diff options
Diffstat (limited to 'ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java')
-rw-r--r-- | ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java | 225 |
1 files changed, 225 insertions, 0 deletions
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java new file mode 100644 index 00000000..f37af6fa --- /dev/null +++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java @@ -0,0 +1,225 @@ +/*- + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * ECOMP is a trademark and service mark of AT&T Intellectual Property. + */ +package org.onap.portalsdk.external.authorization.service; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; + +import org.json.JSONArray; +import org.json.JSONObject; +import org.onap.portalsdk.core.domain.RoleFunction; +import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; +//import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; +import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; +import org.springframework.http.HttpEntity; +import org.springframework.http.HttpHeaders; +import org.springframework.http.HttpMethod; +import org.springframework.http.ResponseEntity; +import org.springframework.web.client.RestTemplate; + +import com.fasterxml.jackson.core.JsonParseException; +import com.fasterxml.jackson.databind.JsonMappingException; +import com.fasterxml.jackson.databind.ObjectMapper; + +public class AAFRestServiceImpl implements AAFService { + + private static final String PASSCODE = "password"; + + private static final String ID = "id"; + + private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/"; + + private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/"; + + private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate"; + RestTemplate template = new RestTemplate(); + + private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AAFRestServiceImpl.class); + + @Override + public String getUser(String orgUserId, HttpServletRequest request, HttpHeaders headers) throws Exception { + + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}", + orgUserId); + String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getUserRoles: Finished GET user app roles from external auth system and body: {}", + getResponse.getBody()); + } + String userRoles = getResponse.getBody(); + return userRoles; + + } + + @Override + public ResponseEntity<String> checkUserExists(String username, String password, String appPass) throws Exception { + username = changeIfUserDomainNotAppended(username); + HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password); + String appUsername = EcompExternalAuthProperties + .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); + JSONObject credentials = new JSONObject(); + credentials.put(ID, appUsername); + credentials.put(PASSCODE, appPass); + HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers); + logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}", + username); + ResponseEntity<String> getResponse = template + .exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "checkUserExists: Finished POST from external auth system to validate credentials and status: {}", + getResponse.getStatusCode().value()); + } + return getResponse; + } + + private String changeIfUserDomainNotAppended(String username) { + if (!EcompExternalAuthUtils.validate(username)) { + username = username + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + } + return username; + } + + @Override + public List<ExternalAccessPerms> getIfUserPermsExists(String username, HttpHeaders headers) throws Exception { + + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, + "getIfUserPermsExists: Connecting to external auth system for user {}", username); + username = changeIfUserDomainNotAppended(username); + String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username; + ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint); + return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody()); + } + + private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) { + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}", + getResponse.getBody()); + } + return getResponse; + } + + private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms) + throws IOException, JsonParseException, JsonMappingException { + JSONObject userPermsJsonObj = null; + JSONArray userPermsJsonArray = null; + List<ExternalAccessPerms> extPermsList = new ArrayList<>(); + if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { + userPermsJsonObj = new JSONObject(userPerms); + userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); + for (int i = 0; i < userPermsJsonArray.length(); i++) { + JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); + if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE) + .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { + ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); + extPermsList.add(perm); + } + } + } + return extPermsList; + } + + @Override + public List<RoleFunction> getRoleFunctions(String orgUserId, HttpHeaders headers) throws Exception { + ObjectMapper mapper = new ObjectMapper(); + + HttpEntity<String> entity = new HttpEntity<>(headers); + logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}", + orgUserId); + String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId + + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); + ResponseEntity<String> getResponse = template.exchange( + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, + HttpMethod.GET, entity, String.class); + if (getResponse.getStatusCode().value() == 200) { + logger.debug(EELFLoggerDelegate.debugLogger, + "getRoleFunctions: Finished GET user perms from external system and body: {}", + getResponse.getBody()); + } + String userPerms = getResponse.getBody(); + List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms); + return convertToRoleFunctionList(extPermsList); + } + + private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) { + List<RoleFunction> roleFunctions = new ArrayList<>(); + String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); + for (ExternalAccessPerms extPerm : extPermsList) { + RoleFunction roleFunction = new RoleFunction(); + roleFunction.setCode(extPerm.getInstance()); + roleFunction.setAction(extPerm.getAction()); + if (extPerm.getDescription() != null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getDescription()); + } else if (extPerm.getDescription() == null + && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance() + + "|" + extPerm.getAction()); + } else if (extPerm.getDescription() == null + && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); + } + if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { + roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); + } else { + roleFunction.setType(extPerm.getType()); + } + roleFunctions.add(roleFunction); + } + return roleFunctions; + } + +}
\ No newline at end of file |