2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.dmaap.dbcapi.resources;
22 import com.fasterxml.jackson.core.JsonProcessingException;
23 import com.fasterxml.jackson.databind.ObjectMapper;
24 import java.io.IOException;
25 import javax.servlet.Filter;
26 import javax.servlet.FilterChain;
27 import javax.servlet.FilterConfig;
28 import javax.servlet.ServletException;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
33 import org.apache.log4j.Logger;
34 import org.eclipse.jetty.http.HttpStatus;
35 import org.onap.dmaap.dbcapi.model.ApiError;
36 import org.onap.dmaap.dbcapi.service.DmaapService;
37 import org.onap.dmaap.dbcapi.util.DmaapConfig;
38 import org.onap.dmaap.dbcapi.util.PermissionBuilder;
40 public class AAFAuthorizationFilter implements Filter{
42 private static final Logger LOGGER = Logger.getLogger(AAFAuthenticationFilter.class.getName());
43 static final String AAF_AUTHZ_FLAG = "UseAAF";
44 private boolean isAafEnabled = false;
46 private PermissionBuilder permissionBuilder;
49 public void init(FilterConfig filterConfig) throws ServletException {
50 DmaapConfig dmaapConfig = getConfig();
51 isAafEnabled = "true".equalsIgnoreCase(dmaapConfig.getProperty(AAF_AUTHZ_FLAG, "false"));
53 permissionBuilder = new PermissionBuilder(dmaapConfig, getDmaapService());
58 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
59 throws IOException, ServletException {
62 HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
63 permissionBuilder.updateDmaapInstance();
64 String permission = permissionBuilder.buildPermission(httpRequest);
66 if (httpRequest.isUserInRole(permission)) {
67 LOGGER.info("User " + httpRequest.getUserPrincipal().getName() + " has permission " + permission);
68 filterChain.doFilter(servletRequest, servletResponse);
70 String msg = "User " + httpRequest.getUserPrincipal().getName() + " does not have permission " + permission;
72 ((HttpServletResponse) servletResponse).setStatus(HttpStatus.FORBIDDEN_403);
73 servletResponse.setContentType("application/json");
74 servletResponse.setCharacterEncoding("UTF-8");
75 servletResponse.getWriter().print(buildErrorResponse(msg));
76 servletResponse.getWriter().flush();
79 filterChain.doFilter(servletRequest, servletResponse);
84 public void destroy() {
88 DmaapConfig getConfig() {
89 return (DmaapConfig) DmaapConfig.getConfig();
92 DmaapService getDmaapService() {
93 return new DmaapService();
96 private String buildErrorResponse(String msg) {
98 return new ObjectMapper().writeValueAsString(new ApiError(HttpStatus.FORBIDDEN_403, msg, "Authorization"));
99 } catch (JsonProcessingException e) {
100 LOGGER.warn("Could not serialize response entity: " + e.getMessage());
105 PermissionBuilder getPermissionBuilder() {
106 return permissionBuilder;
109 void setPermissionBuilder(PermissionBuilder permissionBuilder) {
110 this.permissionBuilder = permissionBuilder;
113 void setAafEnabled(boolean aafEnabled) {
114 isAafEnabled = aafEnabled;