From 7246eabfd23d6cadc9f658f666df62b93f30ed70 Mon Sep 17 00:00:00 2001 From: st782s Date: Tue, 20 Nov 2018 07:31:32 -0500 Subject: CADI Integration Issue-ID: PORTAL-474 System to system authorization using CADI Change-Id: I76487f8155a36fca8283669fe5e28ec7d5aec91d Signed-off-by: st782s --- .../core/onboarding/crossapi/CadiAuthFilter.java | 137 +++++++++++++++++++++ 1 file changed, 137 insertions(+) create mode 100644 ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java (limited to 'ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java') diff --git a/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java new file mode 100644 index 00000000..8bddef85 --- /dev/null +++ b/ecomp-sdk/epsdk-fw/src/main/java/org/onap/portalsdk/core/onboarding/crossapi/CadiAuthFilter.java @@ -0,0 +1,137 @@ +/* + * ============LICENSE_START========================================== + * ONAP Portal SDK + * =================================================================== + * Copyright © 2017 AT&T Intellectual Property. All rights reserved. + * =================================================================== + * + * Unless otherwise specified, all software contained herein is licensed + * under the Apache License, Version 2.0 (the "License"); + * you may not use this software except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Unless otherwise specified, all documentation contained herein is licensed + * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); + * you may not use this documentation except in compliance with the License. + * You may obtain a copy of the License at + * + * https://creativecommons.org/licenses/by/4.0/ + * + * Unless required by applicable law or agreed to in writing, documentation + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * ============LICENSE_END============================================ + * + * + */ +package org.onap.portalsdk.core.onboarding.crossapi; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.regex.Matcher; +import java.util.regex.Pattern; + +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.onap.aaf.cadi.filter.CadiFilter; +import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; +import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; + +public class CadiAuthFilter extends CadiFilter { + + private static String inlclude_url_endpoints =""; + public static final String AUTHORIZATION = "Authorization"; + + public void init(FilterConfig filterConfig) throws ServletException { + super.init(filterConfig); + inlclude_url_endpoints = filterConfig.getInitParameter("inlclude_url_endpoints"); + } + + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) + throws IOException, ServletException { + + if (inlclude_url_endpoints.equals("") || inlclude_url_endpoints == null || inlclude_url_endpoints.isEmpty()) { + throw new NullPointerException("inlclude_url_endpoints is null"); + } else { + String includeUrlEndPointString = inlclude_url_endpoints; + ArrayList includeUrlEndPointList = new ArrayList( + Arrays.asList(includeUrlEndPointString.split(","))); + if (includeFilter(request, includeUrlEndPointList)) { + super.doFilter(request, response, chain); + } else + chain.doFilter(request, response); + } + } + + private boolean includeFilter(ServletRequest request, ArrayList includeapisList) { + boolean isauthenticated = false; + HttpServletRequest httpRequest = (HttpServletRequest) request; + + if(httpRequest.getHeader(AUTHORIZATION) == null) + return isauthenticated; + // TODO: refactor to have exclusion pattern + String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1); + if (path.contains("analytics")) { + return isauthenticated; + } + + for (String str : includeapisList) { + if (!isauthenticated) + isauthenticated = matchPattern(path, str); + } + if (isauthenticated && PortalApiProperties.getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED) + .equalsIgnoreCase("remote")) + isauthenticated = true; + else + isauthenticated = false; + return isauthenticated; + } + + private boolean matchPattern(String requestedPath, String includeUrl) { + includeUrl = includeUrl.substring(1); + String[] path = requestedPath.split("/"); + if (path.length > 1) { + String[] roleFunctionArray = includeUrl.split("/"); + boolean match = true; + for (int i = 0; i < roleFunctionArray.length; i++) { + if (match) { + if (!roleFunctionArray[i].equals("*")) { + Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE); + Matcher m = p.matcher(roleFunctionArray[i]); + match = m.matches(); + } else if (roleFunctionArray[i].equals("*")) { + match = true; + } + + } + } + if (match) + return match; + } else { + if (requestedPath.matches(includeUrl)) + return true; + else if (includeUrl.equals("*")) + return true; + } + return false; + } + +} \ No newline at end of file -- cgit 1.2.3-korg