2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property.
6 * Copyright © 2017 Amdocs
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
22 * ECOMP and OpenECOMP are trademarks
23 * and service marks of AT&T Intellectual Property.
25 package org.openecomp.auth;
27 import com.fasterxml.jackson.databind.JsonNode;
28 import com.fasterxml.jackson.databind.ObjectMapper;
29 import org.openecomp.util.AuthConstants;
32 import java.util.ArrayList;
33 import java.util.HashMap;
34 import java.util.List;
38 public class AuthCore {
40 private String authFilename;
41 public ObjectMapper mapper;
43 private static enum HTTP_METHODS {
44 POST, GET, PUT, DELETE, PATCH
47 public AuthCore(String filename) throws Exception {
48 this.authFilename = filename;
52 private static boolean usersInitialized = false;
53 private static HashMap<String, AuthUser> users;
55 public String getConfigFile() {
56 return this.authFilename;
60 * Loads the auth file and caches a list of authorized users.
62 * - Absolute path of the file where authorized users are listed.
64 public synchronized void loadUsers(String authFilename) throws Exception {
65 users = new HashMap<String, AuthUser>();
67 mapper = new ObjectMapper(); // can reuse, share globally
68 JsonNode rootNode = mapper.readTree(new File(authFilename));
69 JsonNode rolesNode = rootNode.path(AuthConstants.rolesNodePath);
71 for (JsonNode roleNode : rolesNode) {
72 String roleName = roleNode.path(AuthConstants.roleNamePath).asText();
74 AuthRole role = new AuthRole();
75 JsonNode usersNode = roleNode.path(AuthConstants.usersNodePath);
76 JsonNode functionsNode = roleNode.path(AuthConstants.functionsNodePath);
77 for (JsonNode functionNode : functionsNode) {
78 String function = functionNode.path(AuthConstants.functionNamePath).asText();
79 JsonNode methodsNode = functionNode.path(AuthConstants.methodsNodePath);
80 boolean hasMethods = false;
81 for (JsonNode methodNode : methodsNode) {
82 String methodName = methodNode.path(AuthConstants.methodNamePath).asText();
84 String thisFunction = methodName + ":" + function;
86 role.addAllowedFunction(thisFunction);
89 if (hasMethods == false) {
90 // iterate the list from HTTP_METHODS
91 for (HTTP_METHODS meth : HTTP_METHODS.values()) {
92 String thisFunction = meth.toString() + ":" + function;
94 role.addAllowedFunction(thisFunction);
99 for (JsonNode userNode : usersNode) {
100 // make the user lower case
101 String node = userNode.path(AuthConstants.userNodePath).asText().toLowerCase();
102 AuthUser user = null;
103 if (users.containsKey(node)) {
104 user = users.get(node);
106 user = new AuthUser();
110 user.addRole(roleName, role);
111 users.put(node, user);
115 usersInitialized = true;
119 public class AuthUser {
121 this.roles = new HashMap<String, AuthRole>();
124 private String username;
125 private HashMap<String, AuthRole> roles;
127 public String getUser() {
128 return this.username;
131 public HashMap<String, AuthRole> getRoles() {
135 public void addRole(String roleName, AuthRole role) {
136 this.roles.put(roleName, role);
140 * Returns true if the user has permissions for the function, otherwise returns false.
142 * - String value of the function.
144 public boolean checkAllowed(String checkFunc) {
145 for (Map.Entry<String, AuthRole> roleEntry : this.roles.entrySet()) {
146 AuthRole role = roleEntry.getValue();
147 if (role.hasAllowedFunction(checkFunc)) {
148 // break out as soon as we find it
152 // we would have got positive confirmation had it been there
156 public void setUser(String myuser) {
157 this.username = myuser;
162 public static class AuthRole {
164 this.allowedFunctions = new ArrayList<String>();
167 private List<String> allowedFunctions;
169 public void addAllowedFunction(String func) {
170 this.allowedFunctions.add(func);
174 * Remove the function from the user's list of allowed functions.
176 * - String value of the function.
178 public void delAllowedFunction(String delFunc) {
179 if (this.allowedFunctions.contains(delFunc)) {
180 this.allowedFunctions.remove(delFunc);
185 * Returns true if the user has permissions to use the function, otherwise returns false.
187 * - String value of the function.
189 public boolean hasAllowedFunction(String afunc) {
190 if (this.allowedFunctions.contains(afunc)) {
199 * Returns a hash-map of all users which have been loaded and initialized.
201 public HashMap<String, AuthUser> getUsers(String key) throws Exception {
202 if (!usersInitialized || (users == null)) {
203 loadUsers(this.authFilename);
209 * Returns true if the user is allowed to access a function.
211 * - String value of user
212 * @param authFunction
213 * - String value of the function.
215 public boolean authorize(String username, String authFunction) throws Exception {
216 AuthUser user = users.get(username);
217 return user != null && user.checkAllowed(authFunction);