2 files changed, 31 insertions, 17 deletions

diff --git a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafClientCache.java b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafClientCache.java
index 847836b..3b55a84 100755
--- a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafClientCache.java
+++ b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafClientCache.java
@@ -90,7 +90,7 @@ public class AafClientCache {
         if (!env.getProperty(AafProperties.aafEnabled.toString(), Boolean.class, true)) {

             return AuthorizationResult.Authorized;

         }

-        Map<String, String> auth = getUserPasssword(requestContext);

+        Map<String, String> auth = getUserPassword(requestContext);

         String permissions = getPermissions(auth);

         if (permissions == null) {

             return AuthorizationResult.AuthenticationFailure;

@@ -209,7 +209,7 @@ public class AafClientCache {
         return AuthorizationResult.AuthenticationFailure;

     }

 

-    private Map<String, String> getUserPasssword(ContainerRequestContext requestContext) {

+    private Map<String, String> getUserPassword(ContainerRequestContext requestContext) {

 

         String header = requestContext.getHeaderString("Authorization");

         Map<String, String> userPassword = getUserPasswordFromAuthorizationHeader(header);

diff --git a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafContainerFilters.java b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafContainerFilters.java
index a8d860d..f23dca0 100755
--- a/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafContainerFilters.java
+++ b/cmso-service/src/main/java/org/onap/optf/cmso/aaf/AafContainerFilters.java
@@ -1,6 +1,7 @@
 /*

  * Copyright (c) 2019 AT&T Intellectual Property.

  * Modifications Copyright © 2018 IBM.

+ * Modifications Copyright © 2020 Nokia.

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

@@ -53,30 +54,43 @@ import org.springframework.stereotype.Component;
 @Profile(SpringProfiles.AAF_AUTHENTICATION)

 public class AafContainerFilters implements ContainerRequestFilter {

 

+    private static final String EMPTY_ENTITY_CONTENT = "";

+

     @Autowired

-    AafClientCache aafClientCache;

+    private AafClientCache aafClientCache;

 

     @Override

     public void filter(ContainerRequestContext requestContext) throws IOException {

-        ResponseBuilder builder = null;

-        AuthorizationResult status = null;

-        try {

-            status = aafClientCache.authorize(requestContext);

-        } catch (Exception e) {

-            Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.getMessage());

-            status = AuthorizationResult.AuthenticationFailure;

-        }

-        switch (status) {

+        AuthorizationResult authorizationStatus = getAuthorizationResult(requestContext);

+        switch (authorizationStatus) {

             case AuthenticationFailure:

-                builder = Response.status(Response.Status.UNAUTHORIZED).entity("");

-                builder.header("WWW-Authenticate", "Basic realm=\"Realm\"");

-                throw new WebApplicationException(builder.build());

+                throw new WebApplicationException(createAuthenticationErrorResponse());

             case AuthorizationFailure:

-                builder = Response.status(Response.Status.FORBIDDEN).entity("");

-                throw new WebApplicationException(builder.build());

+                throw new WebApplicationException(createAuthorizationErrorResponse());

             case Authorized:

             case Authenticated:

             default:

         }

     }

+

+    private AuthorizationResult getAuthorizationResult(ContainerRequestContext requestContext) {

+        AuthorizationResult status;

+        try {

+            status = aafClientCache.authorize(requestContext);

+        } catch (Exception e) {

+            Observation.report(LogMessages.UNEXPECTED_EXCEPTION, e, e.getMessage());

+            status = AuthorizationResult.AuthenticationFailure;

+        }

+        return status;

+    }

+

+    private Response createAuthenticationErrorResponse() {

+        ResponseBuilder builder = Response.status(Response.Status.UNAUTHORIZED).entity(EMPTY_ENTITY_CONTENT);

+        builder.header("WWW-Authenticate", "Basic realm=\"Realm\"");

+        return builder.build();

+    }

+

+    private Response createAuthorizationErrorResponse() {

+        return Response.status(Response.Status.FORBIDDEN).entity(EMPTY_ENTITY_CONTENT).build();

+    }

 }