2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.openecomp.policy.rest;
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.openecomp.policy.common.logging.eelf.MessageCodes;
26 import org.openecomp.policy.common.logging.eelf.PolicyLogger;
27 import org.openecomp.policy.rest.jpa.UserInfo;
28 import org.openecomp.policy.xacml.api.XACMLErrorConstants;
30 import com.att.research.xacml.api.DataTypeException;
31 import com.att.research.xacml.api.Decision;
32 import com.att.research.xacml.api.Request;
33 import com.att.research.xacml.api.Response;
34 import com.att.research.xacml.api.Result;
35 import com.att.research.xacml.api.pdp.PDPEngine;
36 import com.att.research.xacml.api.pdp.PDPEngineFactory;
37 import com.att.research.xacml.api.pdp.PDPException;
38 import com.att.research.xacml.std.annotations.RequestParser;
39 import com.att.research.xacml.std.annotations.XACMLAction;
40 import com.att.research.xacml.std.annotations.XACMLRequest;
41 import com.att.research.xacml.std.annotations.XACMLResource;
42 import com.att.research.xacml.std.annotations.XACMLSubject;
43 import com.att.research.xacml.util.FactoryException;
47 public class XacmlAdminAuthorization {
48 private static Log logger = LogFactory.getLog(XacmlAdminAuthorization.class);
50 private static UserInfo userId;
51 public static UserInfo getUserId() {
55 public void setUserId(UserInfo userId) {
56 XacmlAdminAuthorization.userId = userId;
59 public enum AdminAction {
60 ACTION_ACCESS("access"),
62 ACTION_WRITE("write"),
63 ACTION_ADMIN("admin");
66 AdminAction(String a) {
69 public String toString() {
74 public enum AdminResource {
75 RESOURCE_APPLICATION("application"),
76 RESOURCE_POLICY_WORKSPACE("workspace"),
77 RESOURCE_POLICY_EDITOR("editor"),
78 RESOURCE_DICTIONARIES("dictionaries"),
79 RESOURCE_PDP_ADMIN("pdp_admin"),
80 RESOURCE_PIP_ADMIN("pip_admin"),
81 RESOURCE_SCOPES_SUPERADMIN("manage_scopes");
84 AdminResource(String r) {
87 public String toString() {
95 ROLE_EDITOR("editor"),
96 ROLE_SUPERGUEST("super-guest"),
97 ROLE_SUPEREDITOR("super-editor"),
98 ROLE_SUPERADMIN("super-admin");
105 public String toString() {
106 return this.userRole;
110 @XACMLRequest(ReturnPolicyIdList=true)
111 public class AuthorizationRequest {
113 @XACMLSubject(includeInResults=true)
122 public AuthorizationRequest(String userId, String action, String resource) {
123 this.userID = userId;
124 this.action = action;
125 this.resource = resource;
128 public String getUserID() {
132 public void setUserID(String userID) {
133 this.userID = userID;
136 public String getAction() {
140 public void setAction(String action) {
141 this.action = action;
144 public String getResource() {
148 public void setResource(String resource) {
149 this.resource = resource;
156 protected PDPEngine pdpEngine;
158 public XacmlAdminAuthorization() {
159 PDPEngineFactory pdpEngineFactory = null;
161 pdpEngineFactory = PDPEngineFactory.newInstance();
162 if (pdpEngineFactory == null) {
163 logger.error("Failed to create PDP Engine Factory");
164 PolicyLogger.error("Failed to create PDP Engine Factory");
166 this.pdpEngine = pdpEngineFactory.newEngine();
167 } catch (FactoryException e) {
168 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage());
169 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine");
173 public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) {
174 logger.info("authorize: " + userid + " to " + action + " with " + resource);
175 if (this.pdpEngine == null) {
176 logger.warn("no pdp engine available to authorize");
181 request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
182 } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
183 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage());
184 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request");
187 if (request == null) {
188 logger.error("Failed to parse request.");
189 PolicyLogger.error("Failed to parse request");
192 logger.info("Request: " + request);
197 Response response = this.pdpEngine.decide(request);
198 if (response == null) {
199 logger.error("Null response from PDP decide");
200 PolicyLogger.error("Null response from PDP decide");
203 // Should only be one result
205 for (Result result : response.getResults()) {
206 Decision decision = result.getDecision();
207 logger.info("Decision: " + decision);
208 if (decision.equals(Decision.PERMIT)) {
212 } catch (PDPException e) {
213 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage());
214 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed");