aboutsummaryrefslogtreecommitdiffstats
path: root/vid-app-common/src/main
diff options
context:
space:
mode:
authorIttay Stern <ittay.stern@att.com>2019-04-03 12:00:57 +0300
committerIttay Stern <ittay.stern@att.com>2019-04-03 12:27:06 +0300
commit80705cdf2dc38d48c4261a2ece3914234960233e (patch)
tree1d4f9a5cd6a45a0c900a8df20e8781e053914bcf /vid-app-common/src/main
parentfa9080bc0e2be3198aebbe1da20af73ed91376ce (diff)
Extract AlwaysValidRoleValidator from RoleValidator
Issue-ID: VID-448 Change-Id: Ic006aceca9c51305d0706df6c2c6062ccaaee3de Signed-off-by: Ittay Stern <ittay.stern@att.com>
Diffstat (limited to 'vid-app-common/src/main')
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java46
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java43
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java15
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java82
-rw-r--r--vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java80
5 files changed, 169 insertions, 97 deletions
diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java
index a8e1e2b02..124b6cfcb 100644
--- a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java
+++ b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java
@@ -20,7 +20,21 @@
package org.onap.vid.controller;
+import static org.onap.vid.utils.Logging.getMethodName;
+
import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.UUID;
+import java.util.stream.Collectors;
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
+import javax.ws.rs.DefaultValue;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.Response;
import org.apache.commons.lang3.tuple.ImmutablePair;
import org.apache.commons.lang3.tuple.Pair;
import org.onap.portalsdk.core.controller.RestrictedBaseController;
@@ -46,25 +60,15 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.HandlerMapping;
import org.springframework.web.servlet.ModelAndView;
-import javax.servlet.ServletContext;
-import javax.servlet.http.HttpServletRequest;
-import javax.ws.rs.DefaultValue;
-import javax.ws.rs.QueryParam;
-import javax.ws.rs.WebApplicationException;
-import javax.ws.rs.core.Response;
-import java.io.IOException;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
-import java.util.stream.Collectors;
-
-import static org.onap.vid.utils.Logging.getMethodName;
-
/**
* Controller to handle a&ai requests.
*/
@@ -153,7 +157,7 @@ public class AaiController extends RestrictedBaseController {
*/
@RequestMapping(value = "/aai_get_services", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE)
public ResponseEntity<String> doGetServices(HttpServletRequest request) throws IOException {
- RoleValidator roleValidator = new RoleValidator(roleProvider.getUserRoles(request));
+ RoleValidator roleValidator = RoleValidator.by(roleProvider.getUserRoles(request));
AaiResponse subscriberList = aaiService.getServices(roleValidator);
return aaiResponseToResponseEntity(subscriberList);
@@ -277,7 +281,7 @@ public class AaiController extends RestrictedBaseController {
public ResponseEntity<String> getFullSubscriberList(HttpServletRequest request) throws IOException {
ObjectMapper objectMapper = new ObjectMapper();
ResponseEntity<String> responseEntity;
- RoleValidator roleValidator = new RoleValidator(roleProvider.getUserRoles(request));
+ RoleValidator roleValidator = RoleValidator.by(roleProvider.getUserRoles(request));
SubscriberFilteredResults subscriberList = aaiService.getFullSubscriberList(roleValidator);
if (subscriberList.getHttpCode() == 200) {
responseEntity = new ResponseEntity<>(objectMapper.writeValueAsString(subscriberList.getSubscriberList()), HttpStatus.OK);
@@ -340,7 +344,7 @@ public class AaiController extends RestrictedBaseController {
ObjectMapper objectMapper = new ObjectMapper();
ResponseEntity responseEntity;
List<Role> roles = roleProvider.getUserRoles(request);
- RoleValidator roleValidator = new RoleValidator(roles);
+ RoleValidator roleValidator = RoleValidator.by(roles);
AaiResponse subscriberData = aaiService.getSubscriberData(subscriberId, roleValidator);
String httpMessage = subscriberData.getT() != null ?
objectMapper.writeValueAsString(subscriberData.getT()) :
@@ -369,7 +373,7 @@ public class AaiController extends RestrictedBaseController {
ResponseEntity responseEntity;
List<Role> roles = roleProvider.getUserRoles(request);
- RoleValidator roleValidator = new RoleValidator(roles);
+ RoleValidator roleValidator = RoleValidator.by(roles);
AaiResponse<ServiceInstancesSearchResults> searchResult = aaiService.getServiceInstanceSearchResults(subscriberId, instanceIdentifier, roleValidator, owningEntities, projects);
@@ -531,7 +535,7 @@ public class AaiController extends RestrictedBaseController {
try {
ObjectMapper objectMapper = new ObjectMapper();
List<Role> roles = roleProvider.getUserRoles(request);
- RoleValidator roleValidator = new RoleValidator(roles);
+ RoleValidator roleValidator = RoleValidator.by(roles);
AaiResponse<GetTenantsResponse[]> response = aaiService.getTenants(globalCustomerId, serviceType, roleValidator);
if (response.getHttpCode() == 200) {
responseEntity = new ResponseEntity<String>(objectMapper.writeValueAsString(response.getT()), HttpStatus.OK);
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
new file mode 100644
index 000000000..4e5340fc2
--- /dev/null
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java
@@ -0,0 +1,43 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * VID
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.vid.roles;
+
+public class AlwaysValidRoleValidator implements RoleValidator {
+
+ AlwaysValidRoleValidator() {
+ // package visibility, only for RoleValidator's factory
+ }
+
+ @Override
+ public boolean isSubscriberPermitted(String subscriberName) {
+ return true;
+ }
+
+ @Override
+ public boolean isServicePermitted(String subscriberName, String serviceType) {
+ return true;
+ }
+
+ @Override
+ public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
+ return true;
+ }
+}
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java
index d3d2b80e2..6c0fd3f52 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java
@@ -24,6 +24,14 @@ package org.onap.vid.roles;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.joshworks.restclient.http.HttpResponse;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+import javax.servlet.http.HttpServletRequest;
import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
import org.onap.portalsdk.core.web.support.UserUtils;
import org.onap.vid.aai.exceptions.RoleParsingException;
@@ -34,11 +42,6 @@ import org.onap.vid.services.AaiService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
-import javax.servlet.http.HttpServletRequest;
-import java.util.*;
-import java.util.function.Function;
-import java.util.stream.Collectors;
-
/**
* Created by Oren on 7/1/17.
