/** * ============LICENSE_START======================================================= * org.onap.aai * ================================================================================ * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved. * Copyright © 2017-2018 Amdocs * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * ============LICENSE_END========================================================= */ package org.onap.aai.sa.auth; import com.fasterxml.jackson.core.JsonProcessingException; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import java.io.File; import java.io.FileNotFoundException; import java.io.FileReader; import java.io.IOException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Timer; import org.json.simple.parser.JSONParser; import org.json.simple.parser.ParseException; import org.onap.aai.cl.api.Logger; import org.onap.aai.cl.eelf.LoggerFactory; import org.onap.aai.sa.searchdbabstraction.util.SearchDbConstants; public class SearchDbServiceAuthCore { private static Logger logger = LoggerFactory.getInstance().getLogger(SearchDbServiceAuthCore.class.getName()); private static String authFileName = SearchDbConstants.SDB_AUTH_CONFIG_FILENAME; private enum HTTP_METHODS { POST, GET, PUT, DELETE } private static boolean usersInitialized = false; private static HashMap users; private static Timer timer = null; // Don't instantiate private SearchDbServiceAuthCore() {} public static synchronized void init() { if (SearchDbServiceAuthCore.authFileName == null) { SearchDbServiceAuthCore.authFileName = "/home/aaiadmin/etc/aaipolicy.json"; } SearchDbServiceAuthCore.reloadUsers(); } public static void cleanup() { timer.cancel(); } public static synchronized void reloadUsers() { users = new HashMap<>(); ObjectMapper mapper = new ObjectMapper(); // can reuse, share globally JSONParser parser = new JSONParser(); try { parser.parse(new FileReader(authFileName)); JsonNode rootNode = mapper.readTree(new File(authFileName)); JsonNode rolesNode = rootNode.path("roles"); for (JsonNode roleNode : rolesNode) { String roleName = roleNode.path("name").asText(); TabularAuthRole authRole = new TabularAuthRole(); JsonNode usersNode = roleNode.path("users"); JsonNode functionsNode = roleNode.path("functions"); for (JsonNode functionNode : functionsNode) { String function = functionNode.path("name").asText(); JsonNode methodsNode = functionNode.path("methods"); boolean hasMethods = false; for (JsonNode methodNode : methodsNode) { String methodName = methodNode.path("name").asText(); hasMethods = true; String thisFunction = methodName + ":" + function; authRole.addAllowedFunction(thisFunction); } if (!hasMethods) { // iterate the list from HTTP_METHODS for (HTTP_METHODS meth : HTTP_METHODS.values()) { String thisFunction = meth.toString() + ":" + function; authRole.addAllowedFunction(thisFunction); } } } for (JsonNode userNode : usersNode) { String username = userNode.path("username").asText().toLowerCase(); SearchDbAuthUser authUser = null; if (users.containsKey(username)) { authUser = users.get(username); } else { authUser = new SearchDbAuthUser(); } authUser.setUser(username); authUser.addRole(roleName, authRole); users.put(username, authUser); } } } catch (FileNotFoundException fnfe) { logger.debug("Failed to load the policy file "); } catch (ParseException e) { logger.debug("Failed to Parse the policy file "); } catch (JsonProcessingException e) { logger.debug("JSON processing error while parsing policy file: " + e.getMessage()); } catch (IOException e) { logger.debug("IO Exception while parsing policy file: " + e.getMessage()); } usersInitialized = true; } public static class SearchDbAuthUser { public SearchDbAuthUser() { this.roles = new HashMap<>(); } private String username; private HashMap roles; public String getUser() { return this.username; } public Map getRoles() { return this.roles; } public void addRole(String roleName, TabularAuthRole authRole) { this.roles.put(roleName, authRole); } public boolean checkAllowed(String checkFunc) { for (Map.Entry roleEntry : this.roles.entrySet()) { TabularAuthRole role = roleEntry.getValue(); if (role.hasAllowedFunction(checkFunc)) { return true; } } return false; } public void setUser(String myuser) { this.username = myuser; } } public static class TabularAuthRole { public TabularAuthRole() { this.allowedFunctions = new ArrayList<>(); } private List allowedFunctions; public void addAllowedFunction(String func) { this.allowedFunctions.add(func); } public void delAllowedFunction(String delFunc) { if (this.allowedFunctions.contains(delFunc)) { this.allowedFunctions.remove(delFunc); } } public boolean hasAllowedFunction(String afunc) { return this.allowedFunctions.contains(afunc); } } public static Map getUsers() { if (!usersInitialized || (users == null)) { reloadUsers(); } return users; } public static boolean authorize(String username, String authFunction) { if (!usersInitialized || (users == null)) { init(); } if (users.containsKey(username)) { return users.get(username).checkAllowed(authFunction); } else { return false; } } }