2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
21 package org.onap.aai.aaf.filters;
23 import org.onap.aai.aaf.auth.AafRequestFilter;
24 import org.springframework.beans.factory.annotation.Autowired;
25 import org.springframework.beans.factory.annotation.Value;
26 import org.springframework.boot.web.servlet.filter.OrderedRequestContextFilter;
27 import org.springframework.context.annotation.Profile;
28 import org.springframework.context.annotation.PropertySource;
29 import org.springframework.stereotype.Component;
31 import javax.servlet.FilterChain;
32 import javax.servlet.ServletException;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
35 import java.io.IOException;
36 import java.util.ArrayList;
37 import java.util.Arrays;
38 import java.util.List;
39 import java.util.Properties;
40 import java.util.stream.Collectors;
44 * AAF with client cert authorization filter
48 @Profile(AafProfiles.AAF_CERT_AUTHENTICATION)
49 @PropertySource(value = "file:${CONFIG_HOME}/aaf/permissions.properties", ignoreResourceNotFound = true)
50 @PropertySource(value = "file:${server.local.startpath}/aaf/permissions.properties", ignoreResourceNotFound = true)
51 public class AafCertAuthorizationFilter extends OrderedRequestContextFilter {
53 private static final String ADVANCED = "advanced";
54 private static final String BASIC = "basic";
60 private CadiProps cadiProps;
62 private List<String> advancedKeywordsList;
65 public AafCertAuthorizationFilter(
66 @Value("${permission.type}") String type,
67 @Value("${permission.instance}") String instance,
68 @Value("${advanced.keywords.list:}") String advancedKeys,
72 this.instance = instance;
73 this.cadiProps = cadiProps;
74 if(advancedKeys == null || advancedKeys.isEmpty()){
75 this.advancedKeywordsList = new ArrayList<>();
77 this.advancedKeywordsList = Arrays.stream(advancedKeys.split(","))
78 .collect(Collectors.toList());
80 this.setOrder(FilterPriority.AAF_CERT_AUTHORIZATION.getPriority());
84 protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws IOException, ServletException {
85 if(advancedKeywordsList == null || advancedKeywordsList.size() == 0){
86 String permission = String.format("%s|%s|%s", type, instance, request.getMethod().toLowerCase());
87 AafRequestFilter.authorizationFilter(request, response, filterChain, permission, cadiProps.getCadiProperties());
89 boolean isAdvanced = this.containsAdvancedKeywords(request);
91 //if the URI contains advanced.keywords it's an advanced query
92 String queryType = isAdvanced ? ADVANCED : BASIC;
93 String permission = String.format("%s|%s|%s", type, instance, queryType);
94 AafRequestFilter.authorizationFilter(request, response, filterChain, permission, cadiProps.getCadiProperties());
98 private boolean containsAdvancedKeywords(HttpServletRequest request) {
99 String uri = request.getRequestURI();
100 for (String keyword: advancedKeywordsList) {
101 if (uri.contains(keyword)) {