diff options
Diffstat (limited to 'policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http')
8 files changed, 18 insertions, 165 deletions
diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/AuthorizationFilter.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/AuthorizationFilter.java index b58cde7c..44204cfd 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/AuthorizationFilter.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/AuthorizationFilter.java @@ -3,7 +3,7 @@ * ONAP * ================================================================================ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2023 Nordix Foundation. + * Modifications Copyright (C) 2023-2024 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -40,17 +40,14 @@ public abstract class AuthorizationFilter implements Filter { public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { - if (!(servletRequest instanceof HttpServletRequest)) { + if (!(servletRequest instanceof HttpServletRequest request)) { throw new ServletException("Not an HttpServletRequest instance"); } - if (!(servletResponse instanceof HttpServletResponse)) { + if (!(servletResponse instanceof HttpServletResponse response)) { throw new ServletException("Not an HttpServletResponse instance"); } - HttpServletRequest request = (HttpServletRequest) servletRequest; - HttpServletResponse response = (HttpServletResponse) servletResponse; - String role = getRole(request); boolean authorized = request.isUserInRole(role); diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java index 23c2b54a..a20c125d 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/HttpServletServer.java @@ -3,7 +3,7 @@ * ONAP * ================================================================================ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2020 Nordix Foundation. + * Modifications Copyright (C) 2020, 2024 Nordix Foundation. * Modifications Copyright (C) 2021 Bell Canada. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -52,18 +52,6 @@ public interface HttpServletServer extends Startable { void setBasicAuthentication(String user, String password, String relativeUriPath); /** - * Enables AAF based authentication. - * - * @param filterPath filter path - */ - void setAafAuthentication(String filterPath); - - /** - * Checks if AAF authentication has been enabled. - */ - boolean isAaf(); - - /** * Sets the serialization provider to be used when classes are added to the service. * * @param provider the provider to use for message serialization and de-serialization diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/IndexedHttpServletServerFactory.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/IndexedHttpServletServerFactory.java index 2f557946..7c9aca4c 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/IndexedHttpServletServerFactory.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/IndexedHttpServletServerFactory.java @@ -3,7 +3,7 @@ * ONAP Policy Engine - Common Modules * ================================================================================ * Copyright (C) 2017-2019, 2021 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2020,2023 Nordix Foundation. + * Modifications Copyright (C) 2020,2023-2024 Nordix Foundation. * Modifications Copyright (C) 2021 Bell Canada. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -133,7 +133,7 @@ class IndexedHttpServletServerFactory implements HttpServletServerFactory { // configure the service setSerializationProvider(props, service); - setAuthentication(props, service, contextUriPath); + setAuthentication(props, service); final var restUriPath = props.getString(PolicyEndPointProperties.PROPERTY_HTTP_REST_URIPATH_SUFFIX, null); @@ -156,17 +156,13 @@ class IndexedHttpServletServerFactory implements HttpServletServerFactory { } } - private void setAuthentication(PropertyUtils props, HttpServletServer service, final String contextUriPath) { - /* authentication method either AAF or HTTP Basic Auth */ - - final var aaf = props.getBoolean(PolicyEndPointProperties.PROPERTY_AAF_SUFFIX, false); + private void setAuthentication(PropertyUtils props, HttpServletServer service) { + /* authentication method HTTP Basic Auth */ final var userName = props.getString(PolicyEndPointProperties.PROPERTY_HTTP_AUTH_USERNAME_SUFFIX, null); final var password = props.getString(PolicyEndPointProperties.PROPERTY_HTTP_AUTH_PASSWORD_SUFFIX, null); final var authUriPath = props.getString(PolicyEndPointProperties.PROPERTY_HTTP_AUTH_URIPATH_SUFFIX, null); - if (aaf) { - service.setAafAuthentication(contextUriPath); - } else if (!StringUtils.isBlank(userName) && !StringUtils.isBlank(password)) { + if (!StringUtils.isBlank(userName) && !StringUtils.isBlank(password)) { service.setBasicAuthentication(userName, password, authUriPath); } } diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java index e7924771..7e6ce866 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/RestServer.java @@ -1,6 +1,6 @@ /*- * ============LICENSE_START======================================================= - * Copyright (C) 2019,2023 Nordix Foundation. + * Copyright (C) 2019, 2023-2024 Nordix Foundation. * Modifications Copyright (C) 2019-2021 AT&T Intellectual Property. * Modifications Copyright (C) 2021 Bell Canada. All rights reserved. * ================================================================================ @@ -29,7 +29,6 @@ import java.util.Optional; import java.util.Properties; import java.util.stream.Collectors; import lombok.ToString; -import org.onap.policy.common.endpoints.http.server.aaf.AafAuthFilter; import org.onap.policy.common.endpoints.parameters.RestServerParameters; import org.onap.policy.common.endpoints.properties.PolicyEndPointProperties; import org.onap.policy.common.gson.GsonMessageBodyHandler; @@ -54,21 +53,11 @@ public class RestServer extends ServiceManagerContainer { * Constructs the object. * * @param restServerParameters the rest server parameters - * @param aafFilter class of object to use to filter AAF requests, or {@code null} * @param jaxrsProviders classes providing the services */ - public RestServer(final RestServerParameters restServerParameters, Class<? extends AafAuthFilter> aafFilter, + public RestServer(final RestServerParameters restServerParameters, Class<?>... jaxrsProviders) { - - this(restServerParameters, makeFilterList(aafFilter), Arrays.asList(jaxrsProviders)); - } - - private static List<Class<? extends Filter>> makeFilterList(Class<? extends AafAuthFilter> aafFilter) { - if (aafFilter == null) { - return List.of(); - } else { - return List.of(aafFilter); - } + this(restServerParameters, null, Arrays.asList(jaxrsProviders)); } /** @@ -81,7 +70,7 @@ public class RestServer extends ServiceManagerContainer { public RestServer(final RestServerParameters restServerParameters, List<Class<? extends Filter>> filters, List<Class<?>> jaxrsProviders) { - if (jaxrsProviders.isEmpty()) { + if (jaxrsProviders == null || jaxrsProviders.isEmpty()) { throw new IllegalArgumentException("no providers specified"); } @@ -89,12 +78,9 @@ public class RestServer extends ServiceManagerContainer { .build(getServerProperties(restServerParameters, getProviderClassNames(jaxrsProviders))); for (HttpServletServer server : this.servers) { - for (Class<? extends Filter> filter : filters) { - if (!AafAuthFilter.class.isAssignableFrom(filter) || server.isAaf()) { - server.addFilterClass(null, filter.getName()); - } + if (filters != null && !filters.isEmpty()) { + filters.forEach(filter -> server.addFilterClass(null, filter.getName())); } - addAction("REST " + server.getName(), server::start, server::stop); } } @@ -128,8 +114,6 @@ public class RestServer extends ServiceManagerContainer { String.valueOf(restServerParameters.isHttps())); props.setProperty(svcpfx + PolicyEndPointProperties.PROPERTY_HTTP_SNI_HOST_CHECK_SUFFIX, String.valueOf(restServerParameters.isSniHostCHeck())); - props.setProperty(svcpfx + PolicyEndPointProperties.PROPERTY_AAF_SUFFIX, - String.valueOf(restServerParameters.isAaf())); props.setProperty(svcpfx + PolicyEndPointProperties.PROPERTY_HTTP_SERIALIZATION_PROVIDER, String.join(",", GsonMessageBodyHandler.class.getName(), YamlMessageBodyHandler.class.getName(), JsonExceptionMapper.class.getName(), YamlExceptionMapper.class.getName())); diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java deleted file mode 100644 index 084d2fb9..00000000 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafAuthFilter.java +++ /dev/null @@ -1,46 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2023 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.common.endpoints.http.server.aaf; - -import jakarta.servlet.http.HttpServletRequest; -import org.onap.policy.common.endpoints.http.server.AuthorizationFilter; - -/** - * Generic Authorization AAF Filter Skeleton. This class will return - * a permission in AAF format. Subclasses are responsible to provide - * the AAF permission type and instance. - */ -public abstract class AafAuthFilter extends AuthorizationFilter { - - public static final String DEFAULT_NAMESPACE = "org.onap.policy"; - - @Override - protected String getRole(HttpServletRequest request) { - return - String.format("%s|%s|%s", getPermissionType(request), getPermissionInstance(request), - request.getMethod().toLowerCase()); - } - - protected abstract String getPermissionType(HttpServletRequest request); - - protected abstract String getPermissionInstance(HttpServletRequest request); -} diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java deleted file mode 100644 index 39524e87..00000000 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/aaf/AafGranularAuthFilter.java +++ /dev/null @@ -1,49 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ONAP - * ================================================================================ - * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2023 Nordix Foundation. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.onap.policy.common.endpoints.http.server.aaf; - -import jakarta.servlet.http.HttpServletRequest; -import org.onap.policy.common.utils.network.NetworkUtil; - -/** - * This generic class allows the mapping of REST APIs to AAF permissions - * to be evaluated in an AAF context. This class can be used for - * highly granular permissions where each REST resource can be directly - * mapped transparently to an AAF permission type, the instance being the host - * server, and the HTTP method corresponding to the action. - * Subclasses are responsible to provide the root permission prefix, typically - * the namespace. - */ -public abstract class AafGranularAuthFilter extends AafAuthFilter { - - @Override - protected String getPermissionType(HttpServletRequest request) { - return getPermissionTypeRoot() + request.getRequestURI().replace('/', '.'); - } - - @Override - protected String getPermissionInstance(HttpServletRequest request) { - return NetworkUtil.getHostname(); - } - - public abstract String getPermissionTypeRoot(); -} diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java index 4e1eda9f..78858a77 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyServletServer.java @@ -3,7 +3,7 @@ * ONAP * ================================================================================ * Copyright (C) 2017-2021 AT&T Intellectual Property. All rights reserved. - * Modifications Copyright (C) 2019-2020,2023 Nordix Foundation. + * Modifications Copyright (C) 2019-2020, 2023-2024 Nordix Foundation. * Modifications Copyright (C) 2020-2021 Bell Canada. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -43,13 +43,11 @@ import org.eclipse.jetty.server.SecureRequestCustomizer; import org.eclipse.jetty.server.Server; import org.eclipse.jetty.server.ServerConnector; import org.eclipse.jetty.server.Slf4jRequestLogWriter; -import org.eclipse.jetty.servlet.FilterHolder; import org.eclipse.jetty.servlet.ServletContextHandler; import org.eclipse.jetty.servlet.ServletHolder; import org.eclipse.jetty.util.security.Constraint; import org.eclipse.jetty.util.security.Credential; import org.eclipse.jetty.util.ssl.SslContextFactory; -import org.onap.aaf.cadi.filter.CadiFilter; import org.onap.policy.common.endpoints.http.server.HttpServletServer; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -284,21 +282,6 @@ public abstract class JettyServletServer implements HttpServletServer, Runnable } @Override - public void setAafAuthentication(String filterPath) { - this.addFilterClass(filterPath, CadiFilter.class.getName()); - } - - @Override - public boolean isAaf() { - for (FilterHolder filter : context.getServletHandler().getFilters()) { - if (CadiFilter.class.getName().equals(filter.getClassName())) { - return true; - } - } - return false; - } - - @Override public void setBasicAuthentication(String user, String password, String servletPath) { String srvltPath = servletPath; diff --git a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyStaticResourceServer.java b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyStaticResourceServer.java index 70ac1417..ee2b0540 100644 --- a/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyStaticResourceServer.java +++ b/policy-endpoints/src/main/java/org/onap/policy/common/endpoints/http/server/internal/JettyStaticResourceServer.java @@ -1,6 +1,6 @@ /*- * ============LICENSE_START======================================================= - * Copyright (C) 2020,2023 Nordix Foundation. + * Copyright (C) 2020, 2023-2024 Nordix Foundation. * Modifications Copyright (C) 2021 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); @@ -29,7 +29,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; /** - * Jetty Server that uses DefaultServlets to support web static resources management. + * Jetty Server that uses DefaultServlets to support web static resources' management. */ @ToString public class JettyStaticResourceServer extends JettyServletServer { |