2 * ============LICENSE_START=======================================================
3 * org.onap.dcaegen2.collectors.ves
4 * ================================================================================
5 * Copyright (C) 2018 Nokia. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.dcae.restapi;
22 import io.vavr.control.Option;
23 import java.io.IOException;
24 import java.util.Base64;
25 import javax.servlet.http.HttpServletRequest;
26 import javax.servlet.http.HttpServletResponse;
27 import org.onap.dcae.ApplicationSettings;
28 import org.slf4j.Logger;
29 import org.slf4j.LoggerFactory;
30 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
31 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
33 final class ApiAuthInterceptor extends HandlerInterceptorAdapter {
35 private static final Logger LOG = LoggerFactory.getLogger(ApiAuthInterceptor.class);
36 private final BCryptPasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
37 private final ApplicationSettings applicationSettings;
39 private Logger errorLog;
41 ApiAuthInterceptor(ApplicationSettings applicationSettings, Logger errorLog) {
42 this.applicationSettings = applicationSettings;
43 this.errorLog = errorLog;
47 public boolean preHandle(HttpServletRequest request, HttpServletResponse response,
48 Object handler) throws IOException {
49 if (applicationSettings.authorizationEnabled()) {
50 String authorizationHeader = request.getHeader("Authorization");
51 if (authorizationHeader == null || !isAuthorized(authorizationHeader)) {
52 response.setStatus(400);
53 errorLog.error("EVENT_RECEIPT_FAILURE: Unauthorized user");
54 response.getWriter().write(ApiException.UNAUTHORIZED_USER.toJSON().toString());
61 private boolean isAuthorized(String authorizationHeader) {
63 String encodedData = authorizationHeader.split(" ")[1];
64 String decodedData = new String(Base64.getDecoder().decode(encodedData));
65 String providedUser = decodedData.split(":")[0].trim();
66 String providedPassword = decodedData.split(":")[1].trim();
67 Option<String> maybeSavedPassword = applicationSettings.validAuthorizationCredentials().get(providedUser);
68 boolean userRegistered = maybeSavedPassword.isDefined();
69 return userRegistered && passwordEncoder.matches(providedPassword,maybeSavedPassword.get());
70 } catch (Exception e) {
71 LOG.warn(String.format("Could not check if user is authorized (header: '%s')), probably malformed header.",
72 authorizationHeader), e);