+++ /dev/null
-/*-
- * ============LICENSE_START=======================================================
- * ECOMP Policy Engine
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END=========================================================
- */
-
-package org.openecomp.policy.pypdp.authorization;
-
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.annotation.WebFilter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-@WebFilter("/*")
-public class AuthenticationFilter implements Filter {
-
- public static final String AUTHENTICATION_HEADER = "Authorization";
- public static final String ENVIRONMENT_HEADER = "Environment";
-
- @Override
- public void doFilter(ServletRequest request, ServletResponse response,
- FilterChain filter) throws IOException, ServletException {
- if (request instanceof HttpServletRequest) {
- HttpServletRequest httpServletRequest = (HttpServletRequest) request;
- String authCredentials = httpServletRequest.getHeader(AUTHENTICATION_HEADER);
- String environment = httpServletRequest.getHeader(ENVIRONMENT_HEADER);
- String path = ((HttpServletRequest) request).getRequestURI();
-
- // better injected
- AuthenticationService authenticationService = new AuthenticationService();
-
- boolean authenticationStatus = authenticationService.authenticate(authCredentials);
-
- if (authenticationStatus && environment!=null && (environment.equalsIgnoreCase(Config.getEnvironment()))) {
- filter.doFilter(request, response);
- } else if(environment==null| path.contains("org.openecomp.policy.pypdp.notifications") || path.contains("swagger") || path.contains("api-docs") || path.contains("configuration") || path.contains("pdps") || path.contains("count") || path.contains("paps")){
- filter.doFilter(request, response);
- } else {
- if (response instanceof HttpServletResponse) {
- HttpServletResponse httpServletResponse = (HttpServletResponse) response;
- httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
- }
- }
- if (path.contains("error")){
- HttpServletResponse httpServletResponse = (HttpServletResponse) response;
- httpServletResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
- }
- }
- }
-
- @Override
- public void destroy() {
- }
-
- @Override
- public void init(FilterConfig arg0) throws ServletException {
- Config.setProperty();
- }
-}
Code Review / policy / engine.git / blobdiff