2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 Samsung. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END============================================
19 * ===================================================================
23 package org.openecomp.sdc.be.filters;
25 import fj.data.Either;
26 import java.io.IOException;
27 import java.util.Base64;
28 import java.util.List;
29 import java.util.Optional;
30 import java.util.StringTokenizer;
31 import javax.servlet.Filter;
32 import javax.servlet.FilterChain;
33 import javax.servlet.FilterConfig;
34 import javax.servlet.ServletException;
35 import javax.servlet.ServletRequest;
36 import javax.servlet.ServletResponse;
37 import javax.servlet.http.HttpServletRequest;
38 import javax.servlet.http.HttpServletResponse;
39 import org.openecomp.sdc.be.config.BeEcompErrorManager;
40 import org.openecomp.sdc.be.model.User;
41 import org.openecomp.sdc.be.user.UserBusinessLogic;
42 import org.openecomp.sdc.common.api.Constants;
43 import org.openecomp.sdc.common.log.wrappers.Logger;
44 import org.openecomp.sdc.exception.ResponseFormat;
45 import org.springframework.context.ApplicationContext;
46 import org.springframework.web.context.ContextLoader;
48 public class RestAuthenticationFilter implements Filter {
50 private static final Logger log = Logger.getLogger(RestAuthenticationFilter.class);
51 private UserBusinessLogic userBusinessLogic = getUserBusinessLogic();
54 private UserBusinessLogic getUserBusinessLogic() {
55 ApplicationContext ctx = ContextLoader.getCurrentWebApplicationContext();
56 return (UserBusinessLogic) ctx.getBean("userBusinessLogic");
60 public void doFilter(ServletRequest request, ServletResponse response, FilterChain filter)
61 throws IOException, ServletException {
62 if (request instanceof HttpServletRequest) {
63 HttpServletRequest httpServletRequest = (HttpServletRequest) request;
65 String authHeader = httpServletRequest.getHeader(Constants.AUTHORIZATION_HEADER);
67 if (authHeader != null) {
68 boolean authenticationStatus = authenticate(authHeader);
70 if (authenticationStatus) {
71 filter.doFilter(request, response);
73 unauthorized(response);
76 unauthorized(response);
81 private void unauthorized(ServletResponse response) {
82 if (response instanceof HttpServletResponse) {
83 HttpServletResponse httpServletResponse = (HttpServletResponse) response;
84 httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
88 private boolean authenticate(String authCredentials) {
90 if (null == authCredentials) {
94 final String encodedUserPassword = authCredentials.replaceFirst("Basic" + " ", "");
95 String usernameAndPassword = null;
97 byte[] decodedBytes = Base64.getDecoder().decode(encodedUserPassword);
98 usernameAndPassword = new String(decodedBytes, "UTF-8");
99 } catch (IOException e) {
102 final StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
103 final String username = tokenizer.nextToken();
106 Either<List<User>, ResponseFormat> either = userBusinessLogic.getAllAdminUsers();
108 if (either.isRight()) {
111 if (either.left().value() != null) {
112 List<User> users = either.left().value();
113 Optional<User> user = users.stream().filter(x -> x.getUserId().equals(username)).findFirst();
114 return user.isPresent();
119 } catch (Exception e) {
120 BeEcompErrorManager.getInstance().logBeRestApiGeneralError("Get All Administrators");
121 log.debug("get all admins failed with unexpected error: {}", e);
127 public void destroy() {
131 public void init(FilterConfig arg0) throws ServletException {