2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.aai.aaf.filters;
23 import java.io.IOException;
24 import java.util.ArrayList;
25 import java.util.Arrays;
26 import java.util.List;
27 import java.util.stream.Collectors;
29 import javax.servlet.FilterChain;
30 import javax.servlet.ServletException;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
34 import org.onap.aai.aaf.auth.AafRequestFilter;
35 import org.springframework.beans.factory.annotation.Autowired;
36 import org.springframework.beans.factory.annotation.Value;
37 import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
38 import org.springframework.context.annotation.Profile;
39 import org.springframework.context.annotation.PropertySource;
40 import org.springframework.stereotype.Component;
43 * AAF with client cert authorization filter
47 @Profile(AafProfiles.AAF_CERT_AUTHENTICATION)
48 @PropertySource(value = "file:${CONFIG_HOME}/aaf/permissions.properties", ignoreResourceNotFound = true)
49 @PropertySource(value = "file:${server.local.startpath}/aaf/permissions.properties", ignoreResourceNotFound = true)
50 public class AafCertAuthorizationFilter extends OrderedRequestContextFilter {
52 private static final String ADVANCED = "advanced";
53 private static final String BASIC = "basic";
59 private CadiProps cadiProps;
61 private List<String> advancedKeywordsList;
64 public AafCertAuthorizationFilter(@Value("${permission.type}") String type,
65 @Value("${permission.instance}") String instance, @Value("${advanced.keywords.list:}") String advancedKeys,
66 CadiProps cadiProps) {
68 this.instance = instance;
69 this.cadiProps = cadiProps;
70 if (advancedKeys == null || advancedKeys.isEmpty()) {
71 this.advancedKeywordsList = new ArrayList<>();
73 this.advancedKeywordsList = Arrays.stream(advancedKeys.split(",")).collect(Collectors.toList());
75 this.setOrder(FilterPriority.AAF_CERT_AUTHORIZATION.getPriority());
79 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
80 throws IOException, ServletException {
81 if (advancedKeywordsList == null || advancedKeywordsList.size() == 0) {
82 String permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase());
83 AafRequestFilter.authorizationFilter(request, response, filterChain, permission,
84 cadiProps.getCadiProperties());
86 boolean isAdvanced = this.containsAdvancedKeywords(request);
88 // if the URI contains advanced.keywords it's an advanced query
89 String queryType = isAdvanced ? ADVANCED : BASIC;
90 String permission = String.format("%s|%s|%s", type, instance, queryType);
91 AafRequestFilter.authorizationFilter(request, response, filterChain, permission,
92 cadiProps.getCadiProperties());
96 private boolean containsAdvancedKeywords(HttpServletRequest request) {
97 String uri = request.getRequestURI();
98 for (String keyword : advancedKeywordsList) {
99 if (uri.contains(keyword)) {