aboutsummaryrefslogtreecommitdiffstats
path: root/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java
diff options
context:
space:
mode:
Diffstat (limited to 'catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java')
-rw-r--r--catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java364
1 files changed, 180 insertions, 184 deletions
diff --git a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java
index de95790f4e..841cd3225d 100644
--- a/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java
+++ b/catalog-be/src/main/java/org/openecomp/sdc/be/filters/BasicAuthenticationFilter.java
@@ -20,27 +20,15 @@
package org.openecomp.sdc.be.filters;
-import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.util.StringTokenizer;
-
-import javax.annotation.Priority;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.container.ContainerRequestContext;
-import javax.ws.rs.container.ContainerRequestFilter;
-import javax.ws.rs.core.Context;
-import javax.ws.rs.core.Response;
-import javax.ws.rs.core.Response.ResponseBuilder;
-import javax.ws.rs.core.Response.Status;
-
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import fj.data.Either;
import org.apache.commons.codec.binary.Base64;
import org.openecomp.sdc.be.components.impl.ConsumerBusinessLogic;
import org.openecomp.sdc.be.dao.api.ActionStatus;
import org.openecomp.sdc.be.impl.ComponentsUtils;
import org.openecomp.sdc.be.impl.WebAppContextWrapper;
import org.openecomp.sdc.be.model.ConsumerDefinition;
-import org.openecomp.sdc.be.resources.data.auditing.AuditingActionEnum;
import org.openecomp.sdc.common.api.Constants;
import org.openecomp.sdc.exception.ResponseFormat;
import org.openecomp.sdc.security.Passwords;
@@ -48,178 +36,186 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.context.WebApplicationContext;
-import com.google.gson.Gson;
-import com.google.gson.GsonBuilder;
-
-import fj.data.Either;
+import javax.annotation.Priority;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.container.ContainerRequestContext;
+import javax.ws.rs.container.ContainerRequestFilter;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.Response.Status;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.util.StringTokenizer;
@Priority(10)
public class BasicAuthenticationFilter implements ContainerRequestFilter {
- @Context
- private HttpServletRequest sr;
-
- protected Gson gson = new GsonBuilder().setPrettyPrinting().create();
-
- private String realm = "ASDC";
-
- private static Logger log = LoggerFactory.getLogger(BasicAuthenticationFilter.class.getName());
-
- @Override
- public void filter(ContainerRequestContext requestContext) throws IOException {
-
- String authHeader = requestContext.getHeaderString(Constants.AUTHORIZATION_HEADER);
- if (authHeader != null) {
- StringTokenizer st = new StringTokenizer(authHeader);
- if (st.hasMoreTokens()) {
- String basic = st.nextToken();
-
- if (basic.equalsIgnoreCase("Basic")) {
- try {
- String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
- log.debug("Credentials: {}" , credentials);
- checkUserCredentiles(requestContext, credentials);
- } catch (UnsupportedEncodingException e) {
- log.error("Authentication Filter Failed Couldn't retrieve authentication", e);
- authInvalidHeaderError(requestContext);
- }
- } else {
- log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic autantication.");
- authInvalidHeaderError(requestContext);
- }
- } else {
- log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic autantication.");
- authInvalidHeaderError(requestContext);
- }
-
- } else {
- log.error("Authentication Filter Failed no autharization header");
- authRequiredError(requestContext);
- }
- }
-
- private void checkUserCredentiles(ContainerRequestContext requestContext, String credentials) {
- int p = credentials.indexOf(":");
- if (p != -1) {
- String _username = credentials.substring(0, p).trim();
- String _password = credentials.substring(p + 1).trim();
-
- ConsumerBusinessLogic consumerBL = getConsumerBusinessLogic();
- if (consumerBL == null) {
- log.error("Authentication Filter Failed to get consumerBL.");
- requestContext.abortWith(Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build());
- } else {
- Either<ConsumerDefinition, ResponseFormat> result = consumerBL.getConsumer(_username);
- validatePassword(requestContext, _username, _password, result);
- }
- } else {
- log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic autantication.");
