1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.cssa.rserv;
\r
25 import java.io.IOException;
\r
26 import java.security.Principal;
\r
28 import javax.servlet.Filter;
\r
29 import javax.servlet.FilterChain;
\r
30 import javax.servlet.FilterConfig;
\r
31 import javax.servlet.ServletException;
\r
32 import javax.servlet.ServletRequest;
\r
33 import javax.servlet.ServletResponse;
\r
34 import javax.servlet.http.HttpServletRequest;
\r
35 import javax.servlet.http.HttpServletResponse;
\r
37 import org.onap.aaf.cadi.Access;
\r
38 import org.onap.aaf.cadi.CadiException;
\r
39 import org.onap.aaf.cadi.CadiWrap;
\r
40 import org.onap.aaf.cadi.Connector;
\r
41 import org.onap.aaf.cadi.Lur;
\r
42 import org.onap.aaf.cadi.TrustChecker;
\r
43 import org.onap.aaf.cadi.filter.CadiHTTPManip;
\r
44 import org.onap.aaf.cadi.taf.TafResp;
\r
45 import org.onap.aaf.cadi.taf.TafResp.RESP;
\r
46 import org.onap.aaf.inno.env.Env;
\r
47 import org.onap.aaf.inno.env.TimeTaken;
\r
48 import org.onap.aaf.inno.env.TransStore;
\r
51 * Create a new Transaction Object for each and every incoming Transaction
\r
53 * Attach to Request. User "FilterHolder" mechanism to retain single instance.
\r
55 * TransFilter includes CADIFilter as part of the package, so that it can
\r
56 * set User Data, etc, as necessary.
\r
60 public abstract class TransFilter<TRANS extends TransStore> implements Filter {
\r
61 public static final String TRANS_TAG = "__TRANS__";
\r
63 private CadiHTTPManip cadi;
\r
65 public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {
\r
66 cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
\r
70 public void init(FilterConfig filterConfig) throws ServletException {
\r
73 protected Lur getLur() {
\r
74 return cadi.getLur();
\r
77 protected abstract TRANS newTrans();
\r
78 protected abstract TimeTaken start(TRANS trans, ServletRequest request);
\r
79 protected abstract void authenticated(TRANS trans, Principal p);
\r
80 protected abstract void tallyHo(TRANS trans);
\r
83 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
\r
84 TRANS trans = newTrans();
\r
86 TimeTaken overall = start(trans,request);
\r
88 request.setAttribute(TRANS_TAG, trans);
\r
90 HttpServletRequest req = (HttpServletRequest)request;
\r
91 HttpServletResponse res = (HttpServletResponse)response;
\r
93 TimeTaken security = trans.start("CADI Security", Env.SUB);
\r
94 // TimeTaken ttvalid;
\r
99 resp = cadi.validate(req,res);
\r
100 switch(r=resp.isAuthenticated()) {
\r
101 case IS_AUTHENTICATED:
\r
102 cw = new CadiWrap(req,resp,cadi.getLur());
\r
103 authenticated(trans, cw.getUserPrincipal());
\r
112 if(r==RESP.IS_AUTHENTICATED) {
\r
113 trans.checkpoint(resp.desc());
\r
114 chain.doFilter(cw, response);
\r
116 //TODO this is a good place to check if too many checks recently
\r
117 // Would need Cached Counter objects that are cleaned up on
\r
119 trans.checkpoint(resp.desc(),Env.ALWAYS);
\r
120 if(resp.isFailedAttempt())
\r
121 trans.audit().log(resp.desc());
\r
123 } catch(Exception e) {
\r
124 trans.error().log(e);
\r
125 trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
\r
126 throw new ServletException(e);
\r
134 public void destroy() {
\r