2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.rserv;
24 import java.io.IOException;
25 import java.security.Principal;
27 import javax.servlet.Filter;
28 import javax.servlet.FilterChain;
29 import javax.servlet.FilterConfig;
30 import javax.servlet.ServletException;
31 import javax.servlet.ServletRequest;
32 import javax.servlet.ServletResponse;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
36 import org.onap.aaf.auth.env.AuthzTrans;
37 import org.onap.aaf.cadi.Access;
38 import org.onap.aaf.cadi.CadiException;
39 import org.onap.aaf.cadi.CadiWrap;
40 import org.onap.aaf.cadi.Connector;
41 import org.onap.aaf.cadi.LocatorException;
42 import org.onap.aaf.cadi.Lur;
43 import org.onap.aaf.cadi.TrustChecker;
44 import org.onap.aaf.cadi.config.Config;
45 import org.onap.aaf.cadi.filter.CadiHTTPManip;
46 import org.onap.aaf.cadi.taf.TafResp;
47 import org.onap.aaf.cadi.taf.TafResp.RESP;
48 import org.onap.aaf.misc.env.Env;
49 import org.onap.aaf.misc.env.TimeTaken;
50 import org.onap.aaf.misc.env.TransStore;
51 import org.onap.aaf.misc.env.util.Split;
54 * Create a new Transaction Object for each and every incoming Transaction
56 * Attach to Request. User "FilterHolder" mechanism to retain single instance.
58 * TransFilter includes CADIFilter as part of the package, so that it can
59 * set User Data, etc, as necessary.
64 public abstract class TransFilter<TRANS extends TransStore> implements Filter {
65 public static final String TRANS_TAG = "__TRANS__";
67 private CadiHTTPManip cadi;
69 private final String[] no_authn;
71 public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException {
72 cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
73 String no = access.getProperty(Config.CADI_NOAUTHN, null);
75 no_authn = Split.split(':', no);
82 public void init(FilterConfig filterConfig) throws ServletException {
85 protected Lur getLur() {
89 protected abstract TRANS newTrans(HttpServletRequest request,HttpServletResponse response);
90 protected abstract TimeTaken start(TRANS trans);
91 protected abstract void authenticated(TRANS trans, Principal p);
92 protected abstract void tallyHo(TRANS trans, String target);
95 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
96 HttpServletRequest req = (HttpServletRequest)request;
97 HttpServletResponse res = (HttpServletResponse)response;
99 TRANS trans = newTrans(req,res);
101 TimeTaken overall = start(trans);
102 String target = "n/a";
104 request.setAttribute(TRANS_TAG, trans);
106 if (no_authn!=null) {
107 for (String prefix : no_authn) {
108 if (req.getPathInfo().startsWith(prefix)) {
109 chain.doFilter(request, response);
115 TimeTaken security = trans.start("CADI Security", Env.SUB);
120 resp = cadi.validate(req,res,trans);
121 Object tag = req.getAttribute("CRED_TAG");
123 ((AuthzTrans)trans).setTag(tag.toString());
125 switch(r=resp.isAuthenticated()) {
126 case IS_AUTHENTICATED:
127 cw = new CadiWrap(req,resp,cadi.getLur());
128 authenticated(trans, cw.getUserPrincipal());
137 if (r==RESP.IS_AUTHENTICATED) {
138 trans.checkpoint(resp.desc());
139 if (cadi.notCadi(cw, res)) {
140 chain.doFilter(cw, response);
143 //TODO this is a good place to check if too many checks recently
144 // Would need Cached Counter objects that are cleaned up on
146 trans.checkpoint(resp.desc(),Env.ALWAYS);
147 if (resp.isFailedAttempt()) {
148 target = resp.getTarget();
151 } catch (Exception e) {
152 trans.error().log(e);
153 trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
154 throw new ServletException(e);
157 tallyHo(trans,target);
162 public void destroy() {