summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi')
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java137
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java16
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java58
3 files changed, 202 insertions, 9 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
new file mode 100644
index 00000000..8bddef85
--- /dev/null
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
@@ -0,0 +1,137 @@
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+package org.onap.portalsdk.core.onboarding.crossapi;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
+import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
+
+public class CadiAuthFilter extends CadiFilter {
+
+ private static String inlclude_url_endpoints ="";
+ public static final String AUTHORIZATION = "Authorization";
+
+ public void init(FilterConfig filterConfig) throws ServletException {
+ super.init(filterConfig);
+ inlclude_url_endpoints = filterConfig.getInitParameter("inlclude_url_endpoints");
+ }
+
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
+ throws IOException, ServletException {
+
+ if (inlclude_url_endpoints.equals("") || inlclude_url_endpoints == null || inlclude_url_endpoints.isEmpty()) {
+ throw new NullPointerException("inlclude_url_endpoints is null");
+ } else {
+ String includeUrlEndPointString = inlclude_url_endpoints;
+ ArrayList<String> includeUrlEndPointList = new ArrayList<String>(
+ Arrays.asList(includeUrlEndPointString.split(",")));
+ if (includeFilter(request, includeUrlEndPointList)) {
+ super.doFilter(request, response, chain);
+ } else
+ chain.doFilter(request, response);
+ }
+ }
+
+ private boolean includeFilter(ServletRequest request, ArrayList<String> includeapisList) {
+ boolean isauthenticated = false;
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+
+ if(httpRequest.getHeader(AUTHORIZATION) == null)
+ return isauthenticated;
+ // TODO: refactor to have exclusion pattern
+ String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1);
+ if (path.contains("analytics")) {
+ return isauthenticated;
+ }
+
+ for (String str : includeapisList) {
+ if (!isauthenticated)
+ isauthenticated = matchPattern(path, str);
+ }
+ if (isauthenticated && PortalApiProperties.getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED)
+ .equalsIgnoreCase("remote"))
+ isauthenticated = true;
+ else
+ isauthenticated = false;
+ return isauthenticated;
+ }
+
+ private boolean matchPattern(String requestedPath, String includeUrl) {
+ includeUrl = includeUrl.substring(1);
+ String[] path = requestedPath.split("/");
+ if (path.length > 1) {
+ String[] roleFunctionArray = includeUrl.split("/");
+ boolean match = true;
+ for (int i = 0; i < roleFunctionArray.length; i++) {
+ if (match) {
+ if (!roleFunctionArray[i].equals("*")) {
+ Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE);
+ Matcher m = p.matcher(roleFunctionArray[i]);
+ match = m.matches();
+ } else if (roleFunctionArray[i].equals("*")) {
+ match = true;
+ }
+
+ }
+ }
+ if (match)
+ return match;
+ } else {
+ if (requestedPath.matches(includeUrl))
+ return true;
+ else if (includeUrl.equals("*"))
+ return true;
+ }
+ return false;
+ }
+
+} \ No newline at end of file
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java
index 208e8c3d..d53c0eb6 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPICentralServiceImpl.java
@@ -51,6 +51,7 @@ import javax.servlet.http.HttpServletRequest;
import org.onap.portalsdk.core.onboarding.exception.CipherUtilException;
import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
import org.onap.portalsdk.core.onboarding.rest.RestWebServiceClient;
+import org.onap.portalsdk.core.onboarding.util.AuthUtil;
import org.onap.portalsdk.core.onboarding.util.CipherUtil;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
@@ -71,6 +72,8 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
IPortalRestCentralService portalRestCentralService;
public static final String API_VERSION = "/v4";
private static String portalApiVersion = "/v3";
+ private static final String nameSpace = PortalApiProperties
+ .getProperty(PortalApiConstants.AUTH_NAMESPACE);
public PortalRestAPICentralServiceImpl() throws ServletException {
String centralClassName = PortalApiProperties.getProperty(PortalApiConstants.PORTAL_API_IMPL_CLASS);
@@ -186,16 +189,13 @@ public class PortalRestAPICentralServiceImpl implements IPortalRestAPIService {
@Override
public boolean isAppAuthenticated(HttpServletRequest request) throws PortalAPIException {
- boolean response = false;
+ boolean accessAllowed = false;
try {
- String restUser = request.getHeader("username");
- String restPw = request.getHeader("password");
- response = restUser != null && restPw != null && restUser.equals(username) && restPw.equals(password);