@@ -159,7 +162,7 @@ public class RoleProvider {
}
public RoleValidator getUserRolesValidator(HttpServletRequest request) {
- return new RoleValidator(getUserRoles(request));
+ return RoleValidator.by(getUserRoles(request));
}
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
index 4b92b6413..d37477610 100644
--- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java
@@ -3,6 +3,7 @@
* VID
* ================================================================================
* Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * Modifications Copyright (C) 2018 - 2019 Nokia. All rights reserved.
* ================================================================================
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -21,82 +22,23 @@
package org.onap.vid.roles;
import java.util.List;
-import java.util.Map;
+import org.apache.commons.lang3.StringUtils;
import org.onap.portalsdk.core.util.SystemProperties;
-import org.onap.vid.mso.rest.RequestDetails;
-/**
- * Created by Oren on 7/12/17.
- */
-public class RoleValidator {
-
- private boolean disableRoles;
- private final List<Role> userRoles;
-
- public RoleValidator(List<Role> roles) {
- this.userRoles = roles;
- disableRoles = SystemProperties.getProperty("role_management_activated").equals("false");
- }
-
- public boolean isSubscriberPermitted(String subscriberName) {
- if (this.disableRoles) {
- return true;
- }
-
- for (Role role : userRoles) {
- if (role.getSubscribeName().equals(subscriberName)) {
- return true;
- }
- }
- return false;
- }
-
- public boolean isServicePermitted(String subscriberName, String serviceType) {
- if (this.disableRoles) {
- return true;
- }
-
- for (Role role : userRoles) {
- if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
- return true;
- }
- }
- return false;
- }
+public interface RoleValidator {
- boolean isMsoRequestValid(RequestDetails msoRequest) {
- if (this.disableRoles) {
- return true;
- }
+ static RoleValidator by(List<Role> roles) {
+ boolean disableRoles =
+ StringUtils.equals(SystemProperties.getProperty("role_management_activated"), "false");
- try {
- String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
- .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
- String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
- .get("requestParameters")).get("subscriptionServiceType");
- return isServicePermitted(globalSubscriberIdRequested, serviceType);
- } catch (Exception e) {
- //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
- return true;
- }
+ return disableRoles
+ ? new AlwaysValidRoleValidator()
+ : new RoleValidatorByRoles(roles);
}
- public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
- if (this.disableRoles) {
- return true;
- }
+ boolean isSubscriberPermitted(String subscriberName);
- for (Role role : userRoles) {
- if (role.getSubscribeName().equals(globalCustomerId)
- && role.getServiceType().equals(serviceType)
- && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) {
- return true;
- }
- }
- return false;
- }
+ boolean isServicePermitted(String subscriberName, String serviceType);
- void enableRoles() {
- this.disableRoles = false;
- }
+ boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName);
}
diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java
new file mode 100644
index 000000000..ad5b519c4
--- /dev/null
+++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java
@@ -0,0 +1,80 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * VID
+ * ================================================================================
+ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.vid.roles;
+
+import java.util.List;
+import java.util.Map;
+import org.onap.vid.mso.rest.RequestDetails;
+
+public class RoleValidatorByRoles implements RoleValidator {
+
+ private final List<Role> userRoles;
+
+ RoleValidatorByRoles(List<Role> roles) {
+ this.userRoles = roles;
+ }
+
+ @Override
+ public boolean isSubscriberPermitted(String subscriberName) {
+ for (Role role : userRoles) {
+ if (role.getSubscribeName().equals(subscriberName)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean isServicePermitted(String subscriberName, String serviceType) {
+ for (Role role : userRoles) {
+ if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ @Override
+ public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) {
+ for (Role role : userRoles) {
+ if (role.getSubscribeName().equals(globalCustomerId)
+ && role.getServiceType().equals(serviceType)
+ && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ boolean isMsoRequestValid(RequestDetails msoRequest) {
+ try {
+ String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties()
+ .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId");
+ String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails"))
+ .get("requestParameters")).get("subscriptionServiceType");
+ return isServicePermitted(globalSubscriberIdRequested, serviceType);
+ } catch (Exception e) {
+ //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso
+ return true;
+ }
+ }
+
+}