Code Review / portal / sdk.git / blob
? search:


f37af6faee6b8f73f48279ebe6061821aafafae8
[portal/sdk.git] /
1 /*-
2  * ============LICENSE_START==========================================
3  * ONAP Portal SDK
4  * ===================================================================
5  * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6  * ===================================================================
7  *
8  * Unless otherwise specified, all software contained herein is licensed
9  * under the Apache License, Version 2.0 (the "License");
10  * you may not use this software except in compliance with the License.
11  * You may obtain a copy of the License at
12  *
13  *             http://www.apache.org/licenses/LICENSE-2.0
14  *
15  * Unless required by applicable law or agreed to in writing, software
16  * distributed under the License is distributed on an "AS IS" BASIS,
17  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18  * See the License for the specific language governing permissions and
19  * limitations under the License.
20  *
21  * Unless otherwise specified, all documentation contained herein is licensed
22  * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
23  * you may not use this documentation except in compliance with the License.
24  * You may obtain a copy of the License at
25  *
26  *             https://creativecommons.org/licenses/by/4.0/
27  *
28  * Unless required by applicable law or agreed to in writing, documentation
29  * distributed under the License is distributed on an "AS IS" BASIS,
30  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
31  * See the License for the specific language governing permissions and
32  * limitations under the License.
33  *
34  * ============LICENSE_END============================================
35  *
36  * ECOMP is a trademark and service mark of AT&T Intellectual Property.
37  */
38 package org.onap.portalsdk.external.authorization.service;
39
40 import java.io.IOException;
41 import java.util.ArrayList;
42 import java.util.List;
43
44 import javax.servlet.http.HttpServletRequest;
45
46 import org.json.JSONArray;
47 import org.json.JSONObject;
48 import org.onap.portalsdk.core.domain.RoleFunction;
49 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
50 import org.onap.portalsdk.external.authorization.domain.ExternalAccessPerms;
51 //import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
52 import org.onap.portalsdk.external.authorization.util.EcompExternalAuthProperties;
53 import org.onap.portalsdk.external.authorization.util.EcompExternalAuthUtils;
54 import org.springframework.http.HttpEntity;
55 import org.springframework.http.HttpHeaders;
56 import org.springframework.http.HttpMethod;
57 import org.springframework.http.ResponseEntity;
58 import org.springframework.web.client.RestTemplate;
59
60 import com.fasterxml.jackson.core.JsonParseException;
61 import com.fasterxml.jackson.databind.JsonMappingException;
62 import com.fasterxml.jackson.databind.ObjectMapper;
63
64 public class AAFRestServiceImpl implements AAFService {
65
66         private static final String PASSCODE = "password";
67
68         private static final String ID = "id";
69
70         private static final String EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT = "authz/roles/user/";
71
72         private static final String EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT = "authz/perms/user/";
73
74         private static final String EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT = "authn/validate";
75         RestTemplate template = new RestTemplate();
76
77         private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AAFRestServiceImpl.class);
78
79         @Override
80         public String getUser(String orgUserId, HttpServletRequest request, HttpHeaders headers) throws Exception {
81
82                 HttpEntity<String> entity = new HttpEntity<>(headers);
83                 logger.debug(EELFLoggerDelegate.debugLogger, "getUserRoles: Connecting to external auth system for user {}",
84                                 orgUserId);
85                 String endPoint = EXTERNAL_AUTH_GET_USER_ROLES_ENDPOINT + orgUserId
86                                 + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
87                 ResponseEntity<String> getResponse = template.exchange(
88                                 EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
89                                 HttpMethod.GET, entity, String.class);
90                 if (getResponse.getStatusCode().value() == 200) {
91                         logger.debug(EELFLoggerDelegate.debugLogger,
92                                         "getUserRoles: Finished GET user app roles from external auth system and body: {}",
93                                         getResponse.getBody());
94                 }
95                 String userRoles = getResponse.getBody();
96                 return userRoles;
97
98         }
99
100         @Override
101         public ResponseEntity<String> checkUserExists(String username, String password, String appPass) throws Exception {
102                 username = changeIfUserDomainNotAppended(username);
103                 HttpHeaders headers = EcompExternalAuthUtils.base64encodeKeyForAAFBasicAuth(username, password);
104                 String appUsername = EcompExternalAuthProperties
105                                 .getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_NAME);
106                 JSONObject credentials = new JSONObject();
107                 credentials.put(ID, appUsername);
108                 credentials.put(PASSCODE, appPass);
109                 HttpEntity<String> entity = new HttpEntity<>(credentials.toString(), headers);
110                 logger.debug(EELFLoggerDelegate.debugLogger, "checkUserExists: Connecting to external auth system for user {}",
111                                 username);
112                 ResponseEntity<String> getResponse = template
113                                 .exchange(EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL)
114                                                 + EXTERNAL_AUTH_POST_CREDENTIALS_ENDPOINT, HttpMethod.POST, entity, String.class);
115                 if (getResponse.getStatusCode().value() == 200) {
116                         logger.debug(EELFLoggerDelegate.debugLogger,
117                                         "checkUserExists: Finished POST from external auth system to validate credentials and status: {}",
118                                         getResponse.getStatusCode().value());
119                 }
120                 return getResponse;
121         }
122
123         private String changeIfUserDomainNotAppended(String username) {
124                 if (!EcompExternalAuthUtils.validate(username)) {
125                         username = username
