summaryrefslogtreecommitdiffstats
path: root/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/AuthUtil.java
diff options
context:
space:
mode:
Diffstat (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/AuthUtil.java')
-rw-r--r--ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/AuthUtil.java190
1 files changed, 190 insertions, 0 deletions
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/AuthUtil.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/AuthUtil.java
new file mode 100644
index 00000000..a7aa6765
--- /dev/null
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/util/AuthUtil.java
@@ -0,0 +1,190 @@
+/*
+ * ============LICENSE_START==========================================
+ * ONAP Portal SDK
+ * ===================================================================
+ * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+package org.onap.portalsdk.core.onboarding.util;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+import java.util.stream.Collectors;
+
+import javax.servlet.http.HttpServletRequest;
+
+import org.apache.commons.codec.DecoderException;
+import org.apache.commons.codec.binary.Hex;
+import org.onap.aaf.cadi.CadiWrap;
+import org.onap.aaf.cadi.Permission;
+import org.onap.aaf.cadi.aaf.AAFPermission;
+import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
+import org.onap.portalsdk.core.onboarding.exception.PortalAPIException;
+
+public class AuthUtil {
+
+ private static final String decodeValueOfForwardSlash = "2f";
+ private static final String decodeValueOfHyphen = "2d";
+ private static final String decodeValueOfAsterisk = "2a";
+ private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AuthUtil.class);
+
+ /*
+ * This method compares the portalApiPath against the urlPattern; splits the
+ * portalApiPath by "/" and compares each part with that of the urlPattern.
+ *
+ * Example: "xyz/1/abc" matches with the pattern "xyz/* /abc" but not with
+ * "xyz/*"
+ *
+ */
+ public static Boolean matchPattern(String portalApiPath, String urlPattern) {
+ String[] path = portalApiPath.split("/");
+ if (path.length > 1) {
+
+ String[] roleFunctionArray = urlPattern.split("/");
+ boolean match = true;
+ if (roleFunctionArray.length == path.length) {
+ for (int i = 0; i < roleFunctionArray.length; i++) {
+ if (match) {
+ if (!roleFunctionArray[i].equals("*")) {
+ Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE);
+ Matcher m = p.matcher(roleFunctionArray[i]);
+ match = m.matches();
+
+ }
+ }
+ }
+ if (match)
+ return match;
+ }
+ } else {
+ if (portalApiPath.matches(urlPattern))
+ return true;
+ else if (urlPattern.equals("*"))
+ return true;
+
+ }
+ return false;
+ }
+ /**
+ *
+ * @param request
+ * @return returns list of AAFPermission of the requested MechId for all the namespaces
+ */
+ public static List<AAFPermission> getAAFPermissions(HttpServletRequest request) {
+ CadiWrap wrapReq = (CadiWrap) request;
+ List<Permission> perms = wrapReq.getPermissions(wrapReq.getUserPrincipal());
+ List<AAFPermission> aafPermsList = new ArrayList<>();
+ for (Permission perm : perms) {
+ AAFPermission aafPerm = (AAFPermission) perm;
+ aafPermsList.add(aafPerm);
+ }
+ return aafPermsList;
+ }
+
+ /**
+ *
+ * @param request
+ * @return returns list of AAFPermission for the specific namespace
+ */
+ public static List<AAFPermission> getNameSpacesAAFPermissions(String nameSpace,
+ List<AAFPermission> allPermissionsList) {
+ String type = nameSpace + ".url";
+ allPermissionsList.removeIf(perm -> (!perm.getType().equals(type)));
+ return allPermissionsList;
+ }
+ /**
+ *
+ * @param permsList
+ * @return returns the list of instaces of namespace
+ * @throws PortalAPIException
+ */
+ public static List<String> getAllInstances(List<AAFPermission> permsList) throws PortalAPIException {
+ List<String> instanceList = permsList.stream().map(AAFPermission::getInstance).collect(Collectors.toList());
+
+ List<String> finalInstanceList = new ArrayList<>();
+ for (String instance : instanceList) {
+ String str = "";
+ if (instance.equals("*"))
+ str = instance;
+ else
+ str = decodeFunctionCode(instance);
+ finalInstanceList.add(str);
+ }
+ return finalInstanceList;
+ }
+
+ public static String decodeFunctionCode(String str) throws PortalAPIException {
+ String decodedString = str;
+ List<Pattern> decodingList = new ArrayList<>();
+ decodingList.add(Pattern.compile(decodeValueOfForwardSlash));
+ decodingList.add(Pattern.compile(decodeValueOfHyphen));
+ decodingList.add(Pattern.compile(decodeValueOfAsterisk));
+ for (Pattern xssInputPattern : decodingList) {
+ try {
+ decodedString = decodedString.replaceAll("%" + xssInputPattern,
+ new String(Hex.decodeHex(xssInputPattern.toString().toCharArray())));
+ } catch (DecoderException e) {
+ logger.error(EELFLoggerDelegate.errorLogger, "Decode Failed! for instance: "+ str);
+ throw new PortalAPIException("decode failed", e);
+ }
+ }
+
+ return decodedString;
+ }
+
+ /**
+ *
+ * @param request
+ * @param nameSpace application namespace
+ * @return boolean value if the access is allowed
+ * @throws PortalAPIException
+ */
+ public static boolean isAccessAllowed(HttpServletRequest request, String nameSpace) throws PortalAPIException {
+ List<AAFPermission> aafPermsList = getAAFPermissions(request);
+ logger.debug(EELFLoggerDelegate.debugLogger, "Application nameSpace: "+ nameSpace);
+ if (nameSpace.isEmpty()) {
+ throw new PortalAPIException("NameSpace not Declared!");
+ }
+ List<AAFPermission> aafPermsFinalList = getNameSpacesAAFPermissions(nameSpace, aafPermsList);
+ List<String> finalInstanceList = getAllInstances(aafPermsFinalList);
+ String requestUri = request.getRequestURI().substring(request.getContextPath().length() + 1);
+ boolean isauthorized = false;
+ for (String str : finalInstanceList) {
+ if (!isauthorized)
+ isauthorized = matchPattern(requestUri, str);
+ }
+ return isauthorized;
+ }
+} \ No newline at end of file