summaryrefslogtreecommitdiffstats
path: root/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java
diff options
context:
space:
mode:
Diffstat (limited to 'ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java')
-rw-r--r--ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java182
1 files changed, 1 insertions, 181 deletions
diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java
index c29e17637..8a59ec603 100644
--- a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java
+++ b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java
@@ -2,7 +2,7 @@
* ============LICENSE_START=======================================================
* ONAP-REST
* ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -20,77 +20,8 @@
package org.onap.policy.rest;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
-import org.onap.policy.common.logging.eelf.MessageCodes;
-import org.onap.policy.common.logging.eelf.PolicyLogger;
-import org.onap.policy.rest.jpa.UserInfo;
-import org.onap.policy.xacml.api.XACMLErrorConstants;
-
-import com.att.research.xacml.api.DataTypeException;
-import com.att.research.xacml.api.Decision;
-import com.att.research.xacml.api.Request;
-import com.att.research.xacml.api.Response;
-import com.att.research.xacml.api.Result;
-import com.att.research.xacml.api.pdp.PDPEngine;
-import com.att.research.xacml.api.pdp.PDPEngineFactory;
-import com.att.research.xacml.api.pdp.PDPException;
-import com.att.research.xacml.std.annotations.RequestParser;
-import com.att.research.xacml.std.annotations.XACMLAction;
-import com.att.research.xacml.std.annotations.XACMLRequest;
-import com.att.research.xacml.std.annotations.XACMLResource;
-import com.att.research.xacml.std.annotations.XACMLSubject;
-import com.att.research.xacml.util.FactoryException;
-
-
-
public class XacmlAdminAuthorization {
- private static Log logger = LogFactory.getLog(XacmlAdminAuthorization.class);
-
- private static UserInfo userId;
- public static UserInfo getUserId() {
- return userId;
- }
-
- public static void setUserId(UserInfo userId) {
- XacmlAdminAuthorization.userId = userId;
- }
- public enum AdminAction {
- ACTION_ACCESS("access"),
- ACTION_READ("read"),
- ACTION_WRITE("write"),
- ACTION_ADMIN("admin");
-
- String action;
- AdminAction(String a) {
- this.action = a;
- }
- @Override
- public String toString() {
- return this.action;
- }
- }
-
- public enum AdminResource {
- RESOURCE_APPLICATION("application"),
- RESOURCE_POLICY_WORKSPACE("workspace"),
- RESOURCE_POLICY_EDITOR("editor"),
- RESOURCE_DICTIONARIES("dictionaries"),
- RESOURCE_PDP_ADMIN("pdp_admin"),
- RESOURCE_PIP_ADMIN("pip_admin"),
- RESOURCE_SCOPES_SUPERADMIN("manage_scopes");
-
- String resource;
- AdminResource(String r) {
- this.resource = r;
- }
- @Override
- public String toString() {
- return this.resource;
- }
- }
-
public enum Role {
ROLE_GUEST("guest"),
ROLE_ADMIN("admin"),
@@ -109,115 +40,4 @@ public class XacmlAdminAuthorization {
return this.userRole;
}
}
-
- @XACMLRequest(ReturnPolicyIdList=true)
- public class AuthorizationRequest {
-
- @XACMLSubject(includeInResults=true)
- String userID;
-
- @XACMLAction()
- String action;
-
- @XACMLResource()
- String resource;
-
- public AuthorizationRequest(String userId, String action, String resource) {
- this.userID = userId;
- this.action = action;
- this.resource = resource;
- }
-
- public String getUserID() {
- return userID;
- }
-
- public void setUserID(String userID) {
- this.userID = userID;
- }
-
- public String getAction() {
- return action;
- }
-
- public void setAction(String action) {
- this.action = action;
- }
-
- public String getResource() {
- return resource;
- }
-
- public void setResource(String resource) {
- this.resource = resource;
- }
- }
-
- //
- // The PDP Engine
- //
- protected PDPEngine pdpEngine;
-
- public XacmlAdminAuthorization() {
- PDPEngineFactory pdpEngineFactory = null;
- try {
- pdpEngineFactory = PDPEngineFactory.newInstance();
- if (pdpEngineFactory == null) {
- logger.error("Failed to create PDP Engine Factory");
- PolicyLogger.error("Failed to create PDP Engine Factory");
- }
- this.pdpEngine = pdpEngineFactory.newEngine();
- } catch (FactoryException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine");
- }
- }
-
- public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) {
- logger.info("authorize: " + userid + " to " + action + " with " + resource);
- if (this.pdpEngine == null) {
- logger.warn("no pdp engine available to authorize");
- return false;
- }
- Request request;
- try {
- request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
- } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request");
- return false;
- }
- if (request == null) {
- logger.error("Failed to parse request.");
- PolicyLogger.error("Failed to parse request");
- return false;
- }
- logger.info("Request: " + request);
- //
- // Ask the engine
- //
- try {
- Response response = this.pdpEngine.decide(request);
- if (response == null) {
- logger.error("Null response from PDP decide");
- PolicyLogger.error("Null response from PDP decide");
- }
- //
- // Should only be one result
- //
- if(response != null){
- for (Result result : response.getResults()) {
- Decision decision = result.getDecision();
- logger.info("Decision: " + decision);
- if (decision.equals(Decision.PERMIT)) {
- return true;
- }
- }
- }
- } catch (PDPException e) {
- logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage());
- PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed");
- }
- return false;
- }
}