aboutsummaryrefslogtreecommitdiffstats
path: root/vid-app-common/src/main/java/org
diff options
context:
space:
mode:
authorIttay Stern <ittay.stern@att.com>2020-01-28 05:55:11 +0000
committerGerrit Code Review <gerrit@onap.org>2020-01-28 05:55:11 +0000
commit657353741044c8cda2bbca64e2fc235837428f25 (patch)
treef479513d31f3d9ff209c4eeaf45531af5b925245 /vid-app-common/src/main/java/org
parentae5156453ebf0c8c81c5aa2f791bb527dbf344ad (diff)
parente95a7b89aaac965e89d96eba59968a351cb77f40 (diff)
Merge "Introduce WithPermissionProperties as validation-points for RoleValidator"
Diffstat (limited to 'vid-app-common/src/main/java/org')
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java3
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java9
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java47
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java2
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt17
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java2
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java2
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java19
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java35
9 files changed, 79 insertions, 57 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
index 6431282e7..dcbd9b9e4 100644
--- a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController2.java
@@ -33,6 +33,7 @@ import org.onap.vid.model.aaiTree.Network;
import org.onap.vid.model.aaiTree.RelatedVnf;
import org.onap.vid.model.aaiTree.VpnBinding;
import org.onap.vid.properties.Features;
+import org.onap.vid.roles.PermissionProperties;
import org.onap.vid.roles.RoleProvider;
import org.onap.vid.services.AaiService;
import org.springframework.beans.factory.annotation.Autowired;
@@ -94,7 +95,7 @@ public class AaiController2 extends VidRestrictedBaseController {
final boolean isEditPermitted = roleProvider
.getUserRolesValidator(request)
- .isServicePermitted(subscriberId, serviceType);
+ .isServicePermitted(new PermissionProperties(subscriberId, serviceType));
return new Permissions(isEditPermitted);
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
index 6c8a37262..4b03ea4d9 100644
--- a/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/AsyncInstantiationController.java
@@ -33,7 +33,9 @@ import org.onap.vid.model.ServiceInfo;
import org.onap.vid.model.serviceInstantiation.ServiceInstantiation;
import org.onap.vid.mso.MsoResponseWrapper2;
import org.onap.vid.properties.Features;
+import org.onap.vid.roles.PermissionProperties;
import org.onap.vid.roles.RoleProvider;
+import org.onap.vid.roles.RoleValidator;
import org.onap.vid.services.AsyncInstantiationBusinessLogic;
import org.onap.vid.services.AuditService;
import org.onap.vid.utils.SystemPropertiesWrapper;
@@ -165,8 +167,11 @@ public class AsyncInstantiationController extends VidRestrictedBaseController {
}
private void throwExceptionIfAccessDenied(ServiceInstantiation request, HttpServletRequest httpServletRequest, String userId) {
- if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION) && !roleProvider.getUserRolesValidator(httpServletRequest).isServicePermitted(request.getGlobalSubscriberId(), request.getSubscriptionServiceType())) {
- throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId));
+ if (featureManager.isActive(Features.FLAG_1906_INSTANTIATION_API_USER_VALIDATION)) {
+ RoleValidator roleValidator = roleProvider.getUserRolesValidator(httpServletRequest);
+ if (!roleValidator.isServicePermitted(new PermissionProperties(request.getGlobalSubscriberId(), request.getSubscriptionServiceType()))) {
+ throw new AccessDeniedException(String.format("User %s is not allowed to make this request", userId));
+ }
}
}