- authInvalidHeaderError(requestContext);
-
- }
- }
-
- private void validatePassword(ContainerRequestContext requestContext, String _username, String _password, Either<ConsumerDefinition, ResponseFormat> result) {
- if (result.isRight()) {
- Integer status = result.right().value().getStatus();
- if (status == Status.NOT_FOUND.getStatusCode()) {
- log.error("Authentication Filter Failed Couldn't find user");
- authUserNotFoundError(requestContext, _username);
- } else {
- log.error("Authentication Filter Failed to get consumerBL.");
- requestContext.abortWith(Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build());
- }
- } else {
- ConsumerDefinition consumerCredentials = result.left().value();
- if (!Passwords.isExpectedPassword(_password, consumerCredentials.getConsumerSalt(), consumerCredentials.getConsumerPassword())) {
- log.error("Authentication Filter Failed invalide password");
- authInvalidePasswordError(requestContext, _username);
- } else {
- authSuccesessful(requestContext, _username);
- }
- }
- }
-
- private void authSuccesessful(ContainerRequestContext requestContext, String _username) {
- ComponentsUtils componentUtils = getComponentsUtils();
- if (componentUtils == null) {
- log.error("Authentication Filter Failed to get component utils.");
- requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
- }
- componentUtils.auditAuthEvent(AuditingActionEnum.AUTH_REQUEST, requestContext.getUriInfo().getPath(), _username, AuthStatus.AUTH_SUCCESS.toString(), realm);
- }
-
- private void authInvalidePasswordError(ContainerRequestContext requestContext, String _username) {
- ComponentsUtils componentUtils = getComponentsUtils();
- if (componentUtils == null) {
- log.error("Authentication Filter Failed to get component utils.");
- requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
- }
- componentUtils.auditAuthEvent(AuditingActionEnum.AUTH_REQUEST, requestContext.getUriInfo().getPath(), _username, AuthStatus.AUTH_FAILED_INVALID_PASSWORD.toString(), realm);
- ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_FAILED);
- requestContext.abortWith(buildErrorResponse(responseFormat, false));
- }
-
- private void authUserNotFoundError(ContainerRequestContext requestContext, String _username) {
- ComponentsUtils componentUtils = getComponentsUtils();
- if (componentUtils == null) {
- log.error("Authentication Filter Failed to get component utils.");
- requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
- }
- getComponentsUtils().auditAuthEvent(AuditingActionEnum.AUTH_REQUEST, requestContext.getUriInfo().getPath(), _username, AuthStatus.AUTH_FAILED_USER_NOT_FOUND.toString(), realm);
- ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_FAILED);
- requestContext.abortWith(buildErrorResponse(responseFormat, false));
- }
-
- private void authInvalidHeaderError(ContainerRequestContext requestContext) {
- ComponentsUtils componentUtils = getComponentsUtils();
- if (componentUtils == null) {
- log.error("Authentication Filter Failed to get component utils.");
- requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
- }
- getComponentsUtils().auditAuthEvent(AuditingActionEnum.AUTH_REQUEST, requestContext.getUriInfo().getPath(), "", AuthStatus.AUTH_FAILED_INVALID_AUTHENTICATION_HEADER.toString(), realm);
- ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_FAILED_INVALIDE_HEADER);
- requestContext.abortWith(buildErrorResponse(responseFormat, false));
- }
-
- private void authRequiredError(ContainerRequestContext requestContext) {
- ComponentsUtils componentUtils = getComponentsUtils();
- if (componentUtils == null) {
- log.error("Authentication Filter Failed to get component utils.");
- requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
- }
- getComponentsUtils().auditAuthEvent(AuditingActionEnum.AUTH_REQUEST, requestContext.getUriInfo().getPath(), "", AuthStatus.AUTH_REQUIRED.toString(), realm);
- ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_REQUIRED);
- requestContext.abortWith(buildErrorResponse(responseFormat, true));
- }
-
- private ComponentsUtils getComponentsUtils() {
- ServletContext context = sr.getSession().getServletContext();
- WebAppContextWrapper webApplicationContextWrapper = (WebAppContextWrapper) context.getAttribute(Constants.WEB_APPLICATION_CONTEXT_WRAPPER_ATTR);
- WebApplicationContext webApplicationContext = webApplicationContextWrapper.getWebAppContext(context);
- ComponentsUtils componentsUtils = webApplicationContext.getBean(ComponentsUtils.class);
