diff options
author | m.kowalski3 <m.kowalski3@partner.samsung.com> | 2019-08-30 16:02:56 +0200 |
---|---|---|
committer | Ofir Sonsino <ofir.sonsino@intl.att.com> | 2019-09-02 12:45:58 +0000 |
commit | 34e04405d887089ddc638607646849af0d9ba932 (patch) | |
tree | ae522c29d12c9297099841ef406f3bf3e7f15da8 /catalog-be | |
parent | 05d0a1772ba64089db033e1e4ce55e0549aef81d (diff) |
Basic authorization for unsecured endpoint
Issue-ID: OJSI-90
Signed-off-by: Marcin Kowalski <m.kowalski3@partner.samsung.com>
Change-Id: I3423d316e4853cfd5fa4aee50ad6506937bd6381
Diffstat (limited to 'catalog-be')
-rw-r--r-- | catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java | 133 | ||||
-rw-r--r-- | catalog-be/src/main/webapp/WEB-INF/web.xml | 11 |
2 files changed, 144 insertions, 0 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java new file mode 100644 index 0000000000..1f23506e8a --- /dev/null +++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/RestAuthenticationFilter.java @@ -0,0 +1,133 @@ +/*- + * ============LICENSE_START======================================================= + * ONAP SDC + * ================================================================================ + * Copyright (C) 2019 Samsung. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END============================================ + * =================================================================== + * + */ + +package org.openecomp.sdc.be.filters; + +import fj.data.Either; +import java.io.IOException; +import java.util.Base64; +import java.util.List; +import java.util.Optional; +import java.util.StringTokenizer; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import org.openecomp.sdc.be.config.BeEcompErrorManager; +import org.openecomp.sdc.be.model.User; +import org.openecomp.sdc.be.user.UserBusinessLogic; +import org.openecomp.sdc.common.api.Constants; +import org.openecomp.sdc.common.log.wrappers.Logger; +import org.openecomp.sdc.exception.ResponseFormat; +import org.springframework.context.ApplicationContext; +import org.springframework.web.context.ContextLoader; + +public class RestAuthenticationFilter implements Filter { + + private static final Logger log = Logger.getLogger(RestAuthenticationFilter.class); + private UserBusinessLogic userBusinessLogic = getUserBusinessLogic(); + + + private UserBusinessLogic getUserBusinessLogic() { + ApplicationContext ctx = ContextLoader.getCurrentWebApplicationContext(); + return (UserBusinessLogic) ctx.getBean("userBusinessLogic"); + } + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain filter) + throws IOException, ServletException { + if (request instanceof HttpServletRequest) { + HttpServletRequest httpServletRequest = (HttpServletRequest) request; + + String authHeader = httpServletRequest.getHeader(Constants.AUTHORIZATION_HEADER); + + if (authHeader != null) { + boolean authenticationStatus = authenticate(authHeader); + + if (authenticationStatus) { + filter.doFilter(request, response); + } else { + unauthorized(response); + } + } else { + unauthorized(response); + } + } + } + + private void unauthorized(ServletResponse response) { + if (response instanceof HttpServletResponse) { + HttpServletResponse httpServletResponse = (HttpServletResponse) response; + httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + } + + private boolean authenticate(String authCredentials) { + + if (null == authCredentials) { + return false; + } + + final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", ""); + String usernameAndPassword = null; + try { + byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword); + usernameAndPassword = new String(decodedBytes, "UTF-8"); + } catch (IOException e) { + e.printStackTrace(); + } + final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":"); + final String username = tokenizer.nextToken(); + + try { + Either<List<User>, ResponseFormat> either = userBusinessLogic.getAllAdminUsers(); + + if (either.isRight()) { + return false; + } else { + if (either.left().value() != null) { + List<User> users = either.left().value(); + Optional<User> user = users.stream().filter(x -> x.getUserId().equals(username)).findFirst(); + return user.isPresent(); + } else { + return false; + } + } + } catch (Exception e) { + BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Get All Administrators"); + log.debug("get all admins failed with unexpected error: {}", e); + } + return false; + } + + @Override + public void destroy() { + } + + @Override + public void init(FilterConfig arg0) throws ServletException { + } +} diff --git a/catalog-be/src/main/webapp/WEB-INF/web.xml b/catalog-be/src/main/webapp/WEB-INF/web.xml index 027601b952..812faba440 100644 --- a/catalog-be/src/main/webapp/WEB-INF/web.xml +++ b/catalog-be/src/main/webapp/WEB-INF/web.xml @@ -50,6 +50,17 @@ <servlet-name>EsGateway</servlet-name> <url-pattern>/sdc2/esGateway/*</url-pattern> </servlet-mapping> + + <filter> + <filter-name>AuthenticationFilter</filter-name> + <filter-class> + org.openecomp.sdc.be.filters.RestAuthenticationFilter + </filter-class> + </filter> + <filter-mapping> + <filter-name>AuthenticationFilter</filter-name> + <url-pattern>/sdc2/rest/v1/consumers</url-pattern> + </filter-mapping> <servlet> <servlet-name>jerseyDistribution</servlet-name> |