/*- * ============LICENSE_START======================================================= * ONAP * ================================================================================ * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. * Modifications Copyright (C) 2023-2024 Nordix Foundation. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= */ package org.onap.policy.common.endpoints.http.server; import jakarta.servlet.Filter; import jakarta.servlet.FilterChain; import jakarta.servlet.ServletException; import jakarta.servlet.ServletRequest; import jakarta.servlet.ServletResponse; import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletResponse; import java.io.IOException; import org.slf4j.Logger; import org.slf4j.LoggerFactory; public abstract class AuthorizationFilter implements Filter { private static final Logger logger = LoggerFactory.getLogger(AuthorizationFilter.class); @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { if (!(servletRequest instanceof HttpServletRequest request)) { throw new ServletException("Not an HttpServletRequest instance"); } if (!(servletResponse instanceof HttpServletResponse response)) { throw new ServletException("Not an HttpServletResponse instance"); } String role = getRole(request); boolean authorized = request.isUserInRole(role); logger.info("user {} in role {} is {}authorized to {}", request.getUserPrincipal(), role, ((authorized) ? "" : "NOT "), request.getMethod()); if (!authorized) { response.setStatus(HttpServletResponse.SC_FORBIDDEN); } else { filterChain.doFilter(servletRequest, servletResponse); } } protected abstract String getRole(HttpServletRequest request); }