From 80705cdf2dc38d48c4261a2ece3914234960233e Mon Sep 17 00:00:00 2001 From: Ittay Stern Date: Wed, 3 Apr 2019 12:00:57 +0300 Subject: Extract AlwaysValidRoleValidator from RoleValidator Issue-ID: VID-448 Change-Id: Ic006aceca9c51305d0706df6c2c6062ccaaee3de Signed-off-by: Ittay Stern --- .../org/onap/vid/controller/AaiController.java | 46 ++++++------ .../onap/vid/roles/AlwaysValidRoleValidator.java | 43 ++++++++++++ .../main/java/org/onap/vid/roles/RoleProvider.java | 15 ++-- .../java/org/onap/vid/roles/RoleValidator.java | 82 ++++------------------ .../org/onap/vid/roles/RoleValidatorByRoles.java | 80 +++++++++++++++++++++ 5 files changed, 169 insertions(+), 97 deletions(-) create mode 100644 vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java create mode 100644 vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java (limited to 'vid-app-common/src/main/java/org/onap') diff --git a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java index a8e1e2b02..124b6cfcb 100644 --- a/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java +++ b/vid-app-common/src/main/java/org/onap/vid/controller/AaiController.java @@ -20,7 +20,21 @@ package org.onap.vid.controller; +import static org.onap.vid.utils.Logging.getMethodName; + import com.fasterxml.jackson.databind.ObjectMapper; +import java.io.IOException; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; +import java.util.stream.Collectors; +import javax.servlet.ServletContext; +import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.DefaultValue; +import javax.ws.rs.QueryParam; +import javax.ws.rs.WebApplicationException; +import javax.ws.rs.core.Response; import org.apache.commons.lang3.tuple.ImmutablePair; import org.apache.commons.lang3.tuple.Pair; import org.onap.portalsdk.core.controller.RestrictedBaseController; @@ -46,25 +60,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; -import org.springframework.web.bind.annotation.*; +import org.springframework.web.bind.annotation.PathVariable; +import org.springframework.web.bind.annotation.RequestBody; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; +import org.springframework.web.bind.annotation.RequestParam; +import org.springframework.web.bind.annotation.RestController; import org.springframework.web.servlet.HandlerMapping; import org.springframework.web.servlet.ModelAndView; -import javax.servlet.ServletContext; -import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DefaultValue; -import javax.ws.rs.QueryParam; -import javax.ws.rs.WebApplicationException; -import javax.ws.rs.core.Response; -import java.io.IOException; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.UUID; -import java.util.stream.Collectors; - -import static org.onap.vid.utils.Logging.getMethodName; - /** * Controller to handle a&ai requests. */ @@ -153,7 +157,7 @@ public class AaiController extends RestrictedBaseController { */ @RequestMapping(value = "/aai_get_services", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public ResponseEntity doGetServices(HttpServletRequest request) throws IOException { - RoleValidator roleValidator = new RoleValidator(roleProvider.getUserRoles(request)); + RoleValidator roleValidator = RoleValidator.by(roleProvider.getUserRoles(request)); AaiResponse subscriberList = aaiService.getServices(roleValidator); return aaiResponseToResponseEntity(subscriberList); @@ -277,7 +281,7 @@ public class AaiController extends RestrictedBaseController { public ResponseEntity getFullSubscriberList(HttpServletRequest request) throws IOException { ObjectMapper objectMapper = new ObjectMapper(); ResponseEntity responseEntity; - RoleValidator roleValidator = new RoleValidator(roleProvider.getUserRoles(request)); + RoleValidator roleValidator = RoleValidator.by(roleProvider.getUserRoles(request)); SubscriberFilteredResults subscriberList = aaiService.getFullSubscriberList(roleValidator); if (subscriberList.getHttpCode() == 200) { responseEntity = new ResponseEntity<>(objectMapper.writeValueAsString(subscriberList.getSubscriberList()), HttpStatus.OK); @@ -340,7 +344,7 @@ public class AaiController extends RestrictedBaseController { ObjectMapper objectMapper = new ObjectMapper(); ResponseEntity responseEntity; List roles = roleProvider.getUserRoles(request); - RoleValidator roleValidator = new RoleValidator(roles); + RoleValidator roleValidator = RoleValidator.by(roles); AaiResponse subscriberData = aaiService.getSubscriberData(subscriberId, roleValidator); String httpMessage = subscriberData.getT() != null ? objectMapper.writeValueAsString(subscriberData.getT()) : @@ -369,7 +373,7 @@ public class AaiController extends RestrictedBaseController { ResponseEntity responseEntity; List roles = roleProvider.getUserRoles(request); - RoleValidator roleValidator = new RoleValidator(roles); + RoleValidator roleValidator = RoleValidator.by(roles); AaiResponse searchResult = aaiService.getServiceInstanceSearchResults(subscriberId, instanceIdentifier, roleValidator, owningEntities, projects); @@ -531,7 +535,7 @@ public class AaiController extends RestrictedBaseController { try { ObjectMapper objectMapper = new ObjectMapper(); List roles = roleProvider.getUserRoles(request); - RoleValidator roleValidator = new RoleValidator(roles); + RoleValidator roleValidator = RoleValidator.by(roles); AaiResponse response = aaiService.getTenants(globalCustomerId, serviceType, roleValidator); if (response.getHttpCode() == 200) { responseEntity = new ResponseEntity(objectMapper.writeValueAsString(response.getT()), HttpStatus.OK); diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java new file mode 100644 index 000000000..4e5340fc2 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/AlwaysValidRoleValidator.java @@ -0,0 +1,43 @@ +/*- + * ============LICENSE_START======================================================= + * VID + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.vid.roles; + +public class AlwaysValidRoleValidator implements RoleValidator { + + AlwaysValidRoleValidator() { + // package visibility, only for RoleValidator's factory + } + + @Override + public boolean isSubscriberPermitted(String subscriberName) { + return true; + } + + @Override + public boolean isServicePermitted(String subscriberName, String serviceType) { + return true; + } + + @Override + public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { + return true; + } +} diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java index d3d2b80e2..6c0fd3f52 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleProvider.java @@ -24,6 +24,14 @@ package org.onap.vid.roles; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.ObjectMapper; import io.joshworks.restclient.http.HttpResponse; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import java.util.Map; +import java.util.Optional; +import java.util.function.Function; +import java.util.stream.Collectors; +import javax.servlet.http.HttpServletRequest; import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate; import org.onap.portalsdk.core.web.support.UserUtils; import org.onap.vid.aai.exceptions.RoleParsingException; @@ -34,11 +42,6 @@ import org.onap.vid.services.AaiService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import javax.servlet.http.HttpServletRequest; -import java.util.