summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorm.kowalski3 <m.kowalski3@partner.samsung.com>2019-08-30 16:02:56 +0200
committerOfir Sonsino <ofir.sonsino@intl.att.com>2019-09-02 12:45:58 +0000
commit34e04405d887089ddc638607646849af0d9ba932 (patch)
treeae522c29d12c9297099841ef406f3bf3e7f15da8
parent05d0a1772ba64089db033e1e4ce55e0549aef81d (diff)
Basic authorization for unsecured endpoint
Issue-ID: OJSI-90 Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com> Change-Id: I3423d316e4853cfd5fa4aee50ad6506937bd6381
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java133
-rw-r--r--catalog-be/src/main/webapp/WEB-INF/web.xml11
2 files changed, 144 insertions, 0 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java
new file mode 100644
index 0000000000..1f23506e8a
--- /dev/null
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java
@@ -0,0 +1,133 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SDC
+ * ================================================================================
+ * Copyright (C) 2019 Samsung. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+
+package org.openecomp.sdc.be.filters;
+
+import fj.data.Either;
+import java.io.IOException;
+import java.util.Base64;
+import java.util.List;
+import java.util.Optional;
+import java.util.StringTokenizer;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.openecomp.sdc.be.config.BeEcompErrorManager;
+import org.openecomp.sdc.be.model.User;
+import org.openecomp.sdc.be.user.UserBusinessLogic;
+import org.openecomp.sdc.common.api.Constants;
+import org.openecomp.sdc.common.log.wrappers.Logger;
+import org.openecomp.sdc.exception.ResponseFormat;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.context.ContextLoader;
+
+public class RestAuthenticationFilter implements Filter {
+
+ private static final Logger log = Logger.getLogger(RestAuthenticationFilter.class);
+ private UserBusinessLogic userBusinessLogic = getUserBusinessLogic();
+
+
+ private UserBusinessLogic getUserBusinessLogic() {
+ ApplicationContext ctx = ContextLoader.getCurrentWebApplicationContext();
+ return (UserBusinessLogic) ctx.getBean("userBusinessLogic");
+ }
+
+ @Override
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain filter)
+ throws IOException, ServletException {
+ if (request instanceof HttpServletRequest) {
+ HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+
+ String authHeader = httpServletRequest.getHeader(Constants.AUTHORIZATION_HEADER);
+
+ if (authHeader != null) {
+ boolean authenticationStatus = authenticate(authHeader);
+
+ if (authenticationStatus) {
+ filter.doFilter(request, response);
+ } else {
+ unauthorized(response);
+ }
+ } else {
+ unauthorized(response);
+ }
+ }
+ }
+
+ private void unauthorized(ServletResponse response) {
+ if (response instanceof HttpServletResponse) {
+ HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+ httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ }
+ }
+
+ private boolean authenticate(String authCredentials) {
+
+ if (null == authCredentials) {
+ return false;
+ }
+
+ final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", "");
+ String usernameAndPassword = null;
+ try {
+ byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
+ usernameAndPassword = new String(decodedBytes, "UTF-8");
+ } catch (IOException e) {
+ e.printStackTrace();
+ }
+ final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+ final String username = tokenizer.nextToken();
+
+ try {
+ Either<List<User>, ResponseFormat> either = userBusinessLogic.getAllAdminUsers();
+
+ if (either.isRight()) {
+ return false;
+ } else {
+ if (either.left().value() != null) {
+ List<User> users = either.left().value();
+ Optional<User> user = users.stream().filter(x -> x.getUserId().equals(username)).findFirst();
+ return user.isPresent();
+ } else {
+ return false;
+ }
+ }
+ } catch (Exception e) {
+ BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Get All Administrators");
+ log.debug("get all admins failed with unexpected error: {}", e);
+ }
+ return false;
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+ @Override
+ public void init(FilterConfig arg0) throws ServletException {
+ }
+}
diff --git a/catalog-be/src/main/webapp/WEB-INF/web.xml b/catalog-be/src/main/webapp/WEB-INF/web.xml
index 027601b952..812faba440 100644
--- a/catalog-be/src/main/webapp/WEB-INF/web.xml
+++ b/catalog-be/src/main/webapp/WEB-INF/web.xml
@@ -50,6 +50,17 @@
<servlet-name>EsGateway</servlet-name>
<url-pattern>/sdc2/esGateway/*</url-pattern>
</servlet-mapping>
+
+ <filter>
+ <filter-name>AuthenticationFilter</filter-name>
+ <filter-class>
+ org.openecomp.sdc.be.filters.RestAuthenticationFilter
+ </filter-class>
+ </filter>
+ <filter-mapping>
+ <filter-name>AuthenticationFilter</filter-name>
+ <url-pattern>/sdc2/rest/v1/consumers</url-pattern>
+ </filter-mapping>
<servlet>
<servlet-name>jerseyDistribution</servlet-name>