diff options
Diffstat (limited to 'openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters')
6 files changed, 257 insertions, 291 deletions
diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthenticationFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthenticationFilter.java index 272e1e0e86..89d5346907 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthenticationFilter.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthenticationFilter.java @@ -12,98 +12,92 @@ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. -*/ - + */ package org.openecomp.server.filters; -import org.openecomp.sdc.logging.api.Logger; -import org.openecomp.sdc.logging.api.LoggerFactory; - -import javax.servlet.*; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; -import javax.servlet.http.HttpServletResponse; import java.io.IOException; import java.security.Principal; import java.util.Base64; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; public class ActionAuthenticationFilter implements Filter { - private final Logger log = (Logger) LoggerFactory.getLogger(this.getClass().getName()); - private boolean runningOnLocal = true; - - @Override - public void destroy() { - // TODO Auto-generated method stub + private final Logger log = (Logger) LoggerFactory.getLogger(this.getClass().getName()); + private boolean runningOnLocal = true; - } - - @Override - public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) - throws IOException, ServletException { - if (runningOnLocal) { - - HttpServletRequest httpRequest = (HttpServletRequest) arg0; - String authorizationHeader = httpRequest.getHeader("Authorization"); - if (authorizationHeader != null && !authorizationHeader.isEmpty()) { - String username; - try { - String base64Credentials = - httpRequest.getHeader("Authorization").replace("Basic", "").trim(); - String decodedCredentials = new String(Base64.getDecoder().decode(base64Credentials)); - username = decodedCredentials.substring(0, decodedCredentials.indexOf(":")); - } catch (Exception exception) { - log.error("Failed to decode credentials", exception); - setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_FORBIDDEN); - return; - } - if (username.startsWith("AUTH")) { - HttpServletRequestWrapper servletRequest = new HttpServletRequestWrapper(httpRequest) { - @Override - public java.lang.String getRemoteUser() { - return getUserPrincipal().getName(); - } - - @Override - public Principal getUserPrincipal() { - return () -> username.substring(0, username.indexOf("-")); - } + @Override + public void destroy() { + // TODO Auto-generated method stub + } - @Override - public boolean isUserInRole(String role) { - try { - ActionLibraryPrivilege requiredPrivilege = - ActionLibraryPrivilege.getPrivilege(httpRequest.getMethod()); - ActionLibraryPrivilege userPrivilege = ActionLibraryPrivilege - .valueOf(username.substring(username.indexOf("-") + 1).toUpperCase()); - return userPrivilege.ordinal() >= requiredPrivilege.ordinal(); - } catch (Exception exception) { - log.error("Failed to validate UserInRole", exception); - return false; - } + @Override + public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { + if (runningOnLocal) { + HttpServletRequest httpRequest = (HttpServletRequest) arg0; + String authorizationHeader = httpRequest.getHeader("Authorization"); + if (authorizationHeader != null && !authorizationHeader.isEmpty()) { + String username; + try { + String base64Credentials = httpRequest.getHeader("Authorization").replace("Basic", "").trim(); + String decodedCredentials = new String(Base64.getDecoder().decode(base64Credentials)); + username = decodedCredentials.substring(0, decodedCredentials.indexOf(":")); + } catch (Exception exception) { + log.error("Failed to decode credentials", exception); + setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_FORBIDDEN); + return; + } + if (username.startsWith("AUTH")) { + HttpServletRequestWrapper servletRequest = new HttpServletRequestWrapper(httpRequest) { + @Override + public java.lang.String getRemoteUser() { + return getUserPrincipal().getName(); + } + + @Override + public Principal getUserPrincipal() { + return () -> username.substring(0, username.indexOf("-")); + } + + @Override + public boolean isUserInRole(String role) { + try { + ActionLibraryPrivilege requiredPrivilege = ActionLibraryPrivilege.getPrivilege(httpRequest.getMethod()); + ActionLibraryPrivilege userPrivilege = ActionLibraryPrivilege + .valueOf(username.substring(username.indexOf("-") + 1).toUpperCase()); + return userPrivilege.ordinal() >= requiredPrivilege.ordinal(); + } catch (Exception exception) { + log.error("Failed to validate UserInRole", exception); + return