/* * ============LICENSE_START========================================== * ONAP Portal SDK * =================================================================== * Copyright © 2018 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); * you may not use this software except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Unless otherwise specified, all documentation contained herein is licensed * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); * you may not use this documentation except in compliance with the License. * You may obtain a copy of the License at * * https://creativecommons.org/licenses/by/4.0/ * * Unless required by applicable law or agreed to in writing, documentation * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * ============LICENSE_END============================================ * * */ package org.onap.portalsdk.core.onboarding.crossapi; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.onap.aaf.cadi.filter.CadiFilter; import org.onap.portalsdk.core.onboarding.util.AuthUtil; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; public class CadiAuthFilter extends CadiFilter { private static final Log logger = LogFactory.getLog(CadiAuthFilter.class); public static final String AUTHORIZATION = "Authorization"; public static final String EXCLUDE_URL_ENDPOINTS = "exclude_url_endpoints"; public static final String INCLUDE_URL_ENDPOINTS = "include_url_endpoints"; public static final String REMOTE = "remote"; private List includeUrlEndPointList; private List excludeUrlEndPointList; public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); String include_url_endpoints = filterConfig.getInitParameter(INCLUDE_URL_ENDPOINTS); String exclude_url_endpoints = filterConfig.getInitParameter(EXCLUDE_URL_ENDPOINTS); logger.debug(INCLUDE_URL_ENDPOINTS + ": " + include_url_endpoints); logger.debug(EXCLUDE_URL_ENDPOINTS + ": " + exclude_url_endpoints); if (include_url_endpoints == null || include_url_endpoints.isEmpty()) throw new ServletException("Filter init parameter " + INCLUDE_URL_ENDPOINTS + " is null or empty"); if (exclude_url_endpoints == null || exclude_url_endpoints.isEmpty()) throw new ServletException("Filter init parameter " + EXCLUDE_URL_ENDPOINTS + " is null or empty"); includeUrlEndPointList = new ArrayList<>(Arrays.asList(include_url_endpoints.split(","))); excludeUrlEndPointList = new ArrayList<>(Arrays.asList(exclude_url_endpoints.split(","))); } @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) // throws IOException, ServletException { if (excludeFilter(request, excludeUrlEndPointList)) { logger.debug("doFilter: request excluded from cadifilter"); chain.doFilter(request, response); } else if (includeFilter(request, includeUrlEndPointList)) { logger.debug("doFilter: request is entering cadifilter"); super.doFilter(request, response, chain); } else { chain.doFilter(request, response); } } private String getUrl(ServletRequest request) { HttpServletRequest httpRequest = (HttpServletRequest) request; return httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1); } private boolean excludeFilter(ServletRequest request, List excludeUrlEndPointList) { boolean isUrlExcluded = false; String path = getUrl(request); for (String str : excludeUrlEndPointList) { if (!isUrlExcluded) isUrlExcluded = AuthUtil.matchPattern(path, str.substring(1)); } return isUrlExcluded; } private boolean includeFilter(ServletRequest request, List includeapisList) { boolean isauthenticated = false; HttpServletRequest httpRequest = (HttpServletRequest) request; if (httpRequest.getHeader(AUTHORIZATION) == null) return isauthenticated; // TODO: refactor to have exclusion pattern String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1); for (String str : includeapisList) { if (!isauthenticated) isauthenticated = matchPattern(path, str); } if (isauthenticated && PortalApiProperties.getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED).equalsIgnoreCase(REMOTE)) isauthenticated = true; else isauthenticated = false; return isauthenticated; } private boolean matchPattern(String requestedPath, String includeUrl) { includeUrl = includeUrl.substring(1); String[] path = requestedPath.split("/"); if (path.length > 1) { String[] roleFunctionArray = includeUrl.split("/"); boolean match = true; for (int i = 0; i < roleFunctionArray.length; i++) { if (match) { if (!roleFunctionArray[i].equals("*")) { Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE); Matcher m = p.matcher(roleFunctionArray[i]); match = m.matches(); } else if (roleFunctionArray[i].equals("*")) { match = true; } } } if (match) return match; } else { if (requestedPath.matches(includeUrl)) return true; else if (includeUrl.equals("*")) return true; } return false; } }