summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java')
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java137
1 files changed, 137 insertions, 0 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
new file mode 100644
index 00000000..8bddef85
--- /dev/null
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
@@ -0,0 +1,137 @@
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+package org.onap.portalsdk.core.onboarding.crossapi;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
+import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
+
+public class CadiAuthFilter extends CadiFilter {
+
+ private static String inlclude_url_endpoints ="";
+ public static final String AUTHORIZATION = "Authorization";
+
+ public void init(FilterConfig filterConfig) throws ServletException {
+ super.init(filterConfig);
+ inlclude_url_endpoints = filterConfig.getInitParameter("inlclude_url_endpoints");
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+
+ if (inlclude_url_endpoints.equals("") || inlclude_url_endpoints == null || inlclude_url_endpoints.isEmpty()) {
+ throw new NullPointerException("inlclude_url_endpoints is null");
+ } else {
+ String includeUrlEndPointString = inlclude_url_endpoints;
+ ArrayList<String> includeUrlEndPointList = new ArrayList<String>(
+ Arrays.asList(includeUrlEndPointString.split(",")));
+ if (includeFilter(request, includeUrlEndPointList)) {
+ super.doFilter(request, response, chain);
+ } else
+ chain.doFilter(request, response);
+ }
+ }
+
+ private boolean includeFilter(ServletRequest request, ArrayList<String> includeapisList) {
+ boolean isauthenticated = false;
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+
+ if(httpRequest.getHeader(AUTHORIZATION) == null)
+ return isauthenticated;
+ // TODO: refactor to have exclusion pattern
+ String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1);
+ if (path.contains("analytics")) {
+ return isauthenticated;
+ }
+
+ for (String str : includeapisList) {
+ if (!isauthenticated)
+ isauthenticated = matchPattern(path, str);
+ }
+ if (isauthenticated && PortalApiProperties.getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED)
+ .equalsIgnoreCase("remote"))
+ isauthenticated = true;
+ else
+ isauthenticated = false;
+ return isauthenticated;
+ }
+
+ private boolean matchPattern(String requestedPath, String includeUrl) {
+ includeUrl = includeUrl.substring(1);
+ String[] path = requestedPath.split("/");
+ if (path.length > 1) {
+ String[] roleFunctionArray = includeUrl.split("/");
+ boolean match = true;
+ for (int i = 0; i < roleFunctionArray.length; i++) {
+ if (match) {
+ if (!roleFunctionArray[i].equals("*")) {
+ Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE);
+ Matcher m = p.matcher(roleFunctionArray[i]);
+ match = m.matches();
+ } else if (roleFunctionArray[i].equals("*")) {
+ match = true;
+ }
+
+ }
+ }
+ if (match)
+ return match;
+ } else {
+ if (requestedPath.matches(includeUrl))
+ return true;
+ else if (includeUrl.equals("*"))
+ return true;
+ }
+ return false;
+ }
+
+} \ No newline at end of file