diff options
author | Jorge Hernandez <jh1730@att.com> | 2018-09-18 14:31:07 -0500 |
---|---|---|
committer | Jorge Hernandez <jh1730@att.com> | 2018-09-18 16:16:46 -0500 |
commit | 71128148623da679bfdb00b804389f1daabaac86 (patch) | |
tree | f3f9ba386f4d5ac76547953e0f4a4ddddd23c839 /policy-endpoints | |
parent | 49afdc08f0fa93264f2ae59d8a5e9931d02e6369 (diff) |
Add comments and removed redundant code in Filters
Change-Id: I57db9a90550e89ccf23f23de608eedb5d0b7f4ff
Signed-off-by: Jorge Hernandez <jh1730@att.com>
Issue-ID: POLICY-1043
Signed-off-by: Jorge Hernandez <jh1730@att.com>
Diffstat (limited to 'policy-endpoints')
2 files changed, 14 insertions, 9 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java index 05267385..5f6bb544 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java @@ -23,8 +23,15 @@ package org.onap.policy.common.endpoints.http.server.aaf; import javax.servlet.http.HttpServletRequest; import org.onap.policy.common.endpoints.http.server.AuthorizationFilter; +/** + * Generic Authorization AAF Filter Skeleton. This class will return + * a permission in AAF format. Subclasses are responsible to provide + * the AAF permission type and instance. + */ public abstract class AafAuthFilter extends AuthorizationFilter { + public static final String DEFAULT_NAMESPACE = "org.onap.policy"; + @Override protected String getRole(HttpServletRequest request) { return diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java index 86e35323..42df2484 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java @@ -24,19 +24,17 @@ import javax.servlet.http.HttpServletRequest; import org.onap.policy.common.utils.network.NetworkUtil; /** - * Allows per server direct permissions from all rest apis to aaf permission types - * for evaluation, hence the granularity. + * This generic class allows the mapping of REST APIs to AAF permissions + * to be evaluated in an AAF context. This class can be used for + * highly granular permissions where each REST resource can be directly + * mapped transparently to an AAF permission type, the instance being the host + * server, and the HTTP method corresponding to the action. + * Subclasses are responsible to provide the root permission prefix, typically + * the namespace. */ public abstract class AafGranularAuthFilter extends AafAuthFilter { @Override - protected String getRole(HttpServletRequest request) { - return - String.format("%s|%s|%s", getPermissionType(request), getPermissionInstance(request), - request.getMethod().toLowerCase()); - } - - @Override protected String getPermissionType(HttpServletRequest request) { return getPermissionTypeRoot() + "." + request.getRequestURI().replace('/', '.'); |