- return componentsUtils;
- }
-
- private ConsumerBusinessLogic getConsumerBusinessLogic() {
- ServletContext context = sr.getSession().getServletContext();
- WebAppContextWrapper webApplicationContextWrapper = (WebAppContextWrapper) context.getAttribute(Constants.WEB_APPLICATION_CONTEXT_WRAPPER_ATTR);
- WebApplicationContext webApplicationContext = webApplicationContextWrapper.getWebAppContext(context);
- ConsumerBusinessLogic consumerBusinessLogic = webApplicationContext.getBean(ConsumerBusinessLogic.class);
- return consumerBusinessLogic;
- }
-
- public enum AuthStatus {
- AUTH_REQUIRED, AUTH_FAILED_USER_NOT_FOUND, AUTH_FAILED_INVALID_PASSWORD, AUTH_FAILED_INVALID_AUTHENTICATION_HEADER, AUTH_SUCCESS
- }
-
- protected Response buildErrorResponse(ResponseFormat requestErrorWrapper, boolean addWwwAuthenticationHeader) {
- ResponseBuilder responseBuilder = Response.status(requestErrorWrapper.getStatus());
- if (addWwwAuthenticationHeader) {
- responseBuilder = responseBuilder.header("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
- }
- Response response = responseBuilder.entity(gson.toJson(requestErrorWrapper.getRequestError())).build();
- return response;
- }
+ @Context
+ private HttpServletRequest sr;
+
+ protected Gson gson = new GsonBuilder().setPrettyPrinting().create();
+
+ private String realm = "ASDC";
+
+ private static final Logger log = LoggerFactory.getLogger(BasicAuthenticationFilter.class);
+
+ @Override
+ public void filter(ContainerRequestContext requestContext) throws IOException {
+
+ String authHeader = requestContext.getHeaderString(Constants.AUTHORIZATION_HEADER);
+ if (authHeader != null) {
+ StringTokenizer st = new StringTokenizer(authHeader);
+ if (st.hasMoreTokens()) {
+ String basic = st.nextToken();
+
+ if (basic.equalsIgnoreCase("Basic")) {
+ try {
+ String credentials = new String(Base64.decodeBase64(st.nextToken()), "UTF-8");
+ log.debug("Credentials: {}" , credentials);
+ checkUserCredentiles(requestContext, credentials);
+ } catch (UnsupportedEncodingException e) {
+ log.error("Authentication Filter Failed Couldn't retrieve authentication", e);
+ authInvalidHeaderError(requestContext);
+ }
+ } else {
+ log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic autantication.");
+ authInvalidHeaderError(requestContext);
+ }
+ } else {
+ log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic autantication.");
+ authInvalidHeaderError(requestContext);
+ }
+
+ } else {
+ log.error("Authentication Filter Failed no autharization header");
+ authRequiredError(requestContext);
+ }
+ }
+
+ private void checkUserCredentiles(ContainerRequestContext requestContext, String credentials) {
+ int p = credentials.indexOf(":");
+ if (p != -1) {
+ String _username = credentials.substring(0, p).trim();
+ String _password = credentials.substring(p + 1).trim();
+
+ ConsumerBusinessLogic consumerBL = getConsumerBusinessLogic();
+ if (consumerBL == null) {
+ log.error("Authentication Filter Failed to get consumerBL.");
+ requestContext.abortWith(Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build());
+ } else {
+ Either<ConsumerDefinition, ResponseFormat> result = consumerBL.getConsumer(_username);
+ validatePassword(requestContext, _username, _password, result);
+ }
+ } else {
+ log.error("Authentication Filter Failed Couldn't retrieve authentication, no basic autantication.");
+ authInvalidHeaderError(requestContext);
+
+ }
+ }
+
+ private void validatePassword(ContainerRequestContext requestContext, String _username, String _password, Either<ConsumerDefinition, ResponseFormat> result) {
+ if (result.isRight()) {
+ Integer status = result.right().value().getStatus();
+ if (status == Status.NOT_FOUND.getStatusCode()) {
+ log.error("Authentication Filter Failed Couldn't find user");
+ authUserNotFoundError(requestContext, _username);
+ } else {
+ log.error("Authentication Filter Failed to get consumerBL.");
+ requestContext.abortWith(Response.serverError().status(Status.INTERNAL_SERVER_ERROR).build());
+ }
+ } else {
+ ConsumerDefinition consumerCredentials = result.left().value();
+ if (!Passwords.isExpectedPassword(_password, consumerCredentials.getConsumerSalt(), consumerCredentials.getConsumerPassword())) {
+ log.error("Authentication Filter Failed invalide password");
+ authInvalidePasswordError(requestContext, _username);
+ } else {
+ authSuccesessful(requestContext, _username);
+ }
+ }
+ }
+
+ private void authSuccesessful(ContainerRequestContext requestContext, String _username) {
