2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.policy.rest;
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.onap.policy.common.logging.eelf.MessageCodes;
26 import org.onap.policy.common.logging.eelf.PolicyLogger;
27 import org.onap.policy.rest.jpa.UserInfo;
28 import org.onap.policy.xacml.api.XACMLErrorConstants;
30 import com.att.research.xacml.api.DataTypeException;
31 import com.att.research.xacml.api.Decision;
32 import com.att.research.xacml.api.Request;
33 import com.att.research.xacml.api.Response;
34 import com.att.research.xacml.api.Result;
35 import com.att.research.xacml.api.pdp.PDPEngine;
36 import com.att.research.xacml.api.pdp.PDPEngineFactory;
37 import com.att.research.xacml.api.pdp.PDPException;
38 import com.att.research.xacml.std.annotations.RequestParser;
39 import com.att.research.xacml.std.annotations.XACMLAction;
40 import com.att.research.xacml.std.annotations.XACMLRequest;
41 import com.att.research.xacml.std.annotations.XACMLResource;
42 import com.att.research.xacml.std.annotations.XACMLSubject;
43 import com.att.research.xacml.util.FactoryException;
47 public class XacmlAdminAuthorization {
48 private static Log logger = LogFactory.getLog(XacmlAdminAuthorization.class);
50 private static UserInfo userId;
51 public static UserInfo getUserId() {
55 public static void setUserId(UserInfo userId) {
56 XacmlAdminAuthorization.userId = userId;
59 public enum AdminAction {
60 ACTION_ACCESS("access"),
62 ACTION_WRITE("write"),
63 ACTION_ADMIN("admin");
66 AdminAction(String a) {
70 public String toString() {
75 public enum AdminResource {
76 RESOURCE_APPLICATION("application"),
77 RESOURCE_POLICY_WORKSPACE("workspace"),
78 RESOURCE_POLICY_EDITOR("editor"),
79 RESOURCE_DICTIONARIES("dictionaries"),
80 RESOURCE_PDP_ADMIN("pdp_admin"),
81 RESOURCE_PIP_ADMIN("pip_admin"),
82 RESOURCE_SCOPES_SUPERADMIN("manage_scopes");
85 AdminResource(String r) {
89 public String toString() {
97 ROLE_EDITOR("editor"),
98 ROLE_SUPERGUEST("super-guest"),
99 ROLE_SUPEREDITOR("super-editor"),
100 ROLE_SUPERADMIN("super-admin");
108 public String toString() {
109 return this.userRole;
113 @XACMLRequest(ReturnPolicyIdList=true)
114 public class AuthorizationRequest {
116 @XACMLSubject(includeInResults=true)
125 public AuthorizationRequest(String userId, String action, String resource) {
126 this.userID = userId;
127 this.action = action;
128 this.resource = resource;
131 public String getUserID() {
135 public void setUserID(String userID) {
136 this.userID = userID;
139 public String getAction() {
143 public void setAction(String action) {
144 this.action = action;
147 public String getResource() {
151 public void setResource(String resource) {
152 this.resource = resource;
159 protected PDPEngine pdpEngine;
161 public XacmlAdminAuthorization() {
162 PDPEngineFactory pdpEngineFactory = null;
164 pdpEngineFactory = PDPEngineFactory.newInstance();
165 if (pdpEngineFactory == null) {
166 logger.error("Failed to create PDP Engine Factory");
167 PolicyLogger.error("Failed to create PDP Engine Factory");
169 this.pdpEngine = pdpEngineFactory.newEngine();
170 } catch (FactoryException e) {
171 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage());
172 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine");
176 public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) {
177 logger.info("authorize: " + userid + " to " + action + " with " + resource);
178 if (this.pdpEngine == null) {
179 logger.warn("no pdp engine available to authorize");
184 request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString()));
185 } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) {
186 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage());
187 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request");
190 if (request == null) {
191 logger.error("Failed to parse request.");
192 PolicyLogger.error("Failed to parse request");
195 logger.info("Request: " + request);
200 Response response = this.pdpEngine.decide(request);
201 if (response == null) {
202 logger.error("Null response from PDP decide");
203 PolicyLogger.error("Null response from PDP decide");
206 // Should only be one result
208 if(response != null){
209 for (Result result : response.getResults()) {
210 Decision decision = result.getDecision();
211 logger.info("Decision: " + decision);
212 if (decision.equals(Decision.PERMIT)) {
217 } catch (PDPException e) {
218 logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage());
219 PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed");