summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java')
-rw-r--r--ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java225
1 files changed, 225 insertions, 0 deletions
diff --git a/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java
new file mode 100644
index 00000000..f37af6fa
--- /dev/null
+++ b/ecomp-sdk/epsdk-aaf/src/main/java/org/onap/portalsdk/external/authorization/service/AAFRestServiceImpl.java
@@ -0,0 +1,225 @@
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.portalsdk.external.authorization.service;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.json.JSONArray;
+import org.json.JSONObject;
+import org.onap.portalsdk.core.domain.RoleFunction;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms;
+//import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties;
+import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.RestTemplate;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.databind.JsonMappingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class AAFRestServiceImpl implements AAFService {
+
+ private static final String PASSCODE = "password";
+
+ private static final String ID = "id";
+
+ private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/";
+
+ private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/";
+
+ private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate";
+ RestTemplate template = new RestTemplate();
+
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AAFRestServiceImpl.class);
+
+ @Override
+ public String getUser(String orgUserId, HttpServletRequest request, HttpHeaders headers) throws Exception {
+
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}",
+ orgUserId);
+ String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId
+ + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
+ ResponseEntity<String> getResponse = template.exchange(
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+ HttpMethod.GET, entity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getUserRoles: Finished GET user app roles from external auth system and body: {}",
+ getResponse.getBody());
+ }
+ String userRoles = getResponse.getBody();
+ return userRoles;
+
+ }
+
+ @Override
+ public ResponseEntity<String> checkUserExists(String username, String password, String appPass) throws Exception {
+ username = changeIfUserDomainNotAppended(username);
+ HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password);
+ String appUsername = EcompExternalAuthProperties
+ .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
+ JSONObject credentials = new JSONObject();
+ credentials.put(ID, appUsername);
+ credentials.put(PASSCODE, appPass);
+ HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}",
+ username);
+ ResponseEntity<String> getResponse = template
+ .exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL)
+ + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "checkUserExists: Finished POST from external auth system to validate credentials and status: {}",
+ getResponse.getStatusCode().value());
+ }
+ return getResponse;
+ }
+
+ private String changeIfUserDomainNotAppended(String username) {
+ if (!EcompExternalAuthUtils.validate(username)) {
+ username = username
+ + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
+ }
+ return username;
+ }
+
+ @Override
+ public List<ExternalAccessPerms> getIfUserPermsExists(String username, HttpHeaders headers) throws Exception {
+
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getIfUserPermsExists: Connecting to external auth system for user {}", username);
+ username = changeIfUserDomainNotAppended(username);
+ String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username;
+ ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint);
+ return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody());
+ }
+
+ private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) {
+ ResponseEntity<String> getResponse = template.exchange(
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+ HttpMethod.GET, entity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}",
+ getResponse.getBody());
+ }
+ return getResponse;
+ }
+
+ private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms)
+ throws IOException, JsonParseException, JsonMappingException {
+ JSONObject userPermsJsonObj = null;
+ JSONArray userPermsJsonArray = null;
+ List<ExternalAccessPerms> extPermsList = new ArrayList<>();
+ if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
+ userPermsJsonObj = new JSONObject(userPerms);
+ userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD);
+ for (int i = 0; i < userPermsJsonArray.length(); i++) {
+ JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i);
+ if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE)
+ .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) {
+ ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class);
+ extPermsList.add(perm);
+ }
+ }
+ }
+ return extPermsList;
+ }
+
+ @Override
+ public List<RoleFunction> getRoleFunctions(String orgUserId, HttpHeaders headers) throws Exception {
+ ObjectMapper mapper = new ObjectMapper();
+
+ HttpEntity<String> entity = new HttpEntity<>(headers);
+ logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}",
+ orgUserId);
+ String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId
+ + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
+ ResponseEntity<String> getResponse = template.exchange(
+ EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
+ HttpMethod.GET, entity, String.class);
+ if (getResponse.getStatusCode().value() == 200) {
+ logger.debug(EELFLoggerDelegate.debugLogger,
+ "getRoleFunctions: Finished GET user perms from external system and body: {}",
+ getResponse.getBody());
+ }
+ String userPerms = getResponse.getBody();
+ List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms);
+ return convertToRoleFunctionList(extPermsList);
+ }
+
+ private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) {
+ List<RoleFunction> roleFunctions = new ArrayList<>();
+ String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
+ for (ExternalAccessPerms extPerm : extPermsList) {
+ RoleFunction roleFunction = new RoleFunction();
+ roleFunction.setCode(extPerm.getInstance());
+ roleFunction.setAction(extPerm.getAction());
+ if (extPerm.getDescription() != null
+ && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getDescription());
+ } else if (extPerm.getDescription() == null
+ && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance()
+ + "|" + extPerm.getAction());
+ } else if (extPerm.getDescription() == null
+ && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction());
+ }
+ if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
+ roleFunction.setType(extPerm.getType().substring(namespace.length() + 1));
+ } else {
+ roleFunction.setType(extPerm.getType());
+ }
+ roleFunctions.add(roleFunction);
+ }
+ return roleFunctions;
+ }
+
+} \ No newline at end of file