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
index 259405c4e..01cc11d95 100644
--- a/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
+++ b/vid-app-common/src/main/java/org/onap/vid/model/ServiceInstanceSearchResult.java
@@ -20,11 +20,17 @@
package org.onap.vid.model;
-public class ServiceInstanceSearchResult {
+import com.fasterxml.jackson.annotation.JsonProperty;
+import org.apache.commons.lang3.StringUtils;
+import org.onap.vid.roles.WithPermissionProperties;
+
+public class ServiceInstanceSearchResult implements WithPermissionProperties {
+
+ private final String SUBSCRIBER_ID_FRONTEND_ALIAS = "globalCustomerId";
private String serviceInstanceId;
- private String globalCustomerId;
+ private String subscriberId;
private String serviceType;
@@ -39,13 +45,13 @@ public class ServiceInstanceSearchResult {
private boolean isPermitted;
public ServiceInstanceSearchResult(){
-
}
- public ServiceInstanceSearchResult(String serviceInstanceId, String globalCustomerId, String serviceType,
+
+ public ServiceInstanceSearchResult(String serviceInstanceId, String subscriberId, String serviceType,
String serviceInstanceName, String subscriberName, String aaiModelInvariantId,
String aaiModelVersionId, boolean isPermitted) {
this.serviceInstanceId = serviceInstanceId;
- this.globalCustomerId = globalCustomerId;
+ this.subscriberId = subscriberId;
this.serviceType = serviceType;
this.serviceInstanceName = serviceInstanceName;
this.subscriberName = subscriberName;
@@ -62,14 +68,17 @@ public class ServiceInstanceSearchResult {
this.serviceInstanceId = serviceInstanceId;
}
- public String getGlobalCustomerId() {
- return globalCustomerId;
+ @Override
+ @JsonProperty(SUBSCRIBER_ID_FRONTEND_ALIAS)
+ public String getSubscriberId() {
+ return subscriberId;
}
- public void setGlobalCustomerId(String globalCustomerId) {
- this.globalCustomerId = globalCustomerId;
+ public void setSubscriberId(String subscriberId) {
+ this.subscriberId = subscriberId;
}
+ @Override
public String getServiceType() {
return serviceType;
}
@@ -119,21 +128,21 @@ public class ServiceInstanceSearchResult {
}
@Override
- public boolean equals(Object other){
- if (other instanceof ServiceInstanceSearchResult) {
- ServiceInstanceSearchResult serviceInstanceSearchResultOther = (ServiceInstanceSearchResult) other;
- if (this.getServiceInstanceId().equals(serviceInstanceSearchResultOther.getServiceInstanceId())) {
- return true;
- }
+ public boolean equals(Object o) {
+ if (this == o) {
+ return true;
+ }
+ if (o == null || getClass() != o.getClass()) {
+ return false;
}
- return false;
+ ServiceInstanceSearchResult that = (ServiceInstanceSearchResult) o;
+
+ return StringUtils.equals(serviceInstanceId, that.serviceInstanceId);
}
@Override
public int hashCode() {
- int result = 17;
- result = 31 * result + serviceInstanceId.hashCode();
- return result;
+ return serviceInstanceId != null ? serviceInstanceId.hashCode() : 0;
}
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
index 4e5340fc2..e12f5403f 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
@@ -32,7 +32,7 @@ public class AlwaysValidRoleValidator implements RoleValidator {
}
@Override
- public boolean isServicePermitted(String subscriberName, String serviceType) {
+ public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
return true;
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt
new file mode 100644
index 000000000..f62b98aef
--- /dev/null
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/PermissionProperties.kt
@@ -0,0 +1,17 @@
+package org.onap.vid.roles
+
+import org.onap.vid.aai.ServiceSubscription
+
+
+interface WithPermissionProperties {
+ val subscriberId: String?
+ val serviceType: String?
