1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
/*-
* ============LICENSE_START=======================================================
* ECOMP-PAP-REST
* ================================================================================
* Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* ============LICENSE_END=========================================================
*/
package org.openecomp.policy.pap.xacml.restAuth;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.openecomp.policy.pap.xacml.rest.XACMLPapServlet;
/**
* Servlet Filter implementation class PAPAuthenticationFilter
*/
@WebFilter("/*")
public class PAPAuthenticationFilter implements Filter {
private static final Log logger = LogFactory.getLog(PAPAuthenticationFilter.class);
public static final String AUTHENTICATION_HEADER = "Authorization";
@Override
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain filter) throws IOException, ServletException {
if (request instanceof HttpServletRequest) {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
String authCredentials = null;
String url = httpServletRequest.getRequestURI();
logger.info("Request URI: " + url);
System.out.println("Request URI: " + url);
//getting authentication credentials
if(url.contains("@Auth@")){
int authIndex = url.lastIndexOf("@");
int endAuthIndex = url.indexOf("/ecomp");
authCredentials = "Basic " + url.substring(authIndex+1, endAuthIndex);
//parse the url for /pap/ecomp/
String url1 = url.substring(0, 4);
String url2 = url.substring(endAuthIndex, url.length());
url = url1 + url2;
} else {
authCredentials = httpServletRequest.getHeader(AUTHENTICATION_HEADER);
}
// Check Authentication credentials
AuthenticationService authenticationService = new AuthenticationService();
boolean authenticationStatus = authenticationService.authenticate(authCredentials);
if (authenticationStatus) {
//indicates the request comes from Traditional Admin Console or PolicyEngineAPI
if (url.equals("/pap/")){
logger.info("Request comes from Traditional Admin Console or PolicyEngineAPI");
//forward request to the XACMLPAPServlet if authenticated
request.getRequestDispatcher("/pap/pap/").forward(request, response);
}else if (url.startsWith("/pap/ecomp/")){
//indicates the request comes from the ECOMP Portal ecomp-sdk-app
if(response instanceof HttpServletResponse) {
HttpServletResponse alteredResponse = ((HttpServletResponse)response);
addCorsHeader(alteredResponse);
logger.info("Request comes from Ecomp Portal");
//Spring dispatcher servlet is at the end of the filter chain at /pap/ecomp/ path
System.out.println("New Request URI: " + url);
//request.getRequestDispatcher(url).forward(request, alteredResponse);
filter.doFilter(request, response);
}
}
} else {
if (response instanceof HttpServletResponse) {
HttpServletResponse httpServletResponse = (HttpServletResponse) response;
httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
}
}
}
}
//method to add CorsHeaders for ecomp portal rest call
private void addCorsHeader(HttpServletResponse response) {
logger.info("Adding Cors Response Headers!!!");
response.addHeader("Access-Control-Allow-Origin", "*");
response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
response.addHeader("Access-Control-Max-Age", "1728000");
}
@Override
public void destroy() {
}
@Override
public void init(FilterConfig arg0) throws ServletException {
}
}
|