false; + } + } + }; + arg2.doFilter(servletRequest, arg1); + } else { + setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_FORBIDDEN); + } + } else { + setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_UNAUTHORIZED); } - }; - arg2.doFilter(servletRequest, arg1); } else { - setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_FORBIDDEN); + //call super doFilter of cadi authentication filter } - } else { - setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_UNAUTHORIZED); - } - } else { - //call super doFilter of cadi authentication filter } + private void setResponseStatus(HttpServletResponse response, int status) { + response.setStatus(status); + } - } - - private void setResponseStatus(HttpServletResponse response, int status) { - response.setStatus(status); - } - - @Override - public void init(FilterConfig arg0) throws ServletException { - - } - + @Override + public void init(FilterConfig arg0) throws ServletException { + } } diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthorizationFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthorizationFilter.java index 10fd7d23f5..c394c3cf46 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthorizationFilter.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthorizationFilter.java @@ -13,43 +13,42 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - package org.openecomp.server.filters; -import javax.servlet.*; +import java.io.IOException; +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.FilterConfig; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import java.io.IOException; public class ActionAuthorizationFilter implements Filter { - - @Override - public void destroy() { - //destroy() is not implemented for ActionAuthorizationFilter - - } - - @Override - public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, - FilterChain filterChain) - throws IOException, ServletException { - - HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; - if (httpRequest.isUserInRole(httpRequest.getMethod().toUpperCase())) { - filterChain.doFilter(servletRequest, servletResponse); - } else { - setResponseStatus((HttpServletResponse) servletResponse, HttpServletResponse.SC_FORBIDDEN); + @Override + public void destroy() { + //destroy() is not implemented for ActionAuthorizationFilter } - } - private void setResponseStatus(HttpServletResponse response, int status) { - response.setStatus(status); - } + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) + throws IOException, ServletException { + HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; + if (httpRequest.isUserInRole(httpRequest.getMethod().toUpperCase())) { + filterChain.doFilter(servletRequest, servletResponse); + } else { + setResponseStatus((HttpServletResponse) servletResponse, HttpServletResponse.SC_FORBIDDEN); + } + } - @Override - public void init(FilterConfig arg0) throws ServletException { - //init() is not implemented for ActionAuthorizationFilter - } + private void setResponseStatus(HttpServletResponse response, int status) { + response.setStatus(status); + } + @Override + public void init(FilterConfig arg0) throws ServletException { + //init() is not implemented for ActionAuthorizationFilter + } } diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionLibraryPrivilege.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionLibraryPrivilege.java index 6c8b1e8ca5..bd0f219f22 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionLibraryPrivilege.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionLibraryPrivilege.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,59 +17,54 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - package org.openecomp.server.filters; /** * The enum Action library privilege. */ public enum ActionLibraryPrivilege { + /** + * Retrieve action library privilege. + */ + RETRIEVE, + /** + * Create action library privilege. + */ + CREATE, + /** + * Update action library privilege. + */ + UPDATE, + /** + * Delete action library privilege. + */ + DELETE; - /** - * Retrieve action library privilege. - */ - RETRIEVE, /** - * Create action library privilege. - */ - CREATE, /** - * Update action library privilege. - */ - UPDATE, /** - * Delete action library privilege. - */ - DELETE; - - /** - * Gets privilege. - * - * @param operation the operation - * @return the privilege - */ - public static ActionLibraryPrivilege getPrivilege(String operation) { - - ActionLibraryPrivilege toReturn; - - switch (operation) { - - case "GET": - toReturn = RETRIEVE; - break; - case "POST": - toReturn = CREATE; - break; - case "PUT": - toReturn = UPDATE; - break; - case "DELETE": - toReturn = DELETE; - break; - default: - toReturn = null; - break; - + /** + * Gets privilege. + * + * @param operation the operation + * @return the privilege + */ + public static ActionLibraryPrivilege getPrivilege(String operation) { + ActionLibraryPrivilege toReturn; + switch (operation) { + case "GET": + toReturn = RETRIEVE; + break; + case "POST": + toReturn = CREATE; + break; + case "PUT": + toReturn = UPDATE; + break; + case "DELETE": + toReturn = DELETE; + break; + default: + toReturn = null; + break; + } + return toReturn; } - - return toReturn; - - } } diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/BasicAuthenticationFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/BasicAuthenticationFilter.java index 0cda5f8a27..2c2b36717a 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/BasicAuthenticationFilter.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/BasicAuthenticationFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,13 +17,14 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - package org.openecomp.server.filters; import com.fasterxml.jackson.databind.ObjectMapper; import java.io.FileInputStream; +import java.io.IOException; import java.io.InputStream; import java.util.Arrays; +import java.util.Base64; import java.util.List; import java.util.Map; import java.util.Objects; @@ -33,101 +34,89 @@ import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpServletResponse; import org.onap.sdc.tosca.services.YamlUtil; import org.openecomp.sdc.be.config.Configuration.BasicAuthConfig; import org.openecomp.sdc.logging.api.Logger; import org.openecomp.sdc.logging.api.LoggerFactory; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.Base64; import org.openecomp.sdcrests.item.rest.services.catalog.notification.EntryNotConfiguredException; public class BasicAuthenticationFilter implements Filter { - private static final Logger log = LoggerFactory.getLogger(BasicAuthenticationFilter.class); - private static final String CONFIG_FILE_PROPERTY = "configuration.yaml"; - private static final String CONFIG_SECTION = "basicAuth"; - - @Override - public void destroy() { - // TODO Auto-generated method stub - - } - - @Override - public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) - throws IOException, ServletException { - String file = Objects.requireNonNull(System.getProperty(CONFIG_FILE_PROPERTY), - "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY); - Object config = getAuthenticationConfiguration(file); - ObjectMapper mapper = new ObjectMapper(); - BasicAuthConfig basicAuthConfig = mapper.convertValue(config, BasicAuthConfig.class); - HttpServletRequest httpRequest = (HttpServletRequest) arg0; - HttpServletRequestWrapper servletRequest = new HttpServletRequestWrapper(httpRequest); - - // BasicAuth is disabled - if (!basicAuthConfig.isEnabled()) { - arg2.doFilter(servletRequest, arg1); - return; - } - - List<String> excludedUrls = Arrays.asList(basicAuthConfig.getExcludedUrls().split(",")); - if (excludedUrls.contains(httpRequest.getServletPath() + httpRequest.getPathInfo())) { - // this url is included in the excludeUrls list, no need for authentication - arg2.doFilter(servletRequest, arg1); - return; - } - - - // Get the basicAuth info from the header - String authorizationHeader = httpRequest.getHeader("Authorization"); - if (authorizationHeader == null || authorizationHeader.isEmpty()) { - ((HttpServletResponse) arg1).setStatus(HttpServletResponse.SC_UNAUTHORIZED); - return; - } - - String base64Credentials = - httpRequest.getHeader("Authorization").replace("Basic", "").trim(); - if (verifyCredentials(basicAuthConfig, base64Credentials)) { - arg2.doFilter(servletRequest, arg1); - } else { - ((HttpServletResponse) arg1).setStatus(HttpServletResponse.SC_UNAUTHORIZED); - } - } + private static final Logger log = LoggerFactory.getLogger(BasicAuthenticationFilter.class); + private static final String CONFIG_FILE_PROPERTY = "configuration.yaml"; + private static final String CONFIG_SECTION = "basicAuth"; + + private static Object getAuthenticationConfiguration(String file) throws IOException { + InputStream fileInput = new FileInputStream(file); + YamlUtil yamlUtil = new YamlUtil(); + Map<?, ?