1 /* Copyright (c) 2019 AT&T Intellectual Property. #
\r
3 # Licensed under the Apache License, Version 2.0 (the "License"); #
\r
4 # you may not use this file except in compliance with the License. #
\r
5 # You may obtain a copy of the License at #
\r
7 # http://www.apache.org/licenses/LICENSE-2.0 #
\r
9 # Unless required by applicable law or agreed to in writing, software #
\r
10 # distributed under the License is distributed on an "AS IS" BASIS, #
\r
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
\r
12 # See the License for the specific language governing permissions and #
\r
13 # limitations under the License. #
\r
14 ##############################################################################*/
\r
17 package org.oran.otf.api.config;
\r
19 import com.google.common.base.Strings;
\r
20 import java.io.IOException;
\r
21 import java.util.ArrayList;
\r
22 import java.util.List;
\r
23 import java.util.Map;
\r
24 import java.util.TreeMap;
\r
25 import javax.servlet.Filter;
\r
26 import javax.servlet.FilterChain;
\r
27 import javax.servlet.FilterConfig;
\r
28 import javax.servlet.ServletException;
\r
29 import javax.servlet.ServletRequest;
\r
30 import javax.servlet.ServletResponse;
\r
31 import javax.servlet.http.HttpServletRequest;
\r
32 import javax.servlet.http.HttpServletResponse;
\r
33 import org.apache.commons.logging.Log;
\r
34 import org.apache.commons.logging.LogFactory;
\r
35 import org.onap.aaf.cadi.Access;
\r
36 import org.onap.aaf.cadi.Access.Level;
\r
37 import org.onap.aaf.cadi.ServletContextAccess;
\r
38 import org.onap.aaf.cadi.util.Split;
\r
40 public class OTFApiEnforcementFilter implements Filter {
\r
41 private static final Log log = LogFactory.getLog(OTFApiEnforcementFilter.class);
\r
42 private String type;
\r
43 private Map<String, List<String>> publicPaths;
\r
44 private Access access = null;
\r
46 public OTFApiEnforcementFilter(Access access, String enforce) throws ServletException {
\r
47 this.access = access;
\r
52 public void init(FilterConfig fc) throws ServletException {
\r
53 init(fc.getInitParameter("aaf_perm_type"));
\r
54 // need the Context for Logging, instantiating ClassLoader, etc
\r
55 ServletContextAccess sca = new ServletContextAccess(fc);
\r
56 if (access == null) {
\r
61 private void init(final String ptypes) throws ServletException {
\r
62 if (Strings.isNullOrEmpty(ptypes)) {
\r
63 throw new ServletException("OTFApiEnforcement requires aaf_perm_type property");
\r
65 String[] full = Split.splitTrim(';', ptypes);
\r
66 if (full.length <= 0) {
\r
67 throw new ServletException("aaf_perm_type property is empty");
\r
71 publicPaths = new TreeMap<>();
\r
72 if (full.length > 1) {
\r
73 for (int i = 1; i < full.length; ++i) {
\r
74 String[] pubArray = Split.split(':', full[i]);
\r
75 if (pubArray.length == 2) {
\r
76 List<String> ls = publicPaths.get(pubArray[0]);
\r
78 ls = new ArrayList<>();
\r
79 publicPaths.put(pubArray[0], ls);
\r
81 ls.add(pubArray[1]);
\r
88 public void doFilter(ServletRequest req, ServletResponse resp, FilterChain fc)
\r
89 throws IOException, ServletException {
\r
90 HttpServletRequest hreq = (HttpServletRequest) req;
\r
91 final String meth = hreq.getMethod();
\r
92 String path = hreq.getContextPath(); // + hreq.getPathInfo();
\r
94 if (Strings.isNullOrEmpty(path) || "null".equals(path)) {
\r
95 path = hreq.getRequestURI().substring(hreq.getContextPath().length());
\r
98 List<String> list = publicPaths.get(meth);
\r
100 for (String p : publicPaths.get(meth)) {
\r
101 if (path.startsWith(p)) {
\r
104 "%s accessed public API %s %s\n",
\r
105 hreq.getUserPrincipal().getName(),
\r
108 fc.doFilter(req, resp);
\r
113 if (hreq.isUserInRole(type + '|' + path + '|' + meth)) {
\r
116 "%s is allowed access to %s %s\n",
\r
117 hreq.getUserPrincipal().getName(),
\r
120 fc.doFilter(req, resp);
\r
124 "%s is denied access to %s %s\n",
\r
125 hreq.getUserPrincipal().getName(),
\r
128 ((HttpServletResponse) resp).sendError(HttpServletResponse.SC_UNAUTHORIZED);
\r
133 public void destroy() {}
\r