CachingUtil.getKSFromCadiCache(userId); if(cachedKS != null && !cachedKS.equals(keyspace)) { resultMap.put("Exception", "User not authenticated to access this keyspace..."); } } if (operation.equals("createKeySpace")) { logger.info(EELFLoggerDelegate.applicationLogger,"AID is not provided. Creating new UUID for keyspace."); PreparedQueryObject pQuery = new PreparedQueryObject(); pQuery.appendQueryString( "select uuid from admin.keyspace_master where application_name=? and username=? and keyspace_name=? allow filtering"); try { pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), nameSpace)); pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), userId)); pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), MusicUtil.DEFAULTKEYSPACENAME)); } catch (Exception e1) { logger.error(EELFLoggerDelegate.errorLogger, e1, "Can not authenticate for createkeyspace", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); resultMap.put("Exception", "Cannot authenticate for createKeyspace"); return resultMap; } try { Row rs = MusicCore.get(pQuery).one(); uuid = rs.getUUID("uuid").toString(); resultMap.put("uuid", "existing"); } catch (Exception e) { logger.error(EELFLoggerDelegate.applicationLogger,"No UUID found in DB. So creating new UUID."); uuid = MusicUtil.generateUUID(); resultMap.put("uuid", "new"); } resultMap.put("aid", uuid); CachingUtil.updateCadiCache(userId, keyspace); } return resultMap; } @Override public boolean authenticateAdmin(String authorization) { logger.info(EELFLoggerDelegate.applicationLogger, "MusicCore.authenticateAdmin: "); String userId = MusicUtil.extractBasicAuthentication(authorization).get(MusicUtil.USERID); if(MusicUtil.getIsCadi()) { CachingUtil.updateAdminUserCache(authorization, userId); return true; } CacheAccess adminCache = CachingUtil.getAdminUserCache(); if (authorization == null) { logger.error(EELFLoggerDelegate.errorLogger, "Authorization cannot be empty..."); return false; } if (adminCache.get(authorization) != null && adminCache.get(authorization).equals(userId)) { logger.info(EELFLoggerDelegate.applicationLogger, "MusicCore.authenticateAdmin: Validated against admincache.. "); return true; } else { Client client = Client.create(); String aafUrl = MusicUtil.getAafAdminUrl(); if (aafUrl==null) { logger.error(EELFLoggerDelegate.errorLogger, "Admin url is not set, please set in properties"); return false; } WebResource webResource = client.resource( MusicUtil.getAafAdminUrl().concat(userId).concat("/").concat(MusicUtil.getAdminAafRole())); ClientResponse response = webResource.accept(MediaType.APPLICATION_JSON) .header("Authorization", authorization).get(ClientResponse.class); if (response.getStatus() == 200) { CachingUtil.updateAdminUserCache(authorization, userId); return true; } } return false; } @Override public boolean authenticateUser(String namespace, String authorization, String keyspace, String aid, Operation operation) { logger.info(EELFLoggerDelegate.applicationLogger,"Inside User Authentication......."); Map userCredentials = MusicUtil.extractBasicAuthentication(authorization); String userId = userCredentials.get(MusicUtil.USERID); String password = userCredentials.get(MusicUtil.PASSWORD); Map resultMap = new HashMap<>(); String uuid = null; if(! MusicUtil.getIsCadi()) { resultMap = CachingUtil.validateRequest(namespace, userId, password, keyspace, aid, operation); if (!resultMap.isEmpty()) return false; String isAAFApp = null; try { isAAFApp= CachingUtil.isAAFApplication(namespace); } catch(MusicServiceException e) { logger.error(e.getErrorMessage(), e); resultMap.put("Exception", e.getMessage()); return false; } if(isAAFApp == null) { resultMap.put("Exception", "Namespace: "+namespace+" doesn't exist. Please make sure ns(appName)" + " is correct and Application is onboarded."); return false; } boolean isAAF = Boolean.parseBoolean(isAAFApp); if (userId == null || password == null) { logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); logger.error(EELFLoggerDelegate.errorLogger,"UserId/Password or more required headers is missing."); resultMap.put("Exception", "UserId and Password are mandatory for the operation " + operation); return false; } if(!isAAF && !(operation==Operation.CREATE_KEYSPACE)) { resultMap = CachingUtil.authenticateAIDUser(namespace, userId, password, keyspace); if (!resultMap.isEmpty()) return false; } if (isAAF && namespace != null && userId != null && password != null) { boolean isValid = true; try { isValid = CachingUtil.authenticateAAFUser(namespace, userId, password, keyspace); } catch (Exception e) { logger.error(EELFLoggerDelegate.errorLogger,"Error while aaf authentication for user:" + userId); logger.error(EELFLoggerDelegate.errorLogger,"Error: "+ e.getMessage()); logger.error(EELFLoggerDelegate.errorLogger,e.getMessage(), AppMessages.AUTHENTICATIONERROR ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); logger.error(EELFLoggerDelegate.errorLogger,"Got exception while AAF authentication for namespace " + namespace); resultMap.put("Exception", e.getMessage()); } if (!isValid) { logger.error(EELFLoggerDelegate.errorLogger,"User not authenticated...", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR); resultMap.put("Exception", "User not authenticated..."); } if (!resultMap.isEmpty()) return false; } } else { String cachedKS = CachingUtil.getKSFromCadiCache(userId); if(cachedKS != null && !cachedKS.equals(keyspace)) { resultMap.put("Exception", "User not authenticated to access this keyspace..."); return false; } } if (operation==Operation.CREATE_KEYSPACE) { try { logger.info(EELFLoggerDelegate.applicationLogger,"AID is not provided. Creating new UUID for keyspace."); PreparedQueryObject pQuery = new PreparedQueryObject(); pQuery.appendQueryString( "select uuid from admin.keyspace_master where application_name=? and username=? and keyspace_name=? allow filtering"); pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), namespace)); pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), userId)); pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), MusicUtil.DEFAULTKEYSPACENAME)); Row rs = MusicCore.get(pQuery).one(); uuid = rs.getUUID("uuid").toString(); resultMap.put("uuid", "existing"); } catch (Exception e) { logger.error(EELFLoggerDelegate.applicationLogger,"No UUID found in DB. So creating new UUID."); uuid = MusicUtil.generateUUID(); resultMap.put("uuid", "new"); } resultMap.put("aid", uuid); CachingUtil.updateCadiCache(userId, keyspace); } return true; } }