gerrit.onap Code Review - ccsdk/oran.git/blob

   1 /*-
   2  * ========================LICENSE_START=================================
   3  * ONAP : ccsdk oran
   4  * ======================================================================
   5  * Copyright (C) 2023 Nordix Foundation. All rights reserved.
   6  * ======================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ========================LICENSE_END===================================
  19  */
  20
  21 package org.onap.ccsdk.oran.a1policymanagementservice.controllers.authorization;
  22
  23 import com.google.gson.Gson;
  24 import com.google.gson.GsonBuilder;
  25
  26 import java.lang.invoke.MethodHandles;
  27 import java.util.Map;
  28
  29 import org.onap.ccsdk.oran.a1policymanagementservice.clients.AsyncRestClient;
  30 import org.onap.ccsdk.oran.a1policymanagementservice.clients.AsyncRestClientFactory;
  31 import org.onap.ccsdk.oran.a1policymanagementservice.clients.SecurityContext;
  32 import org.onap.ccsdk.oran.a1policymanagementservice.configuration.ApplicationConfig;
  33 import org.onap.ccsdk.oran.a1policymanagementservice.controllers.authorization.PolicyAuthorizationRequest.Input.AccessType;
  34 import org.onap.ccsdk.oran.a1policymanagementservice.exceptions.ServiceException;
  35 import org.onap.ccsdk.oran.a1policymanagementservice.repository.Policy;
  36 import org.onap.ccsdk.oran.a1policymanagementservice.repository.PolicyType;
  37 import org.slf4j.Logger;
  38 import org.slf4j.LoggerFactory;
  39 import org.springframework.http.HttpStatus;
  40 import org.springframework.stereotype.Component;
  41
  42 import reactor.core.publisher.Mono;
  43
  44 @Component
  45 public class AuthorizationCheck {
  46
  47     private final ApplicationConfig applicationConfig;
  48     private final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
  49     private final AsyncRestClient restClient;
  50     private static Gson gson = new GsonBuilder().disableHtmlEscaping().create();
  51
  52     public AuthorizationCheck(ApplicationConfig applicationConfig, SecurityContext securityContext) {
  53
  54         this.applicationConfig = applicationConfig;
  55         AsyncRestClientFactory restClientFactory =
  56                 new AsyncRestClientFactory(applicationConfig.getWebClientConfig(), securityContext);
  57         this.restClient = restClientFactory.createRestClientUseHttpProxy("");
  58     }
  59
  60     public Mono<Policy> doAccessControl(Map<String, String> receivedHttpHeaders, Policy policy, AccessType accessType) {
  61         return doAccessControl(receivedHttpHeaders, policy.getType(), accessType) //
  62                 .map(x -> policy);
  63     }
  64
  65     public Mono<PolicyType> doAccessControl(Map<String, String> receivedHttpHeaders, PolicyType type,
  66             AccessType accessType) {
  67         if (this.applicationConfig.getAuthProviderUrl().isEmpty()) {
  68             return Mono.just(type);
  69         }
  70
  71         String tkn = getAuthToken(receivedHttpHeaders);
  72         PolicyAuthorizationRequest.Input input = PolicyAuthorizationRequest.Input.builder() //
  73                 .authToken(tkn) //
  74                 .policyTypeId(type.getId()) //
  75                 .accessType(accessType).build();
  76
  77         PolicyAuthorizationRequest req = PolicyAuthorizationRequest.builder().input(input).build();
  78
  79         String url = this.applicationConfig.getAuthProviderUrl();
  80         return this.restClient.post(url, gson.toJson(req)) //
  81                 .doOnError(t -> logger.warn("Error returned from auth server: {}", t.getMessage())) //
  82                 .onErrorResume(t -> Mono.just("")) //
  83                 .flatMap(this::checkAuthResult) //
  84                 .map(rsp -> type);
  85
  86     }
  87
  88     private String getAuthToken(Map<String, String> httpHeaders) {
  89         String tkn = httpHeaders.get("authorization");
  90         if (tkn == null) {
  91             logger.debug("No authorization token received in {}", httpHeaders);
  92             return "";
  93         }
  94         tkn = tkn.substring("Bearer ".length());
  95         return tkn;
  96     }
  97
  98     private Mono<String> checkAuthResult(String response) {
  99         logger.debug("Auth result: {}", response);
 100         try {
 101             AuthorizationResult res = gson.fromJson(response, AuthorizationResult.class);
 102             return res != null && res.isResult() ? Mono.just(response)
 103                     : Mono.error(new ServiceException("Not authorized", HttpStatus.UNAUTHORIZED));
 104         } catch (Exception e) {
 105             return Mono.error(e);
 106         }
 107     }
 108
 109 }