*; -import java.util.function.Function; -import java.util.stream.Collectors; - /** * Created by Oren on 7/1/17. @@ -159,7 +162,7 @@ public class RoleProvider { } public RoleValidator getUserRolesValidator(HttpServletRequest request) { - return new RoleValidator(getUserRoles(request)); + return RoleValidator.by(getUserRoles(request)); } } diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java index 4b92b6413..d37477610 100644 --- a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidator.java @@ -3,6 +3,7 @@ * VID * ================================================================================ * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * Modifications Copyright (C) 2018 - 2019 Nokia. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -21,82 +22,23 @@ package org.onap.vid.roles; import java.util.List; -import java.util.Map; +import org.apache.commons.lang3.StringUtils; import org.onap.portalsdk.core.util.SystemProperties; -import org.onap.vid.mso.rest.RequestDetails; -/** - * Created by Oren on 7/12/17. - */ -public class RoleValidator { - - private boolean disableRoles; - private final List userRoles; - - public RoleValidator(List roles) { - this.userRoles = roles; - disableRoles = SystemProperties.getProperty("role_management_activated").equals("false"); - } - - public boolean isSubscriberPermitted(String subscriberName) { - if (this.disableRoles) { - return true; - } - - for (Role role : userRoles) { - if (role.getSubscribeName().equals(subscriberName)) { - return true; - } - } - return false; - } - - public boolean isServicePermitted(String subscriberName, String serviceType) { - if (this.disableRoles) { - return true; - } - - for (Role role : userRoles) { - if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) { - return true; - } - } - return false; - } +public interface RoleValidator { - boolean isMsoRequestValid(RequestDetails msoRequest) { - if (this.disableRoles) { - return true; - } + static RoleValidator by(List roles) { + boolean disableRoles = + StringUtils.equals(SystemProperties.getProperty("role_management_activated"), "false"); - try { - String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties() - .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); - String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails")) - .get("requestParameters")).get("subscriptionServiceType"); - return isServicePermitted(globalSubscriberIdRequested, serviceType); - } catch (Exception e) { - //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso - return true; - } + return disableRoles + ? new AlwaysValidRoleValidator() + : new RoleValidatorByRoles(roles); } - public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { - if (this.disableRoles) { - return true; - } + boolean isSubscriberPermitted(String subscriberName); - for (Role role : userRoles) { - if (role.getSubscribeName().equals(globalCustomerId) - && role.getServiceType().equals(serviceType) - && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) { - return true; - } - } - return false; - } + boolean isServicePermitted(String subscriberName, String serviceType); - void enableRoles() { - this.disableRoles = false; - } + boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName); } diff --git a/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java new file mode 100644 index 000000000..ad5b519c4 --- /dev/null +++ b/vid-app-common/src/main/java/org/onap/vid/roles/RoleValidatorByRoles.java @@ -0,0 +1,80 @@ +/*- + * ============LICENSE_START======================================================= + * VID + * ================================================================================ + * Copyright (C) 2017 - 2019 AT&T Intellectual Property. All rights reserved. + * ================================================================================ + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * ============LICENSE_END========================================================= + */ + +package org.onap.vid.roles; + +import java.util.List; +import java.util.Map; +import org.onap.vid.mso.rest.RequestDetails; + +public class RoleValidatorByRoles implements RoleValidator { + + private final List userRoles; + + RoleValidatorByRoles(List roles) { + this.userRoles = roles; + } + + @Override + public boolean isSubscriberPermitted(String subscriberName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName)) { + return true; + } + } + return false; + } + + @Override + public boolean isServicePermitted(String subscriberName, String serviceType) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(subscriberName) && role.getServiceType().equals(serviceType)) { + return true; + } + } + return false; + } + + @Override + public boolean isTenantPermitted(String globalCustomerId, String serviceType, String tenantName) { + for (Role role : userRoles) { + if (role.getSubscribeName().equals(globalCustomerId) + && role.getServiceType().equals(serviceType) + && (role.getTenant() == null || role.getTenant().equalsIgnoreCase(tenantName))) { + return true; + } + } + return false; + } + + boolean isMsoRequestValid(RequestDetails msoRequest) { + try { + String globalSubscriberIdRequested = (String) ((Map) ((Map) msoRequest.getAdditionalProperties() + .get("requestDetails")).get("subscriberInfo")).get("globalSubscriberId"); + String serviceType = (String) ((Map) ((Map) msoRequest.getAdditionalProperties().get("requestDetails")) + .get("requestParameters")).get("subscriptionServiceType"); + return isServicePermitted(globalSubscriberIdRequested, serviceType); + } catch (Exception e) { + //Until we'll get the exact information regarding the tenants and the global customer id, we'll return true on unknown requests to mso + return true; + } + } + +} -- cgit 1.2.3-korg