- logger.debug("isAppAuthenticated: " + response);
- } catch (Exception ex) {
- throw new PortalAPIException("isAppAuthenticated failed", ex);
+ accessAllowed = AuthUtil.isAccessAllowed(request, nameSpace);
+ } catch (Exception e) {
+ logger.error(e);
}
- return response;
+ return accessAllowed;
}
@Override
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
index 1ce03146..71f66168 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/PortalRestAPIProxy.java
@@ -43,8 +43,13 @@ import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.StringWriter;
+import java.util.Arrays;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
+import java.util.Set;
+import java.util.TreeSet;
+import java.util.stream.Collectors;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
@@ -60,6 +65,7 @@ import org.onap.portalsdk.core.onboarding.rest.RestWebServiceClient;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
import org.onap.portalsdk.core.restful.domain.EcompRole;
+import org.onap.portalsdk.core.restful.domain.EcompRoleFunction;
import org.onap.portalsdk.core.restful.domain.EcompUser;
import org.owasp.esapi.ESAPI;
@@ -146,6 +152,8 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
response.getWriter().write(buildJsonResponse(false, "Misconfigured - no instance of service class"));
return;
}
+
+
String requestUri = request.getRequestURI();
String responseJson = "";
String storeAnalyticsContextPath = "/storeAnalytics";
@@ -217,6 +225,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
writeAndFlush(response, APPLICATION_JSON, buildJsonResponse(false, "Not authorized"));
return;
}
+
try {
String requestBody = readRequestBody(request);
@@ -264,6 +273,9 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
if (requestUri.endsWith(PortalApiConstants.API_PREFIX + "/user")) {
try {
EcompUser user = mapper.readValue(requestBody, EcompUser.class);
+ logger.debug("doPost: create user requestbody: "+ requestBody);
+ Set<EcompRole> userEcompRoles = getEcompRolesOfUser(user);
+ user.setRoles(userEcompRoles);
pushUser(user);
if (logger.isDebugEnabled())
logger.debug("doPost: pushUser: success");
@@ -280,6 +292,9 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
String loginId = requestUri.substring(requestUri.lastIndexOf('/') + 1);
try {
EcompUser user = mapper.readValue(requestBody, EcompUser.class);
+ logger.debug("doPost: update user requestbody: "+ requestBody);
+ Set<EcompRole> userEcompRoles = getEcompRolesOfUser(user);
+ user.setRoles(userEcompRoles);
editUser(loginId, user);
if (logger.isDebugEnabled())
logger.debug("doPost: editUser: success");
@@ -342,6 +357,7 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
buildJsonResponse(false, "Misconfigured - no instance of service class"));
return;
}
+
String requestUri = request.getRequestURI();
String contentType = APPLICATION_JSON;
@@ -413,7 +429,6 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
writeAndFlush(response, APPLICATION_JSON, buildJsonResponse(false, "Not authorized"));
return;
}
-
String responseJson = null;
try {
// Ignore any request body in a GET.
@@ -683,4 +698,45 @@ public class PortalRestAPIProxy extends HttpServlet implements IPortalRestAPISer
return portalRestApiServiceImpl.getCredentials();
}
+ private Set<EcompRole> getEcompRolesOfUser(EcompUser user) throws JsonProcessingException
+ {
+
+ Set<EcompRole> userEcompRoles = new TreeSet<>();
+ Set<EcompRole> ecompRoles = user.getRoles();
+ for (EcompRole role : ecompRoles) {
+ Set roleFunctions = role.getRoleFunctions();
+ Iterator<EcompRoleFunction> roleIter = roleFunctions.iterator();
+ ObjectMapper mapper = new ObjectMapper();
+ Set<EcompRoleFunction> EcompRoleFunctions = new TreeSet<>();
+ while (roleIter.hasNext()) {
+ String str = mapper.writeValueAsString(roleIter.next());
+
+ String str1 = str.substring(1, str.length() - 1);
+ Map<String, String> result = Arrays.stream(str1.split(",")).map(s -> s.split(":"))
+ .collect(Collectors.toMap(a -> a[0], // key
+ a -> a[1] // value
+ ));
+
+ EcompRoleFunction roleFunction = new EcompRoleFunction();
+ for (Map.Entry<String, String> set : result.entrySet()) {
+ String key = set.getKey().replaceAll("\"", " ").trim();
+ if (!key.isEmpty() && key.equalsIgnoreCase("action")) {
+ roleFunction.setAction(set.getValue().replaceAll("\"", " ").trim());
+ } else if (!key.isEmpty() && key.equalsIgnoreCase("type")) {
+ roleFunction.setType(set.getValue().replaceAll("\"", " ").trim());
+
+ } else if (!key.isEmpty() && key.equalsIgnoreCase("code")) {
+ roleFunction.setCode(set.getValue().replaceAll("\"", " ").trim());
+
+ } else if (!key.isEmpty() && key.equalsIgnoreCase("name")) {
+ roleFunction.setName(set.getValue().replaceAll("\"", " ").trim());
+ }
+ }
+ EcompRoleFunctions.add(roleFunction);
+ }
+ role.setRoleFunctions(EcompRoleFunctions);
+ userEcompRoles.add(role);
+ }
+ return userEcompRoles;
+ }
}