/* * ============LICENSE_START========================================== * ONAP Portal SDK * =================================================================== * Copyright © 2017 AT&T Intellectual Property. All rights reserved. * =================================================================== * * Unless otherwise specified, all software contained herein is licensed * under the Apache License, Version 2.0 (the "License"); * you may not use this software except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Unless otherwise specified, all documentation contained herein is licensed * under the Creative Commons License, Attribution 4.0 Intl. (the "License"); * you may not use this documentation except in compliance with the License. * You may obtain a copy of the License at * * https://creativecommons.org/licenses/by/4.0/ * * Unless required by applicable law or agreed to in writing, documentation * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * ============LICENSE_END============================================ * * */ package org.onap.portalsdk.core.onboarding.crossapi; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.onap.aaf.cadi.filter.CadiFilter; import org.onap.portalsdk.core.onboarding.util.AuthUtil; import org.onap.portalsdk.core.onboarding.util.PortalApiConstants; import org.onap.portalsdk.core.onboarding.util.PortalApiProperties; public class CadiAuthFilter extends CadiFilter { private static String include_url_endpoints =""; private static String exclude_url_endpoints = ""; public static final String AUTHORIZATION = "Authorization"; public void init(FilterConfig filterConfig) throws ServletException { super.init(filterConfig); include_url_endpoints = filterConfig.getInitParameter("include_url_endpoints"); exclude_url_endpoints = filterConfig.getInitParameter("exclude_url_endpoints"); } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { if (include_url_endpoints.equals("") || include_url_endpoints == null || include_url_endpoints.isEmpty()) { throw new NullPointerException("inlclude_url_endpoints is null"); } else { String includeUrlEndPointString = include_url_endpoints; if (exclude_url_endpoints.equals("") || exclude_url_endpoints == null || exclude_url_endpoints.isEmpty()) { throw new NullPointerException("exculde_url_endpoints is null"); } String excludeUrlEndPointString = exclude_url_endpoints; ArrayList excludeUrlEndPointList = new ArrayList( Arrays.asList(excludeUrlEndPointString.split(","))); ArrayList includeUrlEndPointList = new ArrayList( Arrays.asList(includeUrlEndPointString.split(","))); if (excludeFilter(request, excludeUrlEndPointList)) chain.doFilter(request, response); else if (includeFilter(request, includeUrlEndPointList)) super.doFilter(request, response, chain); else chain.doFilter(request, response); } } private String getUrl(ServletRequest request) { String path = ""; HttpServletRequest httpRequest = (HttpServletRequest) request; path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1); return path; } private boolean excludeFilter(ServletRequest request, ArrayList excludeUrlEndPointList) { boolean isUrlExcluded = false; String Path = getUrl(request); for (String str : excludeUrlEndPointList) { if (!isUrlExcluded) isUrlExcluded = AuthUtil.matchPattern(Path, str.substring(1)); } return isUrlExcluded; } private boolean includeFilter(ServletRequest request, ArrayList includeapisList) { boolean isauthenticated = false; HttpServletRequest httpRequest = (HttpServletRequest) request; if(httpRequest.getHeader(AUTHORIZATION) == null) return isauthenticated; // TODO: refactor to have exclusion pattern String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1); for (String str : includeapisList) { if (!isauthenticated) isauthenticated = matchPattern(path, str); } if (isauthenticated && PortalApiProperties.getProperty(PortalApiConstants.ROLE_ACCESS_CENTRALIZED) .equalsIgnoreCase("remote")) isauthenticated = true; else isauthenticated = false; return isauthenticated; } private boolean matchPattern(String requestedPath, String includeUrl) { includeUrl = includeUrl.substring(1); String[] path = requestedPath.split("/"); if (path.length > 1) { String[] roleFunctionArray = includeUrl.split("/"); boolean match = true; for (int i = 0; i < roleFunctionArray.length; i++) { if (match) { if (!roleFunctionArray[i].equals("*")) { Pattern p = Pattern.compile(Pattern.quote(path[i]), Pattern.CASE_INSENSITIVE); Matcher m = p.matcher(roleFunctionArray[i]); match = m.matches(); } else if (roleFunctionArray[i].equals("*")) { match = true; } } } if (match) return match; } else { if (requestedPath.matches(includeUrl)) return true; else if (includeUrl.equals("*")) return true; } return false; } }