2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.aai.aaf.filters;
23 import org.onap.aai.aaf.auth.ResponseFormatter;
24 import org.springframework.beans.factory.annotation.Autowired;
25 import org.springframework.beans.factory.annotation.Value;
26 import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
27 import org.springframework.context.annotation.Profile;
28 import org.springframework.context.annotation.PropertySource;
29 import org.springframework.stereotype.Component;
31 import javax.servlet.FilterChain;
32 import javax.servlet.ServletException;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35 import java.io.IOException;
36 import java.util.ArrayList;
37 import java.util.Arrays;
38 import java.util.List;
39 import java.util.stream.Collectors;
42 * AAF authorization filter
46 @Profile(AafProfiles.AAF_AUTHENTICATION)
47 @PropertySource(value = "file:${CONFIG_HOME}/aaf/permissions.properties", ignoreResourceNotFound = true)
48 @PropertySource(value = "file:${server.local.startpath}/aaf/permissions.properties", ignoreResourceNotFound = true)
49 public class AafAuthorizationFilter extends OrderedRequestContextFilter {
51 private static final String ADVANCED = "advanced";
52 private static final String BASIC = "basic";
54 private final String type;
55 private final String instance;
57 private GremlinFilter gremlinFilter;
59 private List<String> advancedKeywordsList;
62 public AafAuthorizationFilter(
63 GremlinFilter gremlinFilter,
64 @Value("${permission.type}") String type,
65 @Value("${permission.instance}") String instance,
66 @Value("${advanced.keywords.list:}") String advancedKeys
68 this.gremlinFilter = gremlinFilter;
70 this.instance = instance;
71 if(advancedKeys == null || advancedKeys.isEmpty()){
72 this.advancedKeywordsList = new ArrayList<>();
74 this.advancedKeywordsList = Arrays.stream(advancedKeys.split(","))
75 .collect(Collectors.toList());
77 this.setOrder(FilterPriority.AAF_AUTHORIZATION.getPriority());
81 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
82 if(request.getRequestURI().endsWith("/query")){
83 gremlinFilter.doBasicAuthFilter(request, response, filterChain);
86 String permission = null;
88 if(advancedKeywordsList == null || advancedKeywordsList.size() == 0) {
89 permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase());
92 boolean isAdvanced = this.containsAdvancedKeywords(request);
94 //if the URI contains advanced.keywords it's an advanced query
95 String queryType = isAdvanced ? ADVANCED : BASIC;
96 permission = String.format("%s|%s|%s", type, instance, queryType);
99 boolean isAuthorized = request.isUserInRole(permission);
102 ResponseFormatter.errorResponse(request, response);
104 filterChain.doFilter(request,response);
110 private boolean containsAdvancedKeywords(HttpServletRequest request) {
111 String uri = request.getRequestURI();
112 for (String keyword: advancedKeywordsList) {
113 if (uri.contains(keyword)) {