2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017 Amdocs
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.aaiauth.auth;
24 import com.fasterxml.jackson.databind.JsonNode;
25 import com.fasterxml.jackson.databind.ObjectMapper;
28 import java.util.ArrayList;
29 import java.util.HashMap;
30 import java.util.List;
33 import org.onap.aaiauth.util.AuthConstants;
35 public class AuthCore {
37 private String authFilename;
38 public ObjectMapper mapper;
40 private enum HTTP_METHODS {
41 POST, GET, PUT, DELETE, PATCH
44 public AuthCore(String filename) throws Exception {
45 this.authFilename = filename;
49 private static boolean usersInitialized = false;
50 private static HashMap<String, AuthUser> users;
52 public String getConfigFile() {
53 return this.authFilename;
57 * Loads the auth file and caches a list of authorized users.
60 * - Absolute path of the file where authorized users are listed.
62 public synchronized void loadUsers(String authFilename) throws Exception {
63 users = new HashMap<>();
65 mapper = new ObjectMapper(); // can reuse, share globally
66 JsonNode rootNode = mapper.readTree(new File(authFilename));
67 JsonNode rolesNode = rootNode.path(AuthConstants.ROLES_NODE_PATH);
69 for (JsonNode roleNode : rolesNode) {
70 String roleName = roleNode.path(AuthConstants.ROLE_NAME_PATH).asText();
72 AuthRole role = new AuthRole();
73 JsonNode usersNode = roleNode.path(AuthConstants.USERS_NODE_PATH);
74 JsonNode functionsNode = roleNode.path(AuthConstants.FUNCTIONS_NODE_PATH);
75 for (JsonNode functionNode : functionsNode) {
76 String function = functionNode.path(AuthConstants.FUNCTION_NAME_PATH).asText();
77 JsonNode methodsNode = functionNode.path(AuthConstants.METHODS_NODE_PATH);
78 boolean hasMethods = handleMethodNode(methodsNode, role, function);
81 // iterate the list from HTTP_METHODS
82 for (HTTP_METHODS meth : HTTP_METHODS.values()) {
83 String thisFunction = meth.toString() + ":" + function;
85 role.addAllowedFunction(thisFunction);
90 handleUserNode(usersNode, roleName, role);
93 usersInitialized = true;
96 private boolean handleMethodNode(JsonNode methodsNode, AuthRole role, String function) {
97 boolean hasMethods = false;
98 for (JsonNode methodNode : methodsNode) {
99 String methodName = methodNode.path(AuthConstants.METHOD_NAME_PATH).asText();
101 String thisFunction = methodName + ":" + function;
103 role.addAllowedFunction(thisFunction);
108 private void handleUserNode(JsonNode usersNode, String roleName, AuthRole role) {
109 for (JsonNode userNode : usersNode) {
110 // make the user lower case
111 String node = userNode.path(AuthConstants.USER_NODE_PATH).asText().toLowerCase();
113 if (users.containsKey(node)) {
114 user = users.get(node);
116 user = new AuthUser();
120 user.addRole(roleName, role);
121 users.put(node, user);
125 public class AuthUser {
128 this.roles = new HashMap<>();
131 private String username;
132 private HashMap<String, AuthRole> roles;
134 public String getUser() {
135 return this.username;
138 public Map<String, AuthRole> getRoles() {
142 public void addRole(String roleName, AuthRole role) {
143 this.roles.put(roleName, role);
147 * Returns true if the user has permissions for the function, otherwise returns false.
150 * - String value of the function.
152 public boolean checkAllowed(String checkFunc) {
153 for (Map.Entry<String, AuthRole> roleEntry : this.roles.entrySet()) {
154 AuthRole role = roleEntry.getValue();
155 if (role.hasAllowedFunction(checkFunc)) {
156 // break out as soon as we find it
160 // we would have got positive confirmation had it been there
164 public void setUser(String myuser) {
165 this.username = myuser;
169 public static class AuthRole {
172 this.allowedFunctions = new ArrayList<>();
175 private List<String> allowedFunctions;
177 public void addAllowedFunction(String func) {
178 this.allowedFunctions.add(func);
182 * Remove the function from the user's list of allowed functions.
185 * - String value of the function.
187 public void delAllowedFunction(String delFunc) {
188 if (this.allowedFunctions.contains(delFunc)) {
189 this.allowedFunctions.remove(delFunc);
194 * Returns true if the user has permissions to use the function, otherwise returns false.
197 * - String value of the function.
199 public boolean hasAllowedFunction(String afunc) {
200 return this.allowedFunctions.contains(afunc);
205 * Returns a hash-map of all users which have been loaded and initialized.
207 public Map<String, AuthUser> getUsers(String key) throws Exception {
208 if (!usersInitialized || (users == null)) {
209 loadUsers(this.authFilename);
215 * Returns true if the user is allowed to access a function.
218 * - String value of user
219 * @param authFunction
220 * - String value of the function.
222 public boolean authorize(String username, String authFunction) {
223 AuthUser user = users.get(username);
224 return user != null && user.checkAllowed(authFunction);