2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property.
6 * Copyright © 2017 Amdocs
8 * ================================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
20 * ============LICENSE_END=========================================================
22 * ECOMP and OpenECOMP are trademarks
23 * and service marks of AT&T Intellectual Property.
25 package org.openecomp.auth;
27 import com.fasterxml.jackson.databind.JsonNode;
28 import com.fasterxml.jackson.databind.ObjectMapper;
30 import java.util.ArrayList;
31 import java.util.HashMap;
32 import java.util.List;
34 import org.openecomp.util.AuthConstants;
37 public class AuthCore {
39 private String authFilename;
40 public ObjectMapper mapper;
42 private enum HTTP_METHODS {
43 POST, GET, PUT, DELETE, PATCH
46 public AuthCore(String filename) throws Exception {
47 this.authFilename = filename;
51 private static boolean usersInitialized = false;
52 private static HashMap<String, AuthUser> users;
54 public String getConfigFile() {
55 return this.authFilename;
59 * Loads the auth file and caches a list of authorized users.
61 * - Absolute path of the file where authorized users are listed.
63 public synchronized void loadUsers(String authFilename) throws Exception {
64 users = new HashMap<>();
66 mapper = new ObjectMapper(); // can reuse, share globally
67 JsonNode rootNode = mapper.readTree(new File(authFilename));
68 JsonNode rolesNode = rootNode.path(AuthConstants.ROLES_NODE_PATH);
70 for (JsonNode roleNode : rolesNode) {
71 String roleName = roleNode.path(AuthConstants.ROLE_NAME_PATH).asText();
73 AuthRole role = new AuthRole();
74 JsonNode usersNode = roleNode.path(AuthConstants.USERS_NODE_PATH);
75 JsonNode functionsNode = roleNode.path(AuthConstants.FUNCTIONS_NODE_PATH);
76 for (JsonNode functionNode : functionsNode) {
77 String function = functionNode.path(AuthConstants.FUNCTION_NAME_PATH).asText();
78 JsonNode methodsNode = functionNode.path(AuthConstants.METHODS_NODE_PATH);
79 boolean hasMethods = handleMethodNode(methodsNode, role, function);
82 // iterate the list from HTTP_METHODS
83 for (HTTP_METHODS meth : HTTP_METHODS.values()) {
84 String thisFunction = meth.toString() + ":" + function;
86 role.addAllowedFunction(thisFunction);
91 handleUserNode(usersNode, roleName, role);
94 usersInitialized = true;
97 private boolean handleMethodNode(JsonNode methodsNode, AuthRole role, String function) {
98 boolean hasMethods = false;
99 for (JsonNode methodNode : methodsNode) {
100 String methodName = methodNode.path(AuthConstants.METHOD_NAME_PATH).asText();
102 String thisFunction = methodName + ":" + function;
104 role.addAllowedFunction(thisFunction);
109 private void handleUserNode(JsonNode usersNode, String roleName, AuthRole role) {
110 for (JsonNode userNode : usersNode) {
111 // make the user lower case
112 String node = userNode.path(AuthConstants.USER_NODE_PATH).asText().toLowerCase();
114 if (users.containsKey(node)) {
115 user = users.get(node);
117 user = new AuthUser();
121 user.addRole(roleName, role);
122 users.put(node, user);
126 public class AuthUser {
129 this.roles = new HashMap<>();
132 private String username;
133 private HashMap<String, AuthRole> roles;
135 public String getUser() {
136 return this.username;
139 public Map<String, AuthRole> getRoles() {
143 public void addRole(String roleName, AuthRole role) {
144 this.roles.put(roleName, role);
148 * Returns true if the user has permissions for the function, otherwise returns false.
150 * - String value of the function.
152 public boolean checkAllowed(String checkFunc) {
153 for (Map.Entry<String, AuthRole> roleEntry : this.roles.entrySet()) {
154 AuthRole role = roleEntry.getValue();
155 if (role.hasAllowedFunction(checkFunc)) {
156 // break out as soon as we find it
160 // we would have got positive confirmation had it been there
164 public void setUser(String myuser) {
165 this.username = myuser;
169 public static class AuthRole {
172 this.allowedFunctions = new ArrayList<>();
175 private List<String> allowedFunctions;
177 public void addAllowedFunction(String func) {
178 this.allowedFunctions.add(func);
182 * Remove the function from the user's list of allowed functions.
184 * - String value of the function.
186 public void delAllowedFunction(String delFunc) {
187 if (this.allowedFunctions.contains(delFunc)) {
188 this.allowedFunctions.remove(delFunc);
193 * Returns true if the user has permissions to use the function, otherwise returns false.
195 * - String value of the function.
197 public boolean hasAllowedFunction(String afunc) {
198 return this.allowedFunctions.contains(afunc);
203 * Returns a hash-map of all users which have been loaded and initialized.
205 public Map<String, AuthUser> getUsers(String key) throws Exception {
206 if (!usersInitialized || (users == null)) {
207 loadUsers(this.authFilename);
213 * Returns true if the user is allowed to access a function.
215 * - String value of user
216 * @param authFunction
217 * - String value of the function.
219 public boolean authorize(String username, String authFunction) {
220 AuthUser user = users.get(username);
221 return user != null && user.checkAllowed(authFunction);