+ ComponentsUtils componentUtils = getComponentsUtils();
+ if (componentUtils == null) {
+ log.error("Authentication Filter Failed to get component utils.");
+ requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
+ }
+ componentUtils.auditAuthEvent(requestContext.getUriInfo().getPath(), _username, AuthStatus.AUTH_SUCCESS.toString(), realm);
+ }
+
+ private void authInvalidePasswordError(ContainerRequestContext requestContext, String _username) {
+ ComponentsUtils componentUtils = getComponentsUtils();
+ if (componentUtils == null) {
+ log.error("Authentication Filter Failed to get component utils.");
+ requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
+ }
+ componentUtils.auditAuthEvent(requestContext.getUriInfo().getPath(), _username, AuthStatus.AUTH_FAILED_INVALID_PASSWORD.toString(), realm);
+ ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_FAILED);
+ requestContext.abortWith(buildErrorResponse(responseFormat, false));
+ }
+
+ private void authUserNotFoundError(ContainerRequestContext requestContext, String _username) {
+ ComponentsUtils componentUtils = getComponentsUtils();
+ if (componentUtils == null) {
+ log.error("Authentication Filter Failed to get component utils.");
+ requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
+ }
+ getComponentsUtils().auditAuthEvent(requestContext.getUriInfo().getPath(), _username, AuthStatus.AUTH_FAILED_USER_NOT_FOUND.toString(), realm);
+ ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_FAILED);
+ requestContext.abortWith(buildErrorResponse(responseFormat, false));
+ }
+
+ private void authInvalidHeaderError(ContainerRequestContext requestContext) {
+ ComponentsUtils componentUtils = getComponentsUtils();
+ if (componentUtils == null) {
+ log.error("Authentication Filter Failed to get component utils.");
+ requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
+ }
+ getComponentsUtils().auditAuthEvent(requestContext.getUriInfo().getPath(), "", AuthStatus.AUTH_FAILED_INVALID_AUTHENTICATION_HEADER.toString(), realm);
+ ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_FAILED_INVALIDE_HEADER);
+ requestContext.abortWith(buildErrorResponse(responseFormat, false));
+ }
+
+ private void authRequiredError(ContainerRequestContext requestContext) {
+ ComponentsUtils componentUtils = getComponentsUtils();
+ if (componentUtils == null) {
+ log.error("Authentication Filter Failed to get component utils.");
+ requestContext.abortWith(Response.status(Status.INTERNAL_SERVER_ERROR).build());
+ }
+ getComponentsUtils().auditAuthEvent(requestContext.getUriInfo().getPath(), "", AuthStatus.AUTH_REQUIRED.toString(), realm);
+ ResponseFormat responseFormat = getComponentsUtils().getResponseFormat(ActionStatus.AUTH_REQUIRED);
+ requestContext.abortWith(buildErrorResponse(responseFormat, true));
+ }
+
+ private ComponentsUtils getComponentsUtils() {
+ ServletContext context = sr.getSession().getServletContext();
+ WebAppContextWrapper webApplicationContextWrapper = (WebAppContextWrapper) context.getAttribute(Constants.WEB_APPLICATION_CONTEXT_WRAPPER_ATTR);
+ WebApplicationContext webApplicationContext = webApplicationContextWrapper.getWebAppContext(context);
+ ComponentsUtils componentsUtils = webApplicationContext.getBean(ComponentsUtils.class);
+ return componentsUtils;
+ }
+
+ private ConsumerBusinessLogic getConsumerBusinessLogic() {
+ ServletContext context = sr.getSession().getServletContext();
+ WebAppContextWrapper webApplicationContextWrapper = (WebAppContextWrapper) context.getAttribute(Constants.WEB_APPLICATION_CONTEXT_WRAPPER_ATTR);
+ WebApplicationContext webApplicationContext = webApplicationContextWrapper.getWebAppContext(context);
+ ConsumerBusinessLogic consumerBusinessLogic = webApplicationContext.getBean(ConsumerBusinessLogic.class);
+ return consumerBusinessLogic;
+ }
+
+ public enum AuthStatus {
+ AUTH_REQUIRED, AUTH_FAILED_USER_NOT_FOUND, AUTH_FAILED_INVALID_PASSWORD, AUTH_FAILED_INVALID_AUTHENTICATION_HEADER, AUTH_SUCCESS
+ }
+
+ protected Response buildErrorResponse(ResponseFormat requestErrorWrapper, boolean addWwwAuthenticationHeader) {
+ ResponseBuilder responseBuilder = Response.status(requestErrorWrapper.getStatus());
+ if (addWwwAuthenticationHeader) {
+ responseBuilder = responseBuilder.header("WWW-Authenticate", "Basic realm=\"" + realm + "\"");
+ }
+ Response response = responseBuilder.entity(gson.toJson(requestErrorWrapper.getRequestError())).build();
+ return response;
+ }
}