/*- * ============LICENSE_START========================================== * ONAP Portal SDK * =================================================================== * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); * you may not use this software except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Unless otherwise specified, all documentation contained herein is licensed * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); * you may not use this documentation except in compliance with the License. * You may obtain a copy of the License at * * https://creativecommons.org/licenses/by/4.0/ * * Unless required by applicable law or agreed to in writing, documentation * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * ============LICENSE_END============================================ * * ECOMP is a trademark and service mark of AT&T Intellectual Property. */ package org.onap.portalsdk.external.authorization.service; import java.io.IOException; import java.util.ArrayList; import java.util.List; import javax.servlet.http.HttpServletRequest; import org.json.JSONArray; import org.json.JSONObject; import org.onap.portalsdk.core.domain.RoleFunction; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms; //import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties; import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils; import org.springframework.http.HttpEntity; import org.springframework.http.HttpHeaders; import org.springframework.http.HttpMethod; import org.springframework.http.ResponseEntity; import org.springframework.web.client.RestTemplate; import com.fasterxml.jackson.core.JsonParseException; import com.fasterxml.jackson.databind.JsonMappingException; import com.fasterxml.jackson.databind.ObjectMapper; public class AAFRestServiceImpl implements AAFService { private static final String PASSCODE = "password"; private static final String ID = "id"; private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/"; private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/"; private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate"; RestTemplate template = new RestTemplate(); private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AAFRestServiceImpl.class); @Override public String getUser(String orgUserId, HttpServletRequest request, HttpHeaders headers) throws Exception { HttpEntity entity = new HttpEntity<>(headers); logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}", orgUserId); String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); ResponseEntity getResponse = template.exchange( EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Finished GET user app roles from external auth system and body: {}", getResponse.getBody()); } String userRoles = getResponse.getBody(); return userRoles; } @Override public ResponseEntity checkUserExists(String username, String password, String appPass) throws Exception { username = changeIfUserDomainNotAppended(username); HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password); String appUsername = EcompExternalAuthProperties .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME); JSONObject credentials = new JSONObject(); credentials.put(ID, appUsername); credentials.put(PASSCODE, appPass); HttpEntity entity = new HttpEntity<>(credentials.toString(), headers); logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}", username); ResponseEntity getResponse = template .exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Finished POST from external auth system to validate credentials and status: {}", getResponse.getStatusCode().value()); } return getResponse; } private String changeIfUserDomainNotAppended(String username) { if (!EcompExternalAuthUtils.validate(username)) { username = username + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); } return username; } @Override public List getIfUserPermsExists(String username, HttpHeaders headers) throws Exception { HttpEntity entity = new HttpEntity<>(headers); logger.debug(EELFLoggerDelegate.debugLogger, "getIfUserPermsExists: Connecting to external auth system for user {}", username); username = changeIfUserDomainNotAppended(username); String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username; ResponseEntity getResponse = getPermsFromExternalAuthSystem(entity, endPoint); return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody()); } private ResponseEntity getPermsFromExternalAuthSystem(HttpEntity entity, String endPoint) { ResponseEntity getResponse = template.exchange( EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}", getResponse.getBody()); } return getResponse; } private List convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms) throws IOException, JsonParseException, JsonMappingException { JSONObject userPermsJsonObj = null; JSONArray userPermsJsonArray = null; List extPermsList = new ArrayList<>(); if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) { userPermsJsonObj = new JSONObject(userPerms); userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD); for (int i = 0; i < userPermsJsonArray.length(); i++) { JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i); if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE) .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) { ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class); extPermsList.add(perm); } } } return extPermsList; } @Override public List getRoleFunctions(String orgUserId, HttpHeaders headers) throws Exception { ObjectMapper mapper = new ObjectMapper(); HttpEntity entity = new HttpEntity<>(headers); logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}", orgUserId); String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN); ResponseEntity getResponse = template.exchange( EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint, HttpMethod.GET, entity, String.class); if (getResponse.getStatusCode().value() == 200) { logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Finished GET user perms from external system and body: {}", getResponse.getBody()); } String userPerms = getResponse.getBody(); List extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms); return convertToRoleFunctionList(extPermsList); } private List convertToRoleFunctionList(List extPermsList) { List roleFunctions = new ArrayList<>(); String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE); for (ExternalAccessPerms extPerm : extPermsList) { RoleFunction roleFunction = new RoleFunction(); roleFunction.setCode(extPerm.getInstance()); roleFunction.setAction(extPerm.getAction()); if (extPerm.getDescription() != null && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getDescription()); } else if (extPerm.getDescription() == null && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); } else if (extPerm.getDescription() == null && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction()); } if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) { roleFunction.setType(extPerm.getType().substring(namespace.length() + 1)); } else { roleFunction.setType(extPerm.getType()); } roleFunctions.add(roleFunction); } return roleFunctions; } }