2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017-2018 Amdocs
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 package org.onap.aai.sa.auth;
23 import com.fasterxml.jackson.core.JsonProcessingException;
24 import com.fasterxml.jackson.databind.JsonNode;
25 import com.fasterxml.jackson.databind.ObjectMapper;
27 import java.io.FileNotFoundException;
28 import java.io.FileReader;
29 import java.io.IOException;
30 import java.util.ArrayList;
31 import java.util.HashMap;
32 import java.util.List;
34 import java.util.Timer;
35 import org.json.simple.parser.JSONParser;
36 import org.json.simple.parser.ParseException;
37 import org.onap.aai.cl.api.Logger;
38 import org.onap.aai.cl.eelf.LoggerFactory;
39 import org.onap.aai.sa.searchdbabstraction.util.SearchDbConstants;
41 public class SearchDbServiceAuthCore {
43 private static Logger logger = LoggerFactory.getInstance().getLogger(SearchDbServiceAuthCore.class.getName());
45 private static String authFileName = SearchDbConstants.SDB_AUTH_CONFIG_FILENAME;
47 private enum HTTP_METHODS {
55 private SearchDbServiceAuthCore() {}
57 private static boolean usersInitialized = false;
58 private static HashMap<String, SearchDbAuthUser> users;
59 private static Timer timer = null;
61 public static synchronized void init() {
62 if (SearchDbServiceAuthCore.authFileName == null) {
63 SearchDbServiceAuthCore.authFileName = "/home/aaiadmin/etc/aaipolicy.json";
65 SearchDbServiceAuthCore.reloadUsers();
68 public static void cleanup() {
72 public static synchronized void reloadUsers() {
73 users = new HashMap<>();
74 ObjectMapper mapper = new ObjectMapper(); // can reuse, share globally
75 JSONParser parser = new JSONParser();
77 parser.parse(new FileReader(authFileName));
78 JsonNode rootNode = mapper.readTree(new File(authFileName));
79 JsonNode rolesNode = rootNode.path("roles");
81 for (JsonNode roleNode : rolesNode) {
82 String roleName = roleNode.path("name").asText();
84 TabularAuthRole authRole = new TabularAuthRole();
85 JsonNode usersNode = roleNode.path("users");
86 JsonNode functionsNode = roleNode.path("functions");
87 for (JsonNode functionNode : functionsNode) {
88 String function = functionNode.path("name").asText();
89 JsonNode methodsNode = functionNode.path("methods");
90 boolean hasMethods = false;
91 for (JsonNode methodNode : methodsNode) {
92 String methodName = methodNode.path("name").asText();
94 String thisFunction = methodName + ":" + function;
96 authRole.addAllowedFunction(thisFunction);
100 // iterate the list from HTTP_METHODS
101 for (HTTP_METHODS meth : HTTP_METHODS.values()) {
102 String thisFunction = meth.toString() + ":" + function;
103 authRole.addAllowedFunction(thisFunction);
108 for (JsonNode userNode : usersNode) {
109 String username = userNode.path("username").asText().toLowerCase();
110 SearchDbAuthUser authUser = null;
111 if (users.containsKey(username)) {
112 authUser = users.get(username);
114 authUser = new SearchDbAuthUser();
117 authUser.setUser(username);
118 authUser.addRole(roleName, authRole);
119 users.put(username, authUser);
122 } catch (FileNotFoundException fnfe) {
123 logger.debug("Failed to load the policy file ");
125 } catch (ParseException e) {
126 logger.debug("Failed to Parse the policy file ");
128 } catch (JsonProcessingException e) {
129 logger.debug("JSON processing error while parsing policy file: " + e.getMessage());
131 } catch (IOException e) {
132 logger.debug("IO Exception while parsing policy file: " + e.getMessage());
135 usersInitialized = true;
139 public static class SearchDbAuthUser {
140 public SearchDbAuthUser() {
141 this.roles = new HashMap<>();
144 private String username;
145 private HashMap<String, TabularAuthRole> roles;
147 public String getUser() {
148 return this.username;
151 public Map<String, TabularAuthRole> getRoles() {
155 public void addRole(String roleName, TabularAuthRole authRole) {
156 this.roles.put(roleName, authRole);
159 public boolean checkAllowed(String checkFunc) {
160 for (Map.Entry<String, TabularAuthRole> roleEntry : this.roles.entrySet()) {
161 TabularAuthRole role = roleEntry.getValue();
162 if (role.hasAllowedFunction(checkFunc)) {
163 // break out as soon as we find it
167 // we would have got positive confirmation had it been there
171 public void setUser(String myuser) {
172 this.username = myuser;
177 public static class TabularAuthRole {
178 public TabularAuthRole() {
179 this.allowedFunctions = new ArrayList<>();
182 private List<String> allowedFunctions;
184 public void addAllowedFunction(String func) {
185 this.allowedFunctions.add(func);
188 public void delAllowedFunction(String delFunc) {
189 if (this.allowedFunctions.contains(delFunc)) {
190 this.allowedFunctions.remove(delFunc);
194 public boolean hasAllowedFunction(String afunc) {
195 return this.allowedFunctions.contains(afunc);
199 public static Map<String, SearchDbAuthUser> getUsers() {
200 if (!usersInitialized || (users == null)) {
206 public static boolean authorize(String username, String authFunction) {
207 if (!usersInitialized || (users == null)) {
210 if (users.containsKey(username)) {
211 return users.get(username).checkAllowed(authFunction);