2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.pap.xacml.restAuth;
23 import java.io.IOException;
25 import javax.servlet.Filter;
26 import javax.servlet.FilterChain;
27 import javax.servlet.FilterConfig;
28 import javax.servlet.ServletException;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.annotation.WebFilter;
32 import javax.servlet.http.HttpServletRequest;
33 import javax.servlet.http.HttpServletResponse;
35 import org.apache.commons.logging.Log;
36 import org.apache.commons.logging.LogFactory;
39 * Servlet Filter implementation class PAPAuthenticationFilter
42 public class PAPAuthenticationFilter implements Filter {
44 private static final Log logger = LogFactory.getLog(PAPAuthenticationFilter.class);
45 public static final String AUTHENTICATION_HEADER = "Authorization";
48 public void doFilter(ServletRequest request, ServletResponse response,
49 FilterChain filter) throws IOException, ServletException {
52 if (request instanceof HttpServletRequest) {
53 HttpServletRequest httpServletRequest = (HttpServletRequest) request;
55 String authCredentials = null;
56 String url = httpServletRequest.getRequestURI();
58 logger.info("Request URI: " + url);
59 System.out.println("Request URI: " + url);
61 //getting authentication credentials
62 if(url.contains("@Auth@")){
63 int authIndex = url.lastIndexOf("@");
64 int endAuthIndex = url.indexOf("/onap");
65 authCredentials = "Basic " + url.substring(authIndex+1, endAuthIndex);
67 //parse the url for /pap/onap/
68 String url1 = url.substring(0, 4);
69 String url2 = url.substring(endAuthIndex, url.length());
73 authCredentials = httpServletRequest.getHeader(AUTHENTICATION_HEADER);
76 // Check Authentication credentials
77 AuthenticationService authenticationService = new AuthenticationService();
78 boolean authenticationStatus = authenticationService.authenticate(authCredentials);
80 if (authenticationStatus) {
81 //indicates the request comes from Traditional Admin Console or PolicyEngineAPI
82 if (url.equals("/pap/")){
83 logger.info("Request comes from Traditional Admin Console or PolicyEngineAPI");
85 //forward request to the XACMLPAPServlet if authenticated
86 request.getRequestDispatcher("/pap/pap/").forward(request, response);
88 }else if (url.startsWith("/pap/onap/")){
90 //indicates the request comes from the ONAP Portal onap-sdk-app
91 if(response instanceof HttpServletResponse) {
92 HttpServletResponse alteredResponse = ((HttpServletResponse)response);
93 addCorsHeader(alteredResponse);
94 logger.info("Request comes from Onap Portal");
95 //Spring dispatcher servlet is at the end of the filter chain at /pap/onap/ path
96 System.out.println("New Request URI: " + url);
97 filter.doFilter(request, response);
98 /*url = url.substring(url.indexOf("/pap/")+4);
99 request.getRequestDispatcher(url).forward(request, response);*/
105 if (response instanceof HttpServletResponse) {
106 HttpServletResponse httpServletResponse = (HttpServletResponse) response;
107 httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
114 //method to add CorsHeaders for onap portal rest call
115 private void addCorsHeader(HttpServletResponse response) {
116 logger.info("Adding Cors Response Headers!!!");
117 response.addHeader("Access-Control-Allow-Origin", "*");
118 response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
119 response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
120 response.addHeader("Access-Control-Max-Age", "1728000");
124 public void destroy() {
128 public void init(FilterConfig arg0) throws ServletException {