+
+ /*
+ * START - AAF changes
+ * TDP EPIC US# 307413
+ * CADI code - No legacy user check as all new users will be AAF users
+ */
+ String aafInstance = feed.getAafInstance();
+ if (Boolean.parseBoolean(isCadiEnabled)) {
+ if ((aafInstance == null || "".equals(aafInstance) || ("legacy".equalsIgnoreCase(aafInstance))
+ && "true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER)))) {
+ // Check with the Authorizer
+ AuthorizationResponse aresp = authz.decide(req);
+ if (!aresp.isAuthorized()) {
+ message = POLICY_ENGINE;
+ elr.setMessage(message);
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);
+ eventlogger.error(elr.toString());
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
+ return;
+ }
+ } else {
+ if ("true".equalsIgnoreCase(req.getHeader(EXCLUDE_AAF_HEADER))) {
+ message = "DRFeedsServlet.doPost() -Invalid request exclude_AAF should not be true if passing "
+ + "AAF_Instance value= " + aafInstance;
+ elr.setMessage(message);
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);
+ eventlogger.error(elr.toString());
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
+ return;
+ }
+ String permission = getFeedPermission(aafInstance, BaseServlet.CREATE_PERMISSION);
+ eventlogger.info("DRFeedsServlet.doPost().. Permission String - " + permission);
+ if (!req.isUserInRole(permission)) {
+ message = "AAF disallows access to permission - " + permission;
+ elr.setMessage(message);
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);
+ eventlogger.error(elr.toString());
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
+ return;
+ }
+ }
+ } else {
+ AuthorizationResponse aresp = authz.decide(req);
+ if (!aresp.isAuthorized()) {
+ message = POLICY_ENGINE;
+ elr.setMessage(message);
+ elr.setResult(HttpServletResponse.SC_FORBIDDEN);
+ eventlogger.error(elr.toString());
+ sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);
+ return;
+ }
+ }
+ /*
+ * END - AAF changes
+ */
+
+ feed.setPublisher(bhdr); // set from X-DMAAP-DR-ON-BEHALF-OF header