> configuration = Objects.requireNonNull(yamlUtil.yamlToMap(fileInput), "Configuration cannot be empty"); + Object authenticationConfig = configuration.get(CONFIG_SECTION); + if (authenticationConfig == null) { + throw new EntryNotConfiguredException(CONFIG_SECTION + " section"); + } + return authenticationConfig; + } - @Override - public void init(FilterConfig config) throws ServletException { - } + @Override + public void destroy() { + // TODO Auto-generated method stub + } - private static Object getAuthenticationConfiguration(String file) throws IOException { - InputStream fileInput = new FileInputStream(file); - YamlUtil yamlUtil = new YamlUtil(); + @Override + public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException { + String file = Objects.requireNonNull(System.getProperty(CONFIG_FILE_PROPERTY), + "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY); + Object config = getAuthenticationConfiguration(file); + ObjectMapper mapper = new ObjectMapper(); + BasicAuthConfig basicAuthConfig = mapper.convertValue(config, BasicAuthConfig.class); + HttpServletRequest httpRequest = (HttpServletRequest) arg0; + HttpServletRequestWrapper servletRequest = new HttpServletRequestWrapper(httpRequest); + // BasicAuth is disabled + if (!basicAuthConfig.isEnabled()) { + arg2.doFilter(servletRequest, arg1); + return; + } + List<String> excludedUrls = Arrays.asList(basicAuthConfig.getExcludedUrls().split(",")); + if (excludedUrls.contains(httpRequest.getServletPath() + httpRequest.getPathInfo())) { + // this url is included in the excludeUrls list, no need for authentication + arg2.doFilter(servletRequest, arg1); + return; + } + // Get the basicAuth info from the header + String authorizationHeader = httpRequest.getHeader("Authorization"); + if (authorizationHeader == null || authorizationHeader.isEmpty()) { + ((HttpServletResponse) arg1).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + return; + } + String base64Credentials = httpRequest.getHeader("Authorization").replace("Basic", "").trim(); + if (verifyCredentials(basicAuthConfig, base64Credentials)) { + arg2.doFilter(servletRequest, arg1); + } else { + ((HttpServletResponse) arg1).setStatus(HttpServletResponse.SC_UNAUTHORIZED); + } + } - Map<?, ?> configuration = Objects.requireNonNull(yamlUtil.yamlToMap(fileInput), "Configuration cannot be empty"); - Object authenticationConfig = configuration.get(CONFIG_SECTION); - if (authenticationConfig == null) { - throw new EntryNotConfiguredException(CONFIG_SECTION + " section"); + @Override + public void init(FilterConfig config) throws ServletException { } - return authenticationConfig; - } - private boolean verifyCredentials (BasicAuthConfig basicAuthConfig, String credential) { - String decodedCredentials = new String(Base64.getDecoder().decode(credential)); - int p = decodedCredentials.indexOf(':'); - if (p != -1) { - String userName = decodedCredentials.substring(0, p).trim(); - String password = decodedCredentials.substring(p + 1).trim(); - if (!userName.equals(basicAuthConfig.getUserName()) || !password.equals(basicAuthConfig.getUserPass())) { - log.error("Authentication failed. Invalid user name or password"); - return false; - } - return true; - } else { - log.error("Failed to decode credentials"); - return false; + private boolean verifyCredentials(BasicAuthConfig basicAuthConfig, String credential) { + String decodedCredentials = new String(Base64.getDecoder().decode(credential)); + int p = decodedCredentials.indexOf(':'); + if (p != -1) { + String userName = decodedCredentials.substring(0, p).trim(); + String password = decodedCredentials.substring(p + 1).trim(); + if (!userName.equals(basicAuthConfig.getUserName()) || !password.equals(basicAuthConfig.getUserPass())) { + log.error("Authentication failed. Invalid user name or password"); + return false; + } + return true; + } else { + log.error("Failed to decode credentials"); + return false; + } } - } } diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/OnboardingSessionContextFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/OnboardingSessionContextFilter.java index 5465677b5a..d8c8eb6cc4 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/OnboardingSessionContextFilter.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/OnboardingSessionContextFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,25 +17,23 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - package org.openecomp.server.filters; -import org.openecomp.sdcrests.filters.SessionContextFilter; +import static org.openecomp.sdcrests.common.RestConstants.USER_ID_HEADER_PARAM; import javax.servlet.ServletRequest; import javax.servlet.http.HttpServletRequest; - -import static org.openecomp.sdcrests.common.RestConstants.USER_ID_HEADER_PARAM; +import org.openecomp.sdcrests.filters.SessionContextFilter; public class OnboardingSessionContextFilter extends SessionContextFilter { - @Override - public String getUser(ServletRequest servletRequest) { - return ((HttpServletRequest) servletRequest).getHeader(USER_ID_HEADER_PARAM); - } + @Override + public String getUser(ServletRequest servletRequest) { + return ((HttpServletRequest) servletRequest).getHeader(USER_ID_HEADER_PARAM); + } - @Override - public String getTenant(ServletRequest servletRequest) { - return "dox"; - } + @Override + public String getTenant(ServletRequest servletRequest) { + return "dox"; + } } diff --git a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java index 61a74500ca..19b5e52cf8 100644 --- a/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java +++ b/openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/RestrictionAccessFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -17,25 +17,23 @@ * limitations under the License. * ============LICENSE_END========================================================= */ - package org.openecomp.server.filters; import com.fasterxml.jackson.databind.ObjectMapper; -import org.onap.sdc.tosca.services.YamlUtil; -import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; -import org.openecomp.sdc.securityutil.filters.SessionValidationFilter; -import org.openecomp.server.configuration.CookieConfig; -import org.openecomp.sdc.logging.api.Logger; -import org.openecomp.sdc.logging.api.LoggerFactory; -import org.openecomp.sdcrests.item.rest.services.catalog.notification.EntryNotConfiguredException; - -import javax.servlet.http.Cookie; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.util.List; import java.util.Map; import java.util.Objects; +import javax.servlet.http.Cookie; +import org.onap.sdc.tosca.services.YamlUtil; +import org.openecomp.sdc.logging.api.Logger; +import org.openecomp.sdc.logging.api.LoggerFactory; +import org.openecomp.sdc.securityutil.ISessionValidationFilterConfiguration; +import org.openecomp.sdc.securityutil.filters.SessionValidationFilter; +import org.openecomp.sdcrests.item.rest.services.catalog.notification.EntryNotConfiguredException; +import org.openecomp.server.configuration.CookieConfig; public class RestrictionAccessFilter extends SessionValidationFilter { @@ -43,7 +41,23 @@ public class RestrictionAccessFilter extends SessionValidationFilter { private static final String CONFIG_FILE_PROPERTY = "configuration.yaml"; private static final String CONFIG_SECTION = "authCookie"; + @Override + public ISessionValidationFilterConfiguration getFilterConfiguration() { + return Configuration.getInstance(); + } + + @Override + protected Cookie addRoleToCookie(Cookie cookie) { + return cookie; + } + + @Override + protected boolean isRoleValid(Cookie cookie) { + return true; + } + private static class Configuration implements ISessionValidationFilterConfiguration { + private static Configuration instance; private String securityKey; private long maxSessionTimeOut; @@ -55,13 +69,10 @@ public class RestrictionAccessFilter extends SessionValidationFilter { private String cookiePath; private boolean isCookieHttpOnly; - private Configuration() { try { - String file = Objects.requireNonNull(System.getProperty(CONFIG_FILE_PROPERTY), - "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY); - + "Config file location must be specified via system property " + CONFIG_FILE_PROPERTY); Object config = getAuthenticationConfiguration(file); ObjectMapper mapper = new ObjectMapper(); CookieConfig cookieConfig = mapper.convertValue(config, CookieConfig.class); @@ -74,11 +85,9 @@ public class RestrictionAccessFilter extends SessionValidationFilter { this.cookieDomain = cookieConfig.getDomain(); this.cookiePath = cookieConfig.getPath(); this.isCookieHttpOnly = cookieConfig.isHttpOnly(); - } catch (Exception e) { LOGGER.warn("Failed to load configuration. ", e); } - } public static Configuration getInstance() { @@ -89,18 +98,15 @@ public class RestrictionAccessFilter extends SessionValidationFilter { } private static Object getAuthenticationConfiguration(String file) throws IOException { - Map<?, ?> configuration = Objects.requireNonNull(readConfigurationFile(file), "Configuration cannot be empty"); Object authenticationConfig = configuration.get(CONFIG_SECTION); if (authenticationConfig == null) { throw new EntryNotConfiguredException(CONFIG_SECTION + " section"); } - return authenticationConfig; } private static Map<?, ?> readConfigurationFile(String file) throws IOException { - try (InputStream fileInput = new FileInputStream(file)) { YamlUtil yamlUtil = new YamlUtil(); return yamlUtil.yamlToMap(fileInput); @@ -152,19 +158,4 @@ public class RestrictionAccessFilter extends SessionValidationFilter { return excludedUrls; } } - - @Override - public ISessionValidationFilterConfiguration getFilterConfiguration() { - return Configuration.getInstance(); - } - - @Override - protected Cookie addRoleToCookie(Cookie cookie) { - return cookie; - } - - @Override - protected boolean isRoleValid(Cookie cookie) { - return true; - } } |