2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.aai.aaf.filters;
23 import java.io.IOException;
24 import java.util.ArrayList;
25 import java.util.Arrays;
26 import java.util.List;
27 import java.util.stream.Collectors;
29 import javax.servlet.FilterChain;
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
34 import org.onap.aai.aaf.auth.ResponseFormatter;
35 import org.springframework.beans.factory.annotation.Autowired;
36 import org.springframework.beans.factory.annotation.Value;
37 import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
38 import org.springframework.context.annotation.Profile;
39 import org.springframework.context.annotation.PropertySource;
40 import org.springframework.stereotype.Component;
43 * AAF authorization filter
47 @Profile(AafProfiles.AAF_AUTHENTICATION)
48 @PropertySource(value = "file:${CONFIG_HOME}/aaf/permissions.properties", ignoreResourceNotFound = true)
49 @PropertySource(value = "file:${server.local.startpath}/aaf/permissions.properties", ignoreResourceNotFound = true)
50 public class AafAuthorizationFilter extends OrderedRequestContextFilter {
52 private static final String ADVANCED = "advanced";
53 private static final String BASIC = "basic";
55 private final String type;
56 private final String instance;
58 private GremlinFilter gremlinFilter;
60 private List<String> advancedKeywordsList;
63 public AafAuthorizationFilter(GremlinFilter gremlinFilter, @Value("${permission.type}") String type,
64 @Value("${permission.instance}") String instance,
65 @Value("${advanced.keywords.list:}") String advancedKeys) {
66 this.gremlinFilter = gremlinFilter;
68 this.instance = instance;
69 if (advancedKeys == null || advancedKeys.isEmpty()) {
70 this.advancedKeywordsList = new ArrayList<>();
72 this.advancedKeywordsList = Arrays.stream(advancedKeys.split(",")).collect(Collectors.toList());
74 this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority());
78 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
79 throws IOException, ServletException {
80 if (request.getRequestURI().matches("^.*/util/echo$")) {
81 filterChain.doFilter(request, response);
83 if (request.getRequestURI().endsWith("/query")) {
84 gremlinFilter.doBasicAuthFilter(request, response, filterChain);
87 String permission = null;
89 if (advancedKeywordsList == null || advancedKeywordsList.size() == 0) {
90 permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase());
93 boolean isAdvanced = this.containsAdvancedKeywords(request);
95 // if the URI contains advanced.keywords it's an advanced query
96 String queryType = isAdvanced ? ADVANCED : BASIC;
97 permission = String.format("%s|%s|%s", type, instance, queryType);
100 boolean isAuthorized = request.isUserInRole(permission);
103 ResponseFormatter.errorResponse(request, response);
105 filterChain.doFilter(request, response);
111 private boolean containsAdvancedKeywords(HttpServletRequest request) {
112 String uri = request.getRequestURI();
113 for (String keyword : advancedKeywordsList) {
114 if (uri.contains(keyword)) {