aboutsummaryrefslogtreecommitdiffstats
path: root/policy-endpoints
diff options
context:
space:
mode:
authorJorge Hernandez <jh1730@att.com>2018-09-18 14:31:07 -0500
committerJorge Hernandez <jh1730@att.com>2018-09-18 16:16:46 -0500
commit71128148623da679bfdb00b804389f1daabaac86 (patch)
treef3f9ba386f4d5ac76547953e0f4a4ddddd23c839 /policy-endpoints
parent49afdc08f0fa93264f2ae59d8a5e9931d02e6369 (diff)
Add comments and removed redundant code in Filters
Change-Id: I57db9a90550e89ccf23f23de608eedb5d0b7f4ff Signed-off-by: Jorge Hernandez <jh1730@att.com> Issue-ID: POLICY-1043 Signed-off-by: Jorge Hernandez <jh1730@att.com>
Diffstat (limited to 'policy-endpoints')
-rw-r--r--policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java7
-rw-r--r--policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java16
2 files changed, 14 insertions, 9 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java
index 05267385..5f6bb544 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java
@@ -23,8 +23,15 @@ package org.onap.policy.common.endpoints.http.server.aaf;
import javax.servlet.http.HttpServletRequest;
import org.onap.policy.common.endpoints.http.server.AuthorizationFilter;
+/**
+ * Generic Authorization AAF Filter Skeleton. This class will return
+ * a permission in AAF format. Subclasses are responsible to provide
+ * the AAF permission type and instance.
+ */
public abstract class AafAuthFilter extends AuthorizationFilter {
+ public static final String DEFAULT_NAMESPACE = "org.onap.policy";
+
@Override
protected String getRole(HttpServletRequest request) {
return
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java
index 86e35323..42df2484 100644
--- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java
+++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java
@@ -24,19 +24,17 @@ import javax.servlet.http.HttpServletRequest;
import org.onap.policy.common.utils.network.NetworkUtil;
/**
- * Allows per server direct permissions from all rest apis to aaf permission types
- * for evaluation, hence the granularity.
+ * This generic class allows the mapping of REST APIs to AAF permissions
+ * to be evaluated in an AAF context. This class can be used for
+ * highly granular permissions where each REST resource can be directly
+ * mapped transparently to an AAF permission type, the instance being the host
+ * server, and the HTTP method corresponding to the action.
+ * Subclasses are responsible to provide the root permission prefix, typically
+ * the namespace.
*/
public abstract class AafGranularAuthFilter extends AafAuthFilter {
@Override
- protected String getRole(HttpServletRequest request) {
- return
- String.format("%s|%s|%s", getPermissionType(request), getPermissionInstance(request),
- request.getMethod().toLowerCase());
- }
-
- @Override
protected String getPermissionType(HttpServletRequest request) {
return getPermissionTypeRoot() + "." +
request.getRequestURI().replace('/', '.');