+}
+
+data class PermissionProperties(
+ override val subscriberId: String,
+ override val serviceType: String
+) : WithPermissionProperties {
+ constructor(serviceSubscription: ServiceSubscription, subscriberId: String) : this(subscriberId, serviceSubscription.serviceType)
+}
+
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
index f0ee26b0b..4ad168c4f 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
@@ -40,7 +40,7 @@ public interface RoleValidator {
boolean isSubscriberPermitted(String subscriberName);
- boolean isServicePermitted(String subscriberName, String serviceType);
+ boolean isServicePermitted(WithPermissionProperties serviceInstanceSearchResult);
boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName);
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
index e615c1302..726567cc6 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByOwningEntity.java
@@ -33,7 +33,7 @@ public class RoleValidatorByOwningEntity implements RoleValidator{
}
@Override
- public boolean isServicePermitted(String subscriberName, String serviceType) {
+ public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
return false;
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
index 244610c89..95d8a1627 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorBySubscriberAndServiceType.java
@@ -21,8 +21,6 @@
package org.onap.vid.roles;
import java.util.List;
-import java.util.Map;
-import org.onap.vid.mso.rest.RequestDetails;
public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
@@ -43,9 +41,9 @@ public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
}
@Override
- public boolean isServicePermitted(String subscriberName, String serviceType) {
+ public boolean isServicePermitted(WithPermissionProperties permissionProperties) {
for (Role role : userRoles) {
- if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
+ if (role.getSubscribeName().equals(permissionProperties.getSubscriberId()) && role.getServiceType().equals(permissionProperties.getServiceType())) {
return true;
}
}
@@ -64,17 +62,4 @@ public class RoleValidatorBySubscriberAndServiceType implements RoleValidator {
return false;
}
- boolean isMsoRequestValid(RequestDetails msoRequest) {
- try {
- String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
- .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
- String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
- .get("requestParameters")).get("subscriptionServiceType");
- return isServicePermitted(globalSubscriberIdRequested, serviceType);
- } catch (Exception e) {
- //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
- return true;
- }
- }
-
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
index b3ac16884..66c0e6c04 100644
--- a/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
+++ b/vid-app-common/src/main/java/org/onap/vid/services/AaiServiceImpl.java
@@ -85,6 +85,7 @@ import org.onap.vid.model.aaiTree.NodeType;
import org.onap.vid.model.aaiTree.RelatedVnf;
import org.onap.vid.model.aaiTree.VpnBinding;
import org.onap.vid.model.aaiTree.VpnBindingKt;
+import org.onap.vid.roles.PermissionProperties;
import org.onap.vid.roles.RoleValidator;
import org.onap.vid.utils.Intersection;
import org.onap.vid.utils.Logging;
@@ -217,11 +218,11 @@ public class AaiServiceImpl implements AaiService {
} else if (key.equals(SERVICE_TYPE)) {
serviceInstanceSearchResult.setServiceType(relationshipData.getRelationshipValue());
} else if (key.equals(CUSTOMER_ID)) {
- serviceInstanceSearchResult.setGlobalCustomerId(relationshipData.getRelationshipValue());
+ serviceInstanceSearchResult.setSubscriberId(relationshipData.getRelationshipValue());
}
}
- boolean isPermitted = roleValidator.isServicePermitted(serviceInstanceSearchResult.getSubscriberName(), serviceInstanceSearchResult.getServiceType());
+ boolean isPermitted = roleValidator.isServicePermitted(serviceInstanceSearchResult);
serviceInstanceSearchResult.setIsPermitted(isPermitted);
}
}
@@ -265,10 +266,9 @@ public class AaiServiceImpl implements AaiService {
@Override
public AaiResponse getSubscriberData(String subscriberId, RoleValidator roleValidator, boolean omitServiceInstances) {
