aboutsummaryrefslogtreecommitdiffstats
path: root/ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java
diff options
context:
space:
mode:
Diffstat (limited to 'ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java')
-rw-r--r--ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java220
1 files changed, 0 insertions, 220 deletions
diff --git a/ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java b/ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java
deleted file mode 100644
index 9a2dbdbdb..000000000
--- a/ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java
+++ /dev/null
@@ -1,220 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ECOMP-REST
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.openecomp.policy.rest;
-
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.openecomp.policy.common.logging.eelf.MessageCodes;
-import org.openecomp.policy.common.logging.eelf.PolicyLogger;
-import org.openecomp.policy.rest.jpa.UserInfo;
-import org.openecomp.policy.xacml.api.XACMLErrorConstants;
-
-import com.att.research.xacml.api.DataTypeException;
-import com.att.research.xacml.api.Decision;
-import com.att.research.xacml.api.Request;
-import com.att.research.xacml.api.Response;
-import com.att.research.xacml.api.Result;
-import com.att.research.xacml.api.pdp.PDPEngine;
-import com.att.research.xacml.api.pdp.PDPEngineFactory;
-import com.att.research.xacml.api.pdp.PDPException;
-import com.att.research.xacml.std.annotations.RequestParser;
-import com.att.research.xacml.std.annotations.XACMLAction;
-import com.att.research.xacml.std.annotations.XACMLRequest;
-import com.att.research.xacml.std.annotations.XACMLResource;
-import com.att.research.xacml.std.annotations.XACMLSubject;
-import com.att.research.xacml.util.FactoryException;
-
-
-
-public class XacmlAdminAuthorization {
- private static Log logger = LogFactory.getLog(XacmlAdminAuthorization.class);
-
- private static UserInfo userId;
- public static UserInfo getUserId() {
- return userId;
- }
-
- public void setUserId(UserInfo userId) {
- XacmlAdminAuthorization.userId = userId;
- }
-
- public enum AdminAction {
- ACTION_ACCESS("access"),
- ACTION_READ("read"),
- ACTION_WRITE("write"),
- ACTION_ADMIN("admin");
-
- String action;
- AdminAction(String a) {
- this.action = a;
- }
- public String toString() {
- return this.action;
- }
- }
-
- public enum AdminResource {
- RESOURCE_APPLICATION("application"),
- RESOURCE_POLICY_WORKSPACE("workspace"),
- RESOURCE_POLICY_EDITOR("editor"),
- RESOURCE_DICTIONARIES("dictionaries"),
- RESOURCE_PDP_ADMIN("pdp_admin"),
- RESOURCE_PIP_ADMIN("pip_admin"),
- RESOURCE_SCOPES_SUPERADMIN("manage_scopes");
-
- String resource;
- AdminResource(String r) {
- this.resource = r;
- }
- public String toString() {
- return this.resource;
- }
- }
-
- public enum Role {
- ROLE_GUEST("guest"),
- ROLE_ADMIN("admin"),
- ROLE_EDITOR("editor"),
- ROLE_SUPERGUEST("super-guest"),
- ROLE_SUPEREDITOR("super-editor"),
- ROLE_SUPERADMIN("super-admin");
-
- String userRole;
-
- Role(String a) {
- this.userRole = a;
- }
- public String toString() {
- return this.userRole;
- }
- }
-
- @XACMLRequest(ReturnPolicyIdList=true)
- public class AuthorizationRequest {
-
- @XACMLSubject(includeInResults=true)
- String userID;
-
- @XACMLAction()
- String action;
-
- @XACMLResource()
- String resource;
-
- public AuthorizationRequest(String userId, String action, String resource) {
- this.userID = userId;
- this.action = action;
- this.resource = resource;
- }
-
- public String getUserID() {
- return userID;
- }
-
- public void setUserID(String userID) {
- this.userID = userID;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public String getResource() {
- return resource;
- }
-
- public void setResource(String resource) {
- this.resource = resource;
- }
- }
-
- //
- // The PDP Engine
- //
- protected PDPEngine pdpEngine;
-
- public XacmlAdminAuthorization() {
- PDPEngineFactory pdpEngineFactory = null;
- try {
- pdpEngineFactory = PDPEngineFactory.newInstance();
- if (pdpEngineFactory == null) {
- logger.error("Failed to create PDP Engine Factory");
- PolicyLogger.error("Failed to create PDP Engine Factory");
- }
- this.pdpEngine = pdpEngineFactory.newEngine();
- } catch (FactoryException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine");
- }
- }
-
- public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) {
- logger.info("authorize: " + userid + " to " + action + " with " + resource);
- if (this.pdpEngine == null) {
- logger.warn("no pdp engine available to authorize");
- return false;
- }
- Request request;
- try {
- request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
- } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request");
- return false;
- }
- if (request == null) {
- logger.error("Failed to parse request.");
- PolicyLogger.error("Failed to parse request");
- return false;
- }
- logger.info("Request: " + request);
- //
- // Ask the engine
- //
- try {
- Response response = this.pdpEngine.decide(request);
- if (response == null) {
- logger.error("Null response from PDP decide");
- PolicyLogger.error("Null response from PDP decide");
- }
- //
- // Should only be one result
- //
- if(response != null){
- for (Result result : response.getResults()) {
- Decision decision = result.getDecision();
- logger.info("Decision: " + decision);
- if (decision.equals(Decision.PERMIT)) {
- return true;
- }
- }
- }
- } catch (PDPException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed");
- }
- return false;
- }
-}