1 /*******************************************************************************
2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 * ============LICENSE_END=========================================================
19 * ECOMP is a trademark and service mark of AT&T Intellectual Property.
21 *******************************************************************************/
22 package org.onap.dmaap.util;
24 import com.att.ajsc.filemonitor.AJSCPropertiesMap;
25 import java.io.IOException;
27 import javax.servlet.FilterChain;
28 import javax.servlet.ServletException;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.http.HttpServletRequest;
33 import org.onap.dmaap.dmf.mr.constants.CambriaConstants;
34 import org.onap.dmaap.dmf.mr.utils.Utils;
35 import com.att.eelf.configuration.EELFLogger;
36 import com.att.eelf.configuration.EELFManager;
37 import org.springframework.stereotype.Component;
39 import org.onap.aaf.cadi.filter.CadiFilter;
42 * This is a Servlet Filter class overriding the AjscCadiFilter
45 public class DMaaPAuthFilter extends CadiFilter {
47 private static final String FORCE_AAF_FLAG = "forceAAF";
48 private static final String USE_CUSTOM_ACLS = "useCustomAcls";
49 static final String X509_ATTR = "javax.servlet.request.X509Certificate";
50 static final String AUTH_HEADER = "Authorization";
51 static final String APP_HEADER = "AppName";
52 static final String COOKIE_HEADER = "cookie";
53 private static final EELFLogger log = EELFManager.getInstance().getLogger(DMaaPAuthFilter.class);
55 public DMaaPAuthFilter() {
60 * This method will disable Cadi Authentication if cambria headers are present in the request else continue with
64 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
65 log.info("inside servlet filter Cambria Auth Headers checking before doing other Authentication");
66 if (shouldFilterWithCADI((HttpServletRequest) req)) {
67 super.doFilter(req, res, chain);
69 System.setProperty("CadiAuthN", "authentication-scheme-2");
70 chain.doFilter(req, res);
74 boolean shouldFilterWithCADI(HttpServletRequest request) {
75 return isCadiEnabled() &&
76 (isAAFforced() || isAuthDataProvided(request) || isInvenioApp(request));
79 private boolean isAuthDataProvided(HttpServletRequest request) {
80 return (null != request.getHeader(AUTH_HEADER)) || hasClientCertificate(request);
83 private boolean isInvenioApp(HttpServletRequest request) {
84 return (null != request.getHeader(APP_HEADER)) && request.getHeader(APP_HEADER).equalsIgnoreCase("invenio") &&
85 (null != request.getHeader(COOKIE_HEADER));
88 private boolean hasClientCertificate(HttpServletRequest request) {
89 return request.getAttribute(X509_ATTR) != null;
92 boolean isCadiEnabled() {
93 return Utils.isCadiEnabled();
96 boolean isAAFforced() {
97 return Boolean.parseBoolean(AJSCPropertiesMap.getProperty(CambriaConstants.msgRtr_prop, FORCE_AAF_FLAG));
100 public static boolean isUseCustomAcls() {
101 return Boolean.parseBoolean(AJSCPropertiesMap.getProperty(CambriaConstants.msgRtr_prop, USE_CUSTOM_ACLS));