From c3f68a3a585985d394116e8c8f141b77619793e1 Mon Sep 17 00:00:00 2001 From: vempo Date: Mon, 15 Jan 2018 18:56:23 +0200 Subject: Removed MDC from four modules Change-Id: I4cba1701cb52121709bbd98dbee4a0cb42f1e5f0 Issue-ID: SDC-772 Signed-off-by: vempo --- .../itempermissions/servlet/PermissionsFilter.java | 66 +++++++++++++++------- 1 file changed, 45 insertions(+), 21 deletions(-) (limited to 'openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src') diff --git a/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java b/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java index 21acc07733..4a8f44657e 100644 --- a/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java +++ b/openecomp-be/lib/openecomp-item-permissions-lib/openecomp-item-permissions-core/src/main/java/org/openecomp/sdc/itempermissions/servlet/PermissionsFilter.java @@ -1,3 +1,19 @@ +/* + * Copyright © 2016-2017 European Support Limited + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + package org.openecomp.sdc.itempermissions.servlet; import org.openecomp.sdc.itempermissions.PermissionsServices; @@ -19,43 +35,51 @@ import java.io.IOException; public class PermissionsFilter implements Filter { private final PermissionsServices permissionsServices; - public static final String IRRELEVANT_REQUEST = "Irrelevant_Request"; - public static final String EDIT_ITEM = "Edit_Item"; + private static final String IRRELEVANT_REQUEST = "Irrelevant_Request"; + private static final String EDIT_ITEM = "Edit_Item"; public PermissionsFilter() { this.permissionsServices = PermissionsServicesFactory.getInstance().createInterface(); } @Override - public void init(FilterConfig filterConfig) throws ServletException { - + public void init(FilterConfig filterConfig) { + // required by servlet API } @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { - if (servletRequest instanceof HttpServletRequest) { - if (((HttpServletRequest) servletRequest).getMethod().equals("POST") - || ((HttpServletRequest) servletRequest).getMethod().equals("PUT")) { - - String userId = ((HttpServletRequest) servletRequest).getHeader("USER_ID"); - String itemId = parseItemIdFromPath(((HttpServletRequest) servletRequest).getPathInfo()); - if ( ! itemId.equals(IRRELEVANT_REQUEST)) { - if ( ! permissionsServices.isAllowed(itemId,userId,EDIT_ITEM)) { - ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_FORBIDDEN); - servletResponse.getWriter().print("Permissions Error. The user does not have " + - "permission to perform" + - " this action."); - return; - } - } - } + if ((servletRequest instanceof HttpServletRequest) && + isIrrelevant((HttpServletRequest) servletRequest, servletResponse)) { + return; } filterChain.doFilter(servletRequest, servletResponse); } + private boolean isIrrelevant(HttpServletRequest servletRequest, ServletResponse servletResponse) throws IOException { + + + String method = servletRequest.getMethod(); + if (method.equals("POST") || method.equals("PUT")) { + + String userId = servletRequest.getHeader("USER_ID"); + String itemId = parseItemIdFromPath(servletRequest.getPathInfo()); + + if (!itemId.equals(IRRELEVANT_REQUEST) && !permissionsServices.isAllowed(itemId,userId,EDIT_ITEM)) { + ((HttpServletResponse) servletResponse).setStatus(HttpServletResponse.SC_FORBIDDEN); + servletResponse.getWriter().print("Permissions Error. The user does not have " + + "permission to perform" + + " this action."); + return true; + } + } + + return false; + } + private String parseItemIdFromPath(String pathInfo) { String[] tokens = pathInfo.split("/"); if (tokens.length < 4) { @@ -67,6 +91,6 @@ public class PermissionsFilter implements Filter { @Override public void destroy() { - + // required by serlvet API } } -- cgit 1.2.3-korg