AaiResponse<Services> subscriberResponse = aaiClient.getSubscriberData(subscriberId, omitServiceInstances);
- String subscriberGlobalId = subscriberResponse.getT().globalCustomerId;
for (ServiceSubscription serviceSubscription : subscriberResponse.getT().serviceSubscriptions.serviceSubscription) {
- String serviceType = serviceSubscription.serviceType;
- serviceSubscription.isPermitted = roleValidator.isServicePermitted(subscriberGlobalId, serviceType);
+ serviceSubscription.isPermitted = roleValidator.isServicePermitted(
+ new PermissionProperties(serviceSubscription, subscriberResponse.getT().globalCustomerId));
}
return subscriberResponse;
@@ -298,38 +298,43 @@ public class AaiServiceImpl implements AaiService {
private List<ServiceInstanceSearchResult> getServicesBySubscriber(String subscriberId, String instanceIdentifier, RoleValidator roleValidator) {
AaiResponse<Services> subscriberResponse = aaiClient.getSubscriberData(subscriberId, false);
- String subscriberGlobalId = subscriberResponse.getT().globalCustomerId;
String subscriberName = subscriberResponse.getT().subscriberName;
ServiceSubscriptions serviceSubscriptions = subscriberResponse.getT().serviceSubscriptions;
- return getSearchResultsForSubscriptions(serviceSubscriptions, subscriberId, instanceIdentifier, roleValidator, subscriberGlobalId, subscriberName);
-
+ return getSearchResultsForSubscriptions(serviceSubscriptions, subscriberId, instanceIdentifier, roleValidator, subscriberName);
}
- private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSubscriptions(ServiceSubscriptions serviceSubscriptions, String subscriberId, String instanceIdentifier, RoleValidator roleValidator, String subscriberGlobalId, String subscriberName) {
+ private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSubscriptions(
+ ServiceSubscriptions serviceSubscriptions, String subscriberId, String instanceIdentifier,
+ RoleValidator roleValidator, String subscriberName) {
ArrayList<ServiceInstanceSearchResult> results = new ArrayList<>();
if (serviceSubscriptions != null) {
for (ServiceSubscription serviceSubscription : serviceSubscriptions.serviceSubscription) {
- String serviceType = serviceSubscription.serviceType;
- serviceSubscription.isPermitted = roleValidator.isServicePermitted(subscriberGlobalId, serviceType);
- ArrayList<ServiceInstanceSearchResult> resultsForSubscription = getSearchResultsForSingleSubscription(serviceSubscription, subscriberId, instanceIdentifier, subscriberName, serviceType);
- results.addAll(resultsForSubscription);
+ serviceSubscription.isPermitted = roleValidator.isServicePermitted(new PermissionProperties(serviceSubscription, subscriberId));
+ results.addAll(getSearchResultsForSingleSubscription(
+ serviceSubscription, subscriberId, instanceIdentifier, subscriberName,
+ serviceSubscription.serviceType, roleValidator)
+ );
}
}
return results;
}
- private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSingleSubscription(ServiceSubscription serviceSubscription, String subscriberId, String instanceIdentifier, String subscriberName, String serviceType) {
+ private ArrayList<ServiceInstanceSearchResult> getSearchResultsForSingleSubscription(
+ ServiceSubscription serviceSubscription, String subscriberId, String instanceIdentifier, String subscriberName,
+ String serviceType, RoleValidator roleValidator) {
ArrayList<ServiceInstanceSearchResult> results = new ArrayList<>();
if (serviceSubscription.serviceInstances != null) {
for (ServiceInstance serviceInstance : serviceSubscription.serviceInstances.serviceInstance) {
ServiceInstanceSearchResult serviceInstanceSearchResult =
new ServiceInstanceSearchResult(serviceInstance.serviceInstanceId, subscriberId, serviceType, serviceInstance.serviceInstanceName,
- subscriberName, serviceInstance.modelInvariantId, serviceInstance.modelVersionId, serviceSubscription.isPermitted);
+ subscriberName, serviceInstance.modelInvariantId, serviceInstance.modelVersionId, false);
+
+ serviceInstanceSearchResult.setIsPermitted(roleValidator.isServicePermitted(serviceInstanceSearchResult));
if ((instanceIdentifier == null) || (serviceInstanceMatchesIdentifier(instanceIdentifier, serviceInstance))){
results.add(serviceInstanceSearchResult);