From 677b05aeacfd280209a07debba202eaa01ac0968 Mon Sep 17 00:00:00 2001
From: "Kotta, Shireesha (sk434m)" <shireesha.kotta@att.com>
Date: Tue, 27 Nov 2018 10:34:00 -0500
Subject: Issue-ID: PORTAL-474

System to system authorization using CADI

Change-Id: I58047d4cda3f445a223c6a12e59924db6881553a
Signed-off-by: Kotta, Shireesha (sk434m) <shireesha.kotta@att.com>
---
 ecomp-sdk/epsdk-fw/pom.xml                         |  4 +-
 .../core/onboarding/crossapi/CadiAuthFilter.java   | 46 +++++++++++++++++-----
 2 files changed, 38 insertions(+), 12 deletions(-)

diff --git a/ecomp-sdk/epsdk-fw/pom.xml b/ecomp-sdk/epsdk-fw/pom.xml
index 2a2e7721..aaf02147 100644
--- a/ecomp-sdk/epsdk-fw/pom.xml
+++ b/ecomp-sdk/epsdk-fw/pom.xml
@@ -77,7 +77,7 @@
 	<dependency>
 	<groupId>org.onap.aaf.authz</groupId>
 	<artifactId>aaf-cadi-aaf</artifactId>
-	<version>2.1.7-SNAPSHOT</version>
+	<version>2.1.7</version>
 	<exclusions>
 		<exclusion>
 			<groupId>gso</groupId>
@@ -88,7 +88,7 @@
 	<dependency>
 		<groupId>org.onap.aaf.authz</groupId>
 		<artifactId>aaf-cadi-core</artifactId>
-		<version>2.1.7-SNAPSHOT</version>
+		<version>2.1.7</version>
 	</dependency>	
 		<dependency>
 			<groupId>javax.servlet</groupId>
diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
index 8bddef85..0fdc14d2 100644
--- a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
+++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java
@@ -52,35 +52,65 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.portalsdk.core.onboarding.util.AuthUtil;
 import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
 import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
 
 public class CadiAuthFilter extends CadiFilter {
 
-	private static String inlclude_url_endpoints ="";
+	private static String include_url_endpoints ="";
+	private static String exclude_url_endpoints = "";
 	public static final String AUTHORIZATION = "Authorization";
 	
 	public void init(FilterConfig filterConfig) throws ServletException {
 		super.init(filterConfig);
-		inlclude_url_endpoints = filterConfig.getInitParameter("inlclude_url_endpoints");
+		include_url_endpoints = filterConfig.getInitParameter("include_url_endpoints");
+		exclude_url_endpoints = filterConfig.getInitParameter("exclude_url_endpoints");
 	}
 
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
 			throws IOException, ServletException {
 		
-		if (inlclude_url_endpoints.equals("") || inlclude_url_endpoints == null || inlclude_url_endpoints.isEmpty()) {
+		if (include_url_endpoints.equals("") || include_url_endpoints == null || include_url_endpoints.isEmpty()) {
 			throw new NullPointerException("inlclude_url_endpoints is null");
 		} else {
-			String includeUrlEndPointString = inlclude_url_endpoints;
+			String includeUrlEndPointString = include_url_endpoints;
+			if (exclude_url_endpoints.equals("") || exclude_url_endpoints == null || exclude_url_endpoints.isEmpty()) {
+				throw new NullPointerException("exculde_url_endpoints is null");
+			}
+			String excludeUrlEndPointString = exclude_url_endpoints;
+			ArrayList<String> excludeUrlEndPointList = new ArrayList<String>(
+					Arrays.asList(excludeUrlEndPointString.split(",")));
 			ArrayList<String> includeUrlEndPointList = new ArrayList<String>(
 					Arrays.asList(includeUrlEndPointString.split(",")));
-			if (includeFilter(request, includeUrlEndPointList)) {
+			if (excludeFilter(request, excludeUrlEndPointList))
+				chain.doFilter(request, response);
+			else if (includeFilter(request, includeUrlEndPointList))
 				super.doFilter(request, response, chain);
-			} else 
+			else
 				chain.doFilter(request, response);
 		}
 	}
 
+
+	private String getUrl(ServletRequest request) {
+		String path = "";
+		HttpServletRequest httpRequest = (HttpServletRequest) request;
+		path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1);
+		return path;
+	}
+
+	private boolean excludeFilter(ServletRequest request, ArrayList<String> excludeUrlEndPointList) {
+		boolean isUrlExcluded = false;
+		String Path = getUrl(request);
+
+		for (String str : excludeUrlEndPointList) {
+			if (!isUrlExcluded)
+				isUrlExcluded = AuthUtil.matchPattern(Path, str.substring(1));
+		}
+		return isUrlExcluded;
+	}
+
 	private boolean includeFilter(ServletRequest request, ArrayList<String> includeapisList) {
 		boolean isauthenticated = false;
 		HttpServletRequest httpRequest = (HttpServletRequest) request;
@@ -89,10 +119,6 @@ public class CadiAuthFilter extends CadiFilter {
 			return isauthenticated;
 		// TODO: refactor to have exclusion pattern
 		String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1);
-		if (path.contains("analytics")) {
-			return isauthenticated;
-		}
-		
 		for (String str : includeapisList) {
 			if (!isauthenticated)
 				isauthenticated = matchPattern(path, str);
-- 
cgit 1.2.3-korg