diff options
Diffstat (limited to 'ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java')
-rw-r--r-- | ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java | 220 |
1 files changed, 0 insertions, 220 deletions
diff --git a/ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java b/ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java deleted file mode 100644 index 9a2dbdbdb..000000000 --- a/ECOMP-REST/src/main/java/org/openecomp/policy/rest/XacmlAdminAuthorization.java +++ /dev/null @@ -1,220 +0,0 @@ -/*- - * ============LICENSE_START======================================================= - * ECOMP-REST - * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. - * ================================================================================ - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * ============LICENSE_END========================================================= - */ - -package org.openecomp.policy.rest; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.openecomp.policy.common.logging.eelf.MessageCodes; -import org.openecomp.policy.common.logging.eelf.PolicyLogger; -import org.openecomp.policy.rest.jpa.UserInfo; -import org.openecomp.policy.xacml.api.XACMLErrorConstants; - -import com.att.research.xacml.api.DataTypeException; -import com.att.research.xacml.api.Decision; -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.Result; -import com.att.research.xacml.api.pdp.PDPEngine; -import com.att.research.xacml.api.pdp.PDPEngineFactory; -import com.att.research.xacml.api.pdp.PDPException; -import com.att.research.xacml.std.annotations.RequestParser; -import com.att.research.xacml.std.annotations.XACMLAction; -import com.att.research.xacml.std.annotations.XACMLRequest; -import com.att.research.xacml.std.annotations.XACMLResource; -import com.att.research.xacml.std.annotations.XACMLSubject; -import com.att.research.xacml.util.FactoryException; - - - -public class XacmlAdminAuthorization { - private static Log logger = LogFactory.getLog(XacmlAdminAuthorization.class); - - private static UserInfo userId; - public static UserInfo getUserId() { - return userId; - } - - public void setUserId(UserInfo userId) { - XacmlAdminAuthorization.userId = userId; - } - - public enum AdminAction { - ACTION_ACCESS("access"), - ACTION_READ("read"), - ACTION_WRITE("write"), - ACTION_ADMIN("admin"); - - String action; - AdminAction(String a) { - this.action = a; - } - public String toString() { - return this.action; - } - } - - public enum AdminResource { - RESOURCE_APPLICATION("application"), - RESOURCE_POLICY_WORKSPACE("workspace"), - RESOURCE_POLICY_EDITOR("editor"), - RESOURCE_DICTIONARIES("dictionaries"), - RESOURCE_PDP_ADMIN("pdp_admin"), - RESOURCE_PIP_ADMIN("pip_admin"), - RESOURCE_SCOPES_SUPERADMIN("manage_scopes"); - - String resource; - AdminResource(String r) { - this.resource = r; - } - public String toString() { - return this.resource; - } - } - - public enum Role { - ROLE_GUEST("guest"), - ROLE_ADMIN("admin"), - ROLE_EDITOR("editor"), - ROLE_SUPERGUEST("super-guest"), - ROLE_SUPEREDITOR("super-editor"), - ROLE_SUPERADMIN("super-admin"); - - String userRole; - - Role(String a) { - this.userRole = a; - } - public String toString() { - return this.userRole; - } - } - - @XACMLRequest(ReturnPolicyIdList=true) - public class AuthorizationRequest { - - @XACMLSubject(includeInResults=true) - String userID; - - @XACMLAction() - String action; - - @XACMLResource() - String resource; - - public AuthorizationRequest(String userId, String action, String resource) { - this.userID = userId; - this.action = action; - this.resource = resource; - } - - public String getUserID() { - return userID; - } - - public void setUserID(String userID) { - this.userID = userID; - } - - public String getAction() { - return action; - } - - public void setAction(String action) { - this.action = action; - } - - public String getResource() { - return resource; - } - - public void setResource(String resource) { - this.resource = resource; - } - } - - // - // The PDP Engine - // - protected PDPEngine pdpEngine; - - public XacmlAdminAuthorization() { - PDPEngineFactory pdpEngineFactory = null; - try { - pdpEngineFactory = PDPEngineFactory.newInstance(); - if (pdpEngineFactory == null) { - logger.error("Failed to create PDP Engine Factory"); - PolicyLogger.error("Failed to create PDP Engine Factory"); - } - this.pdpEngine = pdpEngineFactory.newEngine(); - } catch (FactoryException e) { - logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage()); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine"); - } - } - - public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) { - logger.info("authorize: " + userid + " to " + action + " with " + resource); - if (this.pdpEngine == null) { - logger.warn("no pdp engine available to authorize"); - return false; - } - Request request; - try { - request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString())); - } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) { - logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage()); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request"); - return false; - } - if (request == null) { - logger.error("Failed to parse request."); - PolicyLogger.error("Failed to parse request"); - return false; - } - logger.info("Request: " + request); - // - // Ask the engine - // - try { - Response response = this.pdpEngine.decide(request); - if (response == null) { - logger.error("Null response from PDP decide"); - PolicyLogger.error("Null response from PDP decide"); - } - // - // Should only be one result - // - if(response != null){ - for (Result result : response.getResults()) { - Decision decision = result.getDecision(); - logger.info("Decision: " + decision); - if (decision.equals(Decision.PERMIT)) { - return true; - } - } - } - } catch (PDPException e) { - logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage()); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed"); - } - return false; - } -} |