2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017 Amdocs
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 package org.onap.aaiauth.auth;
23 import com.fasterxml.jackson.databind.JsonNode;
24 import com.fasterxml.jackson.databind.ObjectMapper;
26 import java.util.ArrayList;
27 import java.util.HashMap;
28 import java.util.List;
30 import org.onap.aaiauth.util.AuthConstants;
33 public class AuthCore {
35 private String authFilename;
36 public ObjectMapper mapper;
38 private enum HTTP_METHODS {
39 POST, GET, PUT, DELETE, PATCH
42 public AuthCore(String filename) throws Exception {
43 this.authFilename = filename;
47 private static boolean usersInitialized = false;
48 private static HashMap<String, AuthUser> users;
50 public String getConfigFile() {
51 return this.authFilename;
55 * Loads the auth file and caches a list of authorized users.
57 * - Absolute path of the file where authorized users are listed.
59 public synchronized void loadUsers(String authFilename) throws Exception {
60 users = new HashMap<>();
62 mapper = new ObjectMapper(); // can reuse, share globally
63 JsonNode rootNode = mapper.readTree(new File(authFilename));
64 JsonNode rolesNode = rootNode.path(AuthConstants.ROLES_NODE_PATH);
66 for (JsonNode roleNode : rolesNode) {
67 String roleName = roleNode.path(AuthConstants.ROLE_NAME_PATH).asText();
69 AuthRole role = new AuthRole();
70 JsonNode usersNode = roleNode.path(AuthConstants.USERS_NODE_PATH);
71 JsonNode functionsNode = roleNode.path(AuthConstants.FUNCTIONS_NODE_PATH);
72 for (JsonNode functionNode : functionsNode) {
73 String function = functionNode.path(AuthConstants.FUNCTION_NAME_PATH).asText();
74 JsonNode methodsNode = functionNode.path(AuthConstants.METHODS_NODE_PATH);
75 boolean hasMethods = handleMethodNode(methodsNode, role, function);
78 // iterate the list from HTTP_METHODS
79 for (HTTP_METHODS meth : HTTP_METHODS.values()) {
80 String thisFunction = meth.toString() + ":" + function;
82 role.addAllowedFunction(thisFunction);
87 handleUserNode(usersNode, roleName, role);
90 usersInitialized = true;
93 private boolean handleMethodNode(JsonNode methodsNode, AuthRole role, String function) {
94 boolean hasMethods = false;
95 for (JsonNode methodNode : methodsNode) {
96 String methodName = methodNode.path(AuthConstants.METHOD_NAME_PATH).asText();
98 String thisFunction = methodName + ":" + function;
100 role.addAllowedFunction(thisFunction);
105 private void handleUserNode(JsonNode usersNode, String roleName, AuthRole role) {
106 for (JsonNode userNode : usersNode) {
107 // make the user lower case
108 String node = userNode.path(AuthConstants.USER_NODE_PATH).asText().toLowerCase();
110 if (users.containsKey(node)) {
111 user = users.get(node);
113 user = new AuthUser();
117 user.addRole(roleName, role);
118 users.put(node, user);
122 public class AuthUser {
125 this.roles = new HashMap<>();
128 private String username;
129 private HashMap<String, AuthRole> roles;
131 public String getUser() {
132 return this.username;
135 public Map<String, AuthRole> getRoles() {
139 public void addRole(String roleName, AuthRole role) {
140 this.roles.put(roleName, role);
144 * Returns true if the user has permissions for the function, otherwise returns false.
146 * - String value of the function.
148 public boolean checkAllowed(String checkFunc) {
149 for (Map.Entry<String, AuthRole> roleEntry : this.roles.entrySet()) {
150 AuthRole role = roleEntry.getValue();
151 if (role.hasAllowedFunction(checkFunc)) {
152 // break out as soon as we find it
156 // we would have got positive confirmation had it been there
160 public void setUser(String myuser) {
161 this.username = myuser;
165 public static class AuthRole {
168 this.allowedFunctions = new ArrayList<>();
171 private List<String> allowedFunctions;
173 public void addAllowedFunction(String func) {
174 this.allowedFunctions.add(func);
178 * Remove the function from the user's list of allowed functions.
180 * - String value of the function.
182 public void delAllowedFunction(String delFunc) {
183 if (this.allowedFunctions.contains(delFunc)) {
184 this.allowedFunctions.remove(delFunc);
189 * Returns true if the user has permissions to use the function, otherwise returns false.
191 * - String value of the function.
193 public boolean hasAllowedFunction(String afunc) {
194 return this.allowedFunctions.contains(afunc);
199 * Returns a hash-map of all users which have been loaded and initialized.
201 public Map<String, AuthUser> getUsers(String key) throws Exception {
202 if (!usersInitialized || (users == null)) {
203 loadUsers(this.authFilename);
209 * Returns true if the user is allowed to access a function.
211 * - String value of user
212 * @param authFunction
213 * - String value of the function.
215 public boolean authorize(String username, String authFunction) {
216 AuthUser user = users.get(username);
217 return user != null && user.checkAllowed(authFunction);