diff options
Diffstat (limited to 'policy-management/src')
13 files changed, 215 insertions, 19 deletions
diff --git a/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafBase.java b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafBase.java new file mode 100644 index 00000000..0c8465a7 --- /dev/null +++ b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafBase.java @@ -0,0 +1,35 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.drools.server.restful.aaf; + +import org.onap.policy.common.endpoints.http.server.aaf.AafAuthFilter; +import org.onap.policy.drools.system.PolicyEngine; + +/** + * AAF Base Class + */ +public abstract class AafBase extends AafAuthFilter { + public static final String AAF_NODETYPE = "pdpd"; + public static final String AAF_ROOT_PERMISSION_PROPERTY = "aaf.root.permission"; + public static final String AAF_ROOT_PERMISSION = + PolicyEngine.manager.getProperties().getProperty + (AAF_ROOT_PERMISSION_PROPERTY, DEFAULT_NAMESPACE + "." + AAF_NODETYPE); +} diff --git a/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafTelemetryAuthFilter.java b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafTelemetryAuthFilter.java new file mode 100644 index 00000000..f2e50ee2 --- /dev/null +++ b/policy-management/src/main/java/org/onap/policy/drools/server/restful/aaf/AafTelemetryAuthFilter.java @@ -0,0 +1,41 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.drools.server.restful.aaf; + +import javax.servlet.http.HttpServletRequest; +import org.onap.policy.common.utils.network.NetworkUtil; + +/** + * AAF Telemetry Authorization + */ +public class AafTelemetryAuthFilter extends AafBase { + private static final String RESOURCE_TYPE = AAF_ROOT_PERMISSION + "." + "telemetry"; + + @Override + protected String getPermissionType(HttpServletRequest request) { + return RESOURCE_TYPE; + } + + @Override + protected String getPermissionInstance(HttpServletRequest request) { + return NetworkUtil.getHostname(); + } +} diff --git a/policy-management/src/main/server-gen/bin/policy-management-controller b/policy-management/src/main/server-gen/bin/policy-management-controller index cc6a8c7d..bad1783f 100644 --- a/policy-management/src/main/server-gen/bin/policy-management-controller +++ b/policy-management/src/main/server-gen/bin/policy-management-controller @@ -96,9 +96,9 @@ function um_stop() { remove_pid_file else if [[ -n ${ENGINE_MANAGEMENT_PASSWORD} ]]; then - http_proxy= curl --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null + http_proxy= curl -k --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null else - http_proxy= curl --silent -X DELETE http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null + http_proxy= curl -k --silent -X DELETE https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine -o /dev/null fi sleep 5 echo "Stopping $SNAME..." diff --git a/policy-management/src/main/server-gen/bin/rest-add-controller b/policy-management/src/main/server-gen/bin/rest-add-controller index 187b2916..0dd82eec 100644 --- a/policy-management/src/main/server-gen/bin/rest-add-controller +++ b/policy-management/src/main/server-gen/bin/rest-add-controller @@ -26,11 +26,11 @@ json=$1-controller.rest.json if [ -f ${json} ]; then if [[ -n ${ENGINE_MANAGEMENT_PASSWORD} ]]; then - curl --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X POST --data @${json} --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers + curl -k --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X POST --data @${json} --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers else - curl --silent -X POST --data @${json} --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers + curl -k --silent -X POST --data @${json} --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers fi else echo "Usage: rest-add-controller.sh closed-loop-sample|reporter|sepc|vsegw|.. (or any other config file ending with *-controller.rest.json)" diff --git a/policy-management/src/main/server-gen/bin/rest-delete-controller b/policy-management/src/main/server-gen/bin/rest-delete-controller index de1d601c..03e67483 100644 --- a/policy-management/src/main/server-gen/bin/rest-delete-controller +++ b/policy-management/src/main/server-gen/bin/rest-delete-controller @@ -24,11 +24,11 @@ source $POLICY_HOME/etc/profile.d/env.sh if [[ -n $1 ]]; then if [[ -n ${ENGINE_MANAGEMENT_PASSWORD} ]]; then - curl --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} + curl -k --silent --user ${ENGINE_MANAGEMENT_USER}:${ENGINE_MANAGEMENT_PASSWORD} -X DELETE --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} else - curl --silent -X DELETE --header "Content-Type: application/json" \ - http://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} + curl -k --silent -X DELETE --header "Content-Type: application/json" \ + https://localhost:${ENGINE_MANAGEMENT_PORT}/policy/pdp/engine/controllers/${1} fi echo exit diff --git a/policy-management/src/main/server/config/aaf-cadi.keyfile b/policy-management/src/main/server/config/aaf-cadi.keyfile new file mode 100644 index 00000000..59d544f3 --- /dev/null +++ b/policy-management/src/main/server/config/aaf-cadi.keyfile @@ -0,0 +1,27 @@ +N3INM2bAlQ8cNODnjR3Fuvo5z4GeID0KnRYlELmt-oHCFxq_XYVyepBVR591CIbJI9prNd_LLuv7 +tQD8xX_ypcNA-jQsecTwtw4GxvpqkZPhq6Q8BWNQaCegtXGDVTQ8gG2biKiQ7v-2C6Qhx4zj62b6 +bRPS5j1bfxqcAZu7082V00oQjbn40T2zFcLwCuBChZfx5DXTW49bwtLbkCbGqJSzFcIJpbGQ8gLg +ussIoL8VE2Vee7bPJmUAdT4x9B1wrMIuvKlUMppeq0Bj-6ZJgxhM9F0WT8eEBh6NFANdK3LUgZrk +D3kY3LrK-MT9u1TOMx13nOU7vOaVjl7_rkp5Q65gFd9VYbnJBYvJcc7asOQMsrugiSiRIoXH0Fyy +-f9L3ROGae042J4M8qxcoOihMbcjVkEXqn6eRIFbDe0eIAlkSRYfaxg9v4tf8GbBjQcShBjzGaI2 +g6QxTA5G6Aa7p63aVRGv3ZODCHcbsbxnkyByXgmkON4cTk9vR0RbT6YYhT5t8xTU3rhqV3jeE0Bz +KbU0c4188xTnhdq_bje2TuuLvtEvevdvDsbtAj7chQmWMOW7GMF3MnqdEpcw1NCoNRdN8wpAdE-5 +mkG-jlYHljSRh9qZK5wdEoO4IXgpFktdGj50XuzcskqqURNfDGHGb29fHznL1-ssdQK6EXcKN0AU +nYyGLAie3VfFxWKj5dGODBs5RttvkX4PHyLcLD3kOrVgtQrz7d0PWWYCxDRqKT6qnJkLB1CUwghn +XweEiDfoQmuUmwFEQNRDp0NGLnde5nsw7NYgLrv5VafGK8EyT4GeVhuu5Tnb6T-HalxCq2p5JaIA +SG8zlDmRx_TykrhfQEJe7sr0pRcAMwgxEhwunG2oBiKnzdRx5jxMfqnVC8xGirumhmOQNterfnd5 +0pIsfvIuntyxRQ48yzIb2gb5kaSkfSzCaVnlqK-_jpj1T74qO86eaKVee4faQAbXDPYF2z5w06nD +WS2dd54wBjGmkFNzi13ejTrAJeA6UzOd1CF_WSpc9XSJJPTPUGxmnfLjmGThErFBYuQxjhpH7vKN +uZgokkIXX78rVcO3zpfa5kTYWjE8lk9y3WA7sGNtTWfG8bR3WLWNLPCnrzxtKZdhq2JsQYC0gwW7 +ZgJSXhgPoaC_RrtCn7haj1_601G_MkD-jcUEsO-4XOBVicsCgG8hn7B-SpgKspqv8gulbeKoORqa +CkrtiFPlXEqdNuaBSHcQ0MWJ3tpXzWtIPM3ouEFOR32xVfptfz4sRPOkM_PNiVXxQtLOn_z3uC7K +VVJCKZxVaavQ6QiZvRRANS9_GD3kDILX15EnbEvh-2DfycDrEo330vMwvNJP7i9eM5vo0YADe--G +r5UDqctmFjl1ulc1yAQkDBGWGxT92x-hhLqCnCXcYPu_aeWssfDpRj573PHPaTiM0SYxJixjszRD +6-AMC1DqugkjiGA5_enQORn-G_H4ZVtoQ_zebizEfIxKv5-8uRdyZDHGG3mDu6_nasEffry-UyVu +STU3oJMycZ1qf5GR1evRJ7gxkrtPXHWKNnVgxfrBC72ON6wJnr7KaY-l9L44epIsk1pEmXm3YQu1 +N0NxiAwdus9OnCXQ7GgZPRXCpxjJPNs7EIKFrYjKJfdtSzT85ZrTpHQtjim2L1ZP9iIlq2QVKD1v +bKSjCwjtb9ztjrV-Bw1BHcAApPcfpXHLhYkJ7iL1XUhxjXp_DGUkD7ZN9S5tuyrsMXz5hh6wMfcq +NPR_XqHaS2ur-ONNrHuFFCmY7Ehc5FArFzb_Xn1JTpOQJTcy6_3r3u3B_euT8GmXHahtVN1Rv8RM +kAD5m_UBx-nHoZDVDYZkfR9k4hF2Sz5rfrWs6Zrl0r8FBrVFtU1j2vOTvTGwrkO9yZvgIqOkX_eq +TnGIpM4paHxEGTP8H8A3Y0ZpsvLttmh0rT_OwzBPa1Mof3RQKhyTzfbptxuUJyVxU0Ln-9f--5Mk +wEFqhuSrgssI6b1iMqm97PqFQMYrWX3SV8l0V-PKxFxDM1bguHq4mOXEtmZBUtMBepwSsI96
\ No newline at end of file diff --git a/policy-management/src/main/server/config/aaf-credentials.properties b/policy-management/src/main/server/config/aaf-credentials.properties new file mode 100644 index 00000000..aaa5f161 --- /dev/null +++ b/policy-management/src/main/server/config/aaf-credentials.properties @@ -0,0 +1,9 @@ +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 +cadi_x509_issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US:CN=intermediateCA_7, OU=OSAAF, O=ONAP, C=US +cadi_keyfile=${{POLICY_HOME}}/config/aaf-cadi.keyfile +cadi_keystore=${{POLICY_HOME}}/etc/ssl/policy-keystore +cadi_keystore_password=${{KEYSTORE_PASSWD}} +cadi_key_password=${{KEYSTORE_PASSWD}} +cadi_alias=policy@policy.onap.org +cadi_truststore=${{POLICY_HOME}}/etc/ssl/policy-truststore +cadi_truststore_password=${{TRUSTSTORE_PASSWD}}
\ No newline at end of file diff --git a/policy-management/src/main/server/config/aaf-location.properties b/policy-management/src/main/server/config/aaf-location.properties new file mode 100644 index 00000000..dc828e71 --- /dev/null +++ b/policy-management/src/main/server/config/aaf-location.properties @@ -0,0 +1,2 @@ +cadi_latitude=38.000 +cadi_longitude=-72.000 diff --git a/policy-management/src/main/server/config/aaf.properties b/policy-management/src/main/server/config/aaf.properties new file mode 100644 index 00000000..8084be99 --- /dev/null +++ b/policy-management/src/main/server/config/aaf.properties @@ -0,0 +1,11 @@ +cadi_prop_files=${{POLICY_HOME}}/config/aaf-credentials.properties:${{POLICY_HOME}}/config/aaf-location.properties +cadi_loglevel=DEBUG +aaf_env=DEV +aaf_locate_url=https://${{AAF_HOST}}:8095 +aaf_oauth2_introspect_url=https://AAF_LOCATE_URL/AAF_NS.introspect:2.1/introspect +aaf_oauth2_token_url=https://AAF_LOCATE_URL/AAF_NS.token:2.1/token +aaf_url=https://AAF_LOCATE_URL/AAF_NS.service:2.1 +cadi_protocols=TLSv1.1,TLSv1.2 +cm_url=https://AAF_LOCATE_URL/AAF_NS.cm:2.1 +fs_url=https://AAF_LOCATE_URL/AAF_NS.fs.2.1 +gui_url=https://AAF_LOCATE_URL/AAF_NS.gui.2.1 diff --git a/policy-management/src/main/server/config/policy-engine.properties b/policy-management/src/main/server/config/policy-engine.properties index 758d13eb..8e517528 100644 --- a/policy-management/src/main/server/config/policy-engine.properties +++ b/policy-management/src/main/server/config/policy-engine.properties @@ -49,3 +49,6 @@ http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.r http.server.services.SECURED-CONFIG.managed=false http.server.services.SECURED-CONFIG.swagger=true http.server.services.SECURED-CONFIG.https=true + +aaf.namespace=${{AAF_NAMESPACE}} +aaf.root.permission=${{AAF_NAMESPACE}}.pdpd diff --git a/policy-management/src/main/server/config/system.properties b/policy-management/src/main/server/config/system.properties index 5c024e15..6bac0ea6 100644 --- a/policy-management/src/main/server/config/system.properties +++ b/policy-management/src/main/server/config/system.properties @@ -34,6 +34,10 @@ javax.net.ssl.trustStorePassword=${{TRUSTSTORE_PASSWD}} javax.net.ssl.keyStore=${{POLICY_HOME}}/etc/ssl/policy-keystore javax.net.ssl.keyStorePassword=${{KEYSTORE_PASSWD}} +# aaf + +cadi_prop_files=config/aaf.properties + # standard logging logback.configurationFile=config/logback.xml diff --git a/policy-management/src/test/java/org/onap/policy/drools/server/restful/test/RestManagerTest.java b/policy-management/src/test/java/org/onap/policy/drools/server/restful/test/RestManagerTest.java index 68a52ade..ce34ec8a 100644 --- a/policy-management/src/test/java/org/onap/policy/drools/server/restful/test/RestManagerTest.java +++ b/policy-management/src/test/java/org/onap/policy/drools/server/restful/test/RestManagerTest.java @@ -29,14 +29,17 @@ import java.nio.file.Paths; import java.util.Properties; import org.apache.http.HttpEntity; -import org.apache.http.client.ClientProtocolException; +import org.apache.http.auth.AuthScope; +import org.apache.http.auth.UsernamePasswordCredentials; +import org.apache.http.client.CredentialsProvider; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpDelete; import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpPut; import org.apache.http.entity.StringEntity; +import org.apache.http.impl.client.BasicCredentialsProvider; import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClients; +import org.apache.http.impl.client.HttpClientBuilder; import org.apache.http.util.EntityUtils; import org.junit.AfterClass; import org.junit.BeforeClass; @@ -45,6 +48,7 @@ import org.junit.Test; import org.junit.runners.MethodSorters; import org.onap.policy.common.endpoints.event.comm.TopicEndpoint; import org.onap.policy.common.endpoints.properties.PolicyEndPointProperties; +import org.onap.policy.common.utils.network.NetworkUtil; import org.onap.policy.drools.persistence.SystemPersistence; import org.onap.policy.drools.system.PolicyController; import org.onap.policy.drools.system.PolicyEngine; @@ -53,10 +57,12 @@ import org.slf4j.LoggerFactory; @FixMethodOrder(MethodSorters.NAME_ASCENDING) public class RestManagerTest { - public static final int DEFAULT_TELEMETRY_PORT = 7887; + private static final int DEFAULT_TELEMETRY_PORT = 7887; private static final String HOST = "localhost"; private static final String REST_MANAGER_PATH = "/policy/pdp"; private static final String HOST_URL = "http://" + HOST + ":" + DEFAULT_TELEMETRY_PORT + REST_MANAGER_PATH; + private static final String TELEMETRY_USER = "x"; + private static final String TELEMETRY_PASSWORD = "y"; private static final String FOO_CONTROLLER = "foo"; private static final String UEB_TOPIC = "UEB-TOPIC-TEST"; @@ -100,7 +106,7 @@ public class RestManagerTest { * @throws IOException throws an IO exception */ @BeforeClass - public static void setUp() throws IOException { + public static void setUp() throws IOException, InterruptedException { cleanUpWorkingDirs(); SystemPersistence.manager.setConfigurationDir(null); @@ -110,6 +116,15 @@ public class RestManagerTest { engineProps.put(PolicyEndPointProperties.PROPERTY_HTTP_SERVER_SERVICES + "." + PolicyEngine.TELEMETRY_SERVER_DEFAULT_NAME + PolicyEndPointProperties.PROPERTY_HTTP_PORT_SUFFIX, "" + DEFAULT_TELEMETRY_PORT); + engineProps.put(PolicyEndPointProperties.PROPERTY_HTTP_SERVER_SERVICES + "." + + PolicyEngine.TELEMETRY_SERVER_DEFAULT_NAME + PolicyEndPointProperties.PROPERTY_HTTP_FILTER_CLASSES_SUFFIX, + TestAafTelemetryAuthFilter.class.getName()); + engineProps.put(PolicyEndPointProperties.PROPERTY_HTTP_SERVER_SERVICES + "." + + PolicyEngine.TELEMETRY_SERVER_DEFAULT_NAME + PolicyEndPointProperties.PROPERTY_HTTP_AUTH_USERNAME_SUFFIX, + TELEMETRY_USER); + engineProps.put(PolicyEndPointProperties.PROPERTY_HTTP_SERVER_SERVICES + "." + + PolicyEngine.TELEMETRY_SERVER_DEFAULT_NAME + PolicyEndPointProperties.PROPERTY_HTTP_AUTH_PASSWORD_SUFFIX, + TELEMETRY_PASSWORD); /* other properties */ engineProps.put(PolicyEndPointProperties.PROPERTY_UEB_SOURCE_TOPICS, UEB_TOPIC); @@ -132,10 +147,16 @@ public class RestManagerTest { Properties controllerProps = new Properties(); PolicyEngine.manager.createPolicyController(FOO_CONTROLLER, controllerProps); + // client = HttpClients.createDefault(); + CredentialsProvider provider = new BasicCredentialsProvider(); + UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(TELEMETRY_USER, TELEMETRY_PASSWORD); + provider.setCredentials(AuthScope.ANY, credentials); - client = HttpClients.createDefault(); - + client = HttpClientBuilder.create().setDefaultCredentialsProvider(provider).build(); + if (!NetworkUtil.isTcpPortOpen("localhost", DEFAULT_TELEMETRY_PORT, 5, 10000L)) { + throw new IllegalStateException("cannot connect to port " + DEFAULT_TELEMETRY_PORT); + } } /** @@ -157,7 +178,7 @@ public class RestManagerTest { @Test - public void putDeleteTest() throws ClientProtocolException, IOException, InterruptedException { + public void putDeleteTest() throws IOException { HttpDelete httpDelete; CloseableHttpResponse response; @@ -358,7 +379,7 @@ public class RestManagerTest { @Test - public void getTest() throws ClientProtocolException, IOException, InterruptedException { + public void getTest() throws IOException { HttpGet httpGet; CloseableHttpResponse response; @@ -854,7 +875,7 @@ public class RestManagerTest { * @param response incoming response * @return the body or null */ - public String getResponseBody(CloseableHttpResponse response) { + private String getResponseBody(CloseableHttpResponse response) { HttpEntity entity; try { diff --git a/policy-management/src/test/java/org/onap/policy/drools/server/restful/test/TestAafTelemetryAuthFilter.java b/policy-management/src/test/java/org/onap/policy/drools/server/restful/test/TestAafTelemetryAuthFilter.java new file mode 100644 index 00000000..c7d52325 --- /dev/null +++ b/policy-management/src/test/java/org/onap/policy/drools/server/restful/test/TestAafTelemetryAuthFilter.java @@ -0,0 +1,43 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP + * ================================================================================ + * Copyright (C) 2018 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.policy.drools.server.restful.test; + +import javax.servlet.http.HttpServletRequest; +import org.onap.policy.common.utils.network.NetworkUtil; +import org.onap.policy.drools.server.restful.aaf.AafTelemetryAuthFilter; + +/** + * Test AAF Telemetry Authorization Filter for Junits + */ +public class TestAafTelemetryAuthFilter extends AafTelemetryAuthFilter { + + @Override + protected String getRole(HttpServletRequest request) { + String expectedPerm = "org.onap.policy.pdpd.telemetry|" + + NetworkUtil.getHostname() + "|" + + request.getMethod().toLowerCase(); + if (!expectedPerm.equals(super.getRole(request))) { + throw new IllegalStateException("unexpected permission"); + } else { + return "user"; + } + } +} |