126                                         + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
127                 }
128                 return username;
129         }
130
131         @Override
132         public List<ExternalAccessPerms> getIfUserPermsExists(String username, HttpHeaders headers) throws Exception {
133
134                 HttpEntity<String> entity = new HttpEntity<>(headers);
135                 logger.debug(EELFLoggerDelegate.debugLogger,
136                                 "getIfUserPermsExists: Connecting to external auth system for user {}", username);
137                 username = changeIfUserDomainNotAppended(username);
138                 String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + username;
139                 ResponseEntity<String> getResponse = getPermsFromExternalAuthSystem(entity, endPoint);
140                 return convertPermsJSONArrayToExternalAccessPerms(new ObjectMapper(), getResponse.getBody());
141         }
142
143         private ResponseEntity<String> getPermsFromExternalAuthSystem(HttpEntity<String> entity, String endPoint) {
144                 ResponseEntity<String> getResponse = template.exchange(
145                                 EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
146                                 HttpMethod.GET, entity, String.class);
147                 if (getResponse.getStatusCode().value() == 200) {
148                         logger.debug(EELFLoggerDelegate.debugLogger,
149                                         "getPermsFromExternalAuthSystem: Finished GET user perms from external auth system and body: {}",
150                                         getResponse.getBody());
151                 }
152                 return getResponse;
153         }
154
155         private List<ExternalAccessPerms> convertPermsJSONArrayToExternalAccessPerms(ObjectMapper mapper, String userPerms)
156                         throws IOException, JsonParseException, JsonMappingException {
157                 JSONObject userPermsJsonObj = null;
158                 JSONArray userPermsJsonArray = null;
159                 List<ExternalAccessPerms> extPermsList = new ArrayList<>();
160                 if (!userPerms.equals(EcompExternalAuthUtils.EXT_EMPTY_JSON_STRING)) {
161                         userPermsJsonObj = new JSONObject(userPerms);
162                         userPermsJsonArray = userPermsJsonObj.getJSONArray(EcompExternalAuthUtils.EXT_PERM_FIELD);
163                         for (int i = 0; i < userPermsJsonArray.length(); i++) {
164                                 JSONObject permJsonObj = userPermsJsonArray.getJSONObject(i);
165                                 if (!permJsonObj.getString(EcompExternalAuthUtils.EXT_PERM_FIELD_TYPE)
166                                                 .endsWith(EcompExternalAuthUtils.EXT_PERM_ACCESS)) {
167                                         ExternalAccessPerms perm = mapper.readValue(permJsonObj.toString(), ExternalAccessPerms.class);
168                                         extPermsList.add(perm);
169                                 }
170                         }
171                 }
172                 return extPermsList;
173         }
174
175         @Override
176         public List<RoleFunction> getRoleFunctions(String orgUserId, HttpHeaders headers) throws Exception {
177                 ObjectMapper mapper = new ObjectMapper();
178
179                 HttpEntity<String> entity = new HttpEntity<>(headers);
180                 logger.debug(EELFLoggerDelegate.debugLogger, "getRoleFunctions: Connecting to external auth system for user {}",
181                                 orgUserId);
182                 String endPoint = EXTERNAL_AUTH_GET_USER_PERMS_ENDPOINT + orgUserId
183                                 + EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_USER_DOMAIN);
184                 ResponseEntity<String> getResponse = template.exchange(
185                                 EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_URL) + endPoint,
186                                 HttpMethod.GET, entity, String.class);
187                 if (getResponse.getStatusCode().value() == 200) {
188                         logger.debug(EELFLoggerDelegate.debugLogger,
189                                         "getRoleFunctions: Finished GET user perms from external system and body: {}",
190                                         getResponse.getBody());
191                 }
192                 String userPerms = getResponse.getBody();
193                 List<ExternalAccessPerms> extPermsList = convertPermsJSONArrayToExternalAccessPerms(mapper, userPerms);
194                 return convertToRoleFunctionList(extPermsList);
195         }
196
197         private List<RoleFunction> convertToRoleFunctionList(List<ExternalAccessPerms> extPermsList) {
198                 List<RoleFunction> roleFunctions = new ArrayList<>();
199                 String namespace = EcompExternalAuthProperties.getProperty(EcompExternalAuthProperties.EXTERNAL_AUTH_NAMESPACE);
200                 for (ExternalAccessPerms extPerm : extPermsList) {
201                         RoleFunction roleFunction = new RoleFunction();
202                         roleFunction.setCode(extPerm.getInstance());
203                         roleFunction.setAction(extPerm.getAction());
204                         if (extPerm.getDescription() != null
205                                         && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
206                                 roleFunction.setName(extPerm.getDescription());
207                         } else if (extPerm.getDescription() == null
208                                         && EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
209                                 roleFunction.setName(extPerm.getType().substring(namespace.length() + 1) + "|" + extPerm.getInstance()
210                                                 + "|" + extPerm.getAction());
211                         } else if (extPerm.getDescription() == null
212                                         && !EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
213                                 roleFunction.setName(extPerm.getType() + "|" + extPerm.getInstance() + "|" + extPerm.getAction());
214                         }
215                         if (EcompExternalAuthUtils.checkNameSpaceMatching(extPerm.getType(), namespace)) {
216                                 roleFunction.setType(extPerm.getType().substring(namespace.length() + 1));
217                         } else {
218                                 roleFunction.setType(extPerm.getType());
219                         }
220                         roleFunctions.add(roleFunction);
221                 }
222                 return roleFunctions;
223         }
224
225 }
ARCHIVED- 2022-02-15 at the request of the project