Basic authorization for unsecured endpoint

Issue-ID: OJSI-90 Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com> Change-Id: I3423d316e4853cfd5fa4aee50ad6506937bd6381
author: m.kowalski3 <m.kowalski3@partner.samsung.com> 2019-08-30 16:02:56 +0200
committer: Ofir Sonsino <ofir.sonsino@intl.att.com> 2019-09-02 12:45:58 +0000
commit: 34e04405d887089ddc638607646849af0d9ba932 (patch)
tree: ae522c29d12c9297099841ef406f3bf3e7f15da8
parent: 05d0a1772ba64089db033e1e4ce55e0549aef81d (diff)
2 files changed, 144 insertions, 0 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java
new file mode 100644
index 0000000000..1f23506e8a
--- /dev/null
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java
@@ -0,0 +1,133 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP SDC
+ * ================================================================================
+ * Copyright (C) 2019 Samsung. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+
+package org.openecomp.sdc.be.filters;
+
+import fj.data.Either;
+import java.io.IOException;
+import java.util.Base64;
+import java.util.List;
+import java.util.Optional;
+import java.util.StringTokenizer;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.openecomp.sdc.be.config.BeEcompErrorManager;
+import org.openecomp.sdc.be.model.User;
+import org.openecomp.sdc.be.user.UserBusinessLogic;
+import org.openecomp.sdc.common.api.Constants;
+import org.openecomp.sdc.common.log.wrappers.Logger;
+import org.openecomp.sdc.exception.ResponseFormat;
+import org.springframework.context.ApplicationContext;
+import org.springframework.web.context.ContextLoader;
+
+public class RestAuthenticationFilter implements Filter {
+
+    private static final Logger log = Logger.getLogger(RestAuthenticationFilter.class);
+    private UserBusinessLogic userBusinessLogic = getUserBusinessLogic();
+
+
+    private UserBusinessLogic getUserBusinessLogic() {
+        ApplicationContext ctx = ContextLoader.getCurrentWebApplicationContext();
+        return (UserBusinessLogic) ctx.getBean("userBusinessLogic");
+    }
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filter)
+            throws IOException, ServletException {
+        if (request instanceof HttpServletRequest) {
+            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+
+            String authHeader = httpServletRequest.getHeader(Constants.AUTHORIZATION_HEADER);
+
+            if (authHeader != null) {
+                boolean authenticationStatus = authenticate(authHeader);
+
+                if (authenticationStatus) {
+                    filter.doFilter(request, response);
+                } else {
+                    unauthorized(response);
+                }
+            } else {
+                unauthorized(response);
+            }
+        }
+    }
+
+    private void unauthorized(ServletResponse response) {
+        if (response instanceof HttpServletResponse) {
+            HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+            httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        }
+    }
+
+    private boolean authenticate(String authCredentials) {
+
+        if (null == authCredentials) {
+            return false;
+        }
+
+        final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", "");
+        String usernameAndPassword = null;
+        try {
+            byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
+            usernameAndPassword = new String(decodedBytes, "UTF-8");
+        } catch (IOException e) {
+            e.printStackTrace();
+        }
+        final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+        final String username = tokenizer.nextToken();
+
+        try {
+            Either<List<User>, ResponseFormat> either = userBusinessLogic.getAllAdminUsers();
+
+            if (either.isRight()) {
+                return false;
+            } else {
+                if (either.left().value() != null) {
+                    List<User> users = either.left().value();
+                    Optional<User> user = users.stream().filter(x -> x.getUserId().equals(username)).findFirst();
+                    return user.isPresent();
+                } else {
+                    return false;
+                }
+            }
+        } catch (Exception e) {
+            BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Get All Administrators");
+            log.debug("get all admins failed with unexpected error: {}", e);
+        }
+        return false;
+    }
+
+    @Override
+    public void destroy() {
+    }
+
+    @Override
+    public void init(FilterConfig arg0) throws ServletException {
+    }
+}
diff --git a/catalog-be/src/main/webapp/WEB-INF/web.xml b/catalog-be/src/main/webapp/WEB-INF/web.xml
index 027601b952..812faba440 100644
--- a/catalog-be/src/main/webapp/WEB-INF/web.xml
+++ b/catalog-be/src/main/webapp/WEB-INF/web.xml
@@ -50,6 +50,17 @@
 		<servlet-name>EsGateway</servlet-name>
 		<url-pattern>/sdc2/esGateway/*</url-pattern>
 	</servlet-mapping>
+
+	<filter>
+		<filter-name>AuthenticationFilter</filter-name>
+		<filter-class>
+			org.openecomp.sdc.be.filters.RestAuthenticationFilter
+		</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>AuthenticationFilter</filter-name>
+		<url-pattern>/sdc2/rest/v1/consumers</url-pattern>
+	</filter-mapping>
 	
 	<servlet>
 		<servlet-name>jerseyDistribution</servlet-name>
author	m.kowalski3 <m.kowalski3@partner.samsung.com>	2019-08-30 16:02:56 +0200
committer	Ofir Sonsino <ofir.sonsino@intl.att.com>	2019-09-02 12:45:58 +0000
commit	34e04405d887089ddc638607646849af0d9ba932 (patch)
tree	ae522c29d12c9297099841ef406f3bf3e7f15da8
parent	05d0a1772ba64089db033e1e4ce55e0549aef81d (diff)