openecomp-be/api/openecomp-sdc-rest-webapp/onboarding-rest-war/src/main/java/org/openecomp/server/filters/ActionAuthenticationFilter.java

   1 /*
   2  * Copyright © 2018 European Support Limited
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15 */
  16
  17 package org.openecomp.server.filters;
  18
  19 import org.openecomp.sdc.logging.api.Logger;
  20 import org.openecomp.sdc.logging.api.LoggerFactory;
  21
  22 import javax.servlet.*;
  23 import javax.servlet.http.HttpServletRequest;
  24 import javax.servlet.http.HttpServletRequestWrapper;
  25 import javax.servlet.http.HttpServletResponse;
  26 import java.io.IOException;
  27 import java.security.Principal;
  28 import java.util.Base64;
  29
  30 public class ActionAuthenticationFilter implements Filter {
  31
  32   private final Logger log = (Logger) LoggerFactory.getLogger(this.getClass().getName());
  33   private boolean runningOnLocal = true;
  34
  35   @Override
  36   public void destroy() {
  37     // TODO Auto-generated method stub
  38
  39   }
  40
  41   @Override
  42   public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2)
  43       throws IOException, ServletException {
  44     if (runningOnLocal) {
  45
  46       HttpServletRequest httpRequest = (HttpServletRequest) arg0;
  47       String authorizationHeader = httpRequest.getHeader("Authorization");
  48       if (authorizationHeader != null && !authorizationHeader.isEmpty()) {
  49         String username;
  50         try {
  51           String base64Credentials =
  52               httpRequest.getHeader("Authorization").replace("Basic", "").trim();
  53           String decodedCredentials = new String(Base64.getDecoder().decode(base64Credentials));
  54           username = decodedCredentials.substring(0, decodedCredentials.indexOf(":"));
  55         } catch (Exception exception) {
  56           log.error("Failed to decode credentials", exception);
  57           setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_FORBIDDEN);
  58           return;
  59         }
  60         if (username.startsWith("AUTH")) {
  61           HttpServletRequestWrapper servletRequest = new HttpServletRequestWrapper(httpRequest) {
  62             @Override
  63             public java.lang.String getRemoteUser() {
  64               return getUserPrincipal().getName();
  65             }
  66
  67             @Override
  68             public Principal getUserPrincipal() {
  69               return () -> username.substring(0, username.indexOf("-"));
  70             }
  71
  72             @Override
  73             public boolean isUserInRole(String role) {
  74               try {
  75                 ActionLibraryPrivilege requiredPrivilege =
  76                     ActionLibraryPrivilege.getPrivilege(httpRequest.getMethod());
  77                 ActionLibraryPrivilege userPrivilege = ActionLibraryPrivilege
  78                     .valueOf(username.substring(username.indexOf("-") + 1).toUpperCase());
  79                 return userPrivilege.ordinal() >= requiredPrivilege.ordinal();
  80               } catch (Exception exception) {
  81                 log.error("Failed to validate UserInRole", exception);
  82                 return false;
  83               }
  84             }
  85           };
  86           arg2.doFilter(servletRequest, arg1);
  87         } else {
  88           setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_FORBIDDEN);
  89         }
  90       } else {
  91         setResponseStatus((HttpServletResponse) arg1, HttpServletResponse.SC_UNAUTHORIZED);
  92       }
  93     } else {
  94       //call super doFilter of cadi authentication filter
  95     }
  96
  97
  98   }
  99
 100   private void setResponseStatus(HttpServletResponse response, int status) {
 101     response.setStatus(status);
 102   }
 103
 104   @Override
 105   public void init(FilterConfig arg0) throws ServletException {
 106
 107   }
 108
 109 }