authz-core/src/main/java/com/att/cssa/rserv/TransFilter.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aai\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * Copyright © 2017 Amdocs\r
   7  * * ===========================================================================\r
   8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   9  * * you may not use this file except in compliance with the License.\r
  10  * * You may obtain a copy of the License at\r
  11  * * \r
  12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  13  * * \r
  14  *  * Unless required by applicable law or agreed to in writing, software\r
  15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  17  * * See the License for the specific language governing permissions and\r
  18  * * limitations under the License.\r
  19  * * ============LICENSE_END====================================================\r
  20  * *\r
  21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  22  * *\r
  23  ******************************************************************************/\r
  24 package com.att.cssa.rserv;\r
  25 \r
  26 import java.io.IOException;\r
  27 import java.security.Principal;\r
  28 \r
  29 import javax.servlet.Filter;\r
  30 import javax.servlet.FilterChain;\r
  31 import javax.servlet.FilterConfig;\r
  32 import javax.servlet.ServletException;\r
  33 import javax.servlet.ServletRequest;\r
  34 import javax.servlet.ServletResponse;\r
  35 import javax.servlet.http.HttpServletRequest;\r
  36 import javax.servlet.http.HttpServletResponse;\r
  37 \r
  38 import com.att.cadi.Access;\r
  39 import com.att.cadi.CadiException;\r
  40 import com.att.cadi.CadiWrap;\r
  41 import com.att.cadi.Connector;\r
  42 import com.att.cadi.Lur;\r
  43 import com.att.cadi.TrustChecker;\r
  44 import com.att.cadi.filter.CadiHTTPManip;\r
  45 import com.att.cadi.taf.TafResp;\r
  46 import com.att.cadi.taf.TafResp.RESP;\r
  47 import com.att.inno.env.Env;\r
  48 import com.att.inno.env.TimeTaken;\r
  49 import com.att.inno.env.TransStore;\r
  50 \r
  51 /**\r
  52  * Create a new Transaction Object for each and every incoming Transaction\r
  53  * \r
  54  * Attach to Request.  User "FilterHolder" mechanism to retain single instance.\r
  55  * \r
  56  * TransFilter includes CADIFilter as part of the package, so that it can\r
  57  * set User Data, etc, as necessary.\r
  58  * \r
  59  *\r
  60  */\r
  61 public abstract class TransFilter<TRANS extends TransStore> implements Filter {\r
  62         public static final String TRANS_TAG = "__TRANS__";\r
  63         \r
  64         private CadiHTTPManip cadi;\r
  65         \r
  66         public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {\r
  67                 cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);\r
  68         }\r
  69 \r
  70         @Override\r
  71         public void init(FilterConfig filterConfig) throws ServletException {\r
  72         }\r
  73         \r
  74         protected Lur getLur() {\r
  75                 return cadi.getLur();\r
  76         }\r
  77 \r
  78         protected abstract TRANS newTrans();\r
  79         protected abstract TimeTaken start(TRANS trans, ServletRequest request);\r
  80         protected abstract void authenticated(TRANS trans, Principal p);\r
  81         protected abstract void tallyHo(TRANS trans);\r
  82         \r
  83         @Override\r
  84         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {\r
  85                 TRANS trans = newTrans();\r
  86                 \r
  87                 TimeTaken overall = start(trans,request);\r
  88                 try {\r
  89                         request.setAttribute(TRANS_TAG, trans);\r
  90                         \r
  91                         HttpServletRequest req = (HttpServletRequest)request;\r
  92                         HttpServletResponse res = (HttpServletResponse)response;\r
  93                         \r
  94                         TimeTaken security = trans.start("CADI Security", Env.SUB);\r
  95 //                      TimeTaken ttvalid;\r
  96                         TafResp resp;\r
  97                         RESP r;\r
  98                         CadiWrap cw = null;\r
  99                         try {\r
 100                                 resp = cadi.validate(req,res);\r
 101                                 switch(r=resp.isAuthenticated()) {\r
 102                                         case IS_AUTHENTICATED:\r
 103                                                 cw = new CadiWrap(req,resp,cadi.getLur());\r
 104                                                 authenticated(trans, cw.getUserPrincipal());\r
 105                                                 break;\r
 106                                         default:\r
 107                                                 break;\r
 108                                 }\r
 109                         } finally {\r
 110                                 security.done();\r
 111                         }\r
 112                         \r
 113                         if(r==RESP.IS_AUTHENTICATED) {\r
 114                                 trans.checkpoint(resp.desc());\r
 115                                 chain.doFilter(cw, response);\r
 116                         } else {\r
 117                                 //TODO this is a good place to check if too many checks recently\r
 118                                 // Would need Cached Counter objects that are cleaned up on \r
 119                                 // use\r
 120                                 trans.checkpoint(resp.desc(),Env.ALWAYS);\r
 121                                 if(resp.isFailedAttempt())\r
 122                                                 trans.audit().log(resp.desc());\r
 123                         }\r
 124                 } catch(Exception e) {\r
 125                         trans.error().log(e);\r
 126                         trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());\r
 127                         throw new ServletException(e);\r
 128                 } finally {\r
 129                         overall.done();\r
 130                         tallyHo(trans);\r
 131                 }\r
 132         }\r
 133 \r
 134         @Override\r
 135         public void destroy() {\r
 136         };\r
 137 }\r