--- /dev/null
+/*******************************************************************************\r
+ * ============LICENSE_START====================================================\r
+ * * org.onap.aaf\r
+ * * ===========================================================================\r
+ * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
+ * * ===========================================================================\r
+ * * Licensed under the Apache License, Version 2.0 (the "License");\r
+ * * you may not use this file except in compliance with the License.\r
+ * * You may obtain a copy of the License at\r
+ * * \r
+ * * http://www.apache.org/licenses/LICENSE-2.0\r
+ * * \r
+ * * Unless required by applicable law or agreed to in writing, software\r
+ * * distributed under the License is distributed on an "AS IS" BASIS,\r
+ * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
+ * * See the License for the specific language governing permissions and\r
+ * * limitations under the License.\r
+ * * ============LICENSE_END====================================================\r
+ * *\r
+ * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
+ * *\r
+ ******************************************************************************/\r
+package org.onap.aaf.cssa.rserv;\r
+\r
+import java.io.IOException;\r
+import java.security.Principal;\r
+\r
+import javax.servlet.Filter;\r
+import javax.servlet.FilterChain;\r
+import javax.servlet.FilterConfig;\r
+import javax.servlet.ServletException;\r
+import javax.servlet.ServletRequest;\r
+import javax.servlet.ServletResponse;\r
+import javax.servlet.http.HttpServletRequest;\r
+import javax.servlet.http.HttpServletResponse;\r
+\r
+import org.onap.aaf.cadi.Access;\r
+import org.onap.aaf.cadi.CadiException;\r
+import org.onap.aaf.cadi.CadiWrap;\r
+import org.onap.aaf.cadi.Connector;\r
+import org.onap.aaf.cadi.Lur;\r
+import org.onap.aaf.cadi.TrustChecker;\r
+import org.onap.aaf.cadi.filter.CadiHTTPManip;\r
+import org.onap.aaf.cadi.taf.TafResp;\r
+import org.onap.aaf.cadi.taf.TafResp.RESP;\r
+import org.onap.aaf.inno.env.Env;\r
+import org.onap.aaf.inno.env.TimeTaken;\r
+import org.onap.aaf.inno.env.TransStore;\r
+\r
+/**\r
+ * Create a new Transaction Object for each and every incoming Transaction\r
+ * \r
+ * Attach to Request. User "FilterHolder" mechanism to retain single instance.\r
+ * \r
+ * TransFilter includes CADIFilter as part of the package, so that it can\r
+ * set User Data, etc, as necessary.\r
+ * \r
+ *\r
+ */\r
+public abstract class TransFilter<TRANS extends TransStore> implements Filter {\r
+ public static final String TRANS_TAG = "__TRANS__";\r
+ \r
+ private CadiHTTPManip cadi;\r
+ \r
+ public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {\r
+ cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);\r
+ }\r
+\r
+ @Override\r
+ public void init(FilterConfig filterConfig) throws ServletException {\r
+ }\r
+ \r
+ protected Lur getLur() {\r
+ return cadi.getLur();\r
+ }\r
+\r
+ protected abstract TRANS newTrans();\r
+ protected abstract TimeTaken start(TRANS trans, ServletRequest request);\r
+ protected abstract void authenticated(TRANS trans, Principal p);\r
+ protected abstract void tallyHo(TRANS trans);\r
+ \r
+ @Override\r
+ public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {\r
+ TRANS trans = newTrans();\r
+ \r
+ TimeTaken overall = start(trans,request);\r
+ try {\r
+ request.setAttribute(TRANS_TAG, trans);\r
+ \r
+ HttpServletRequest req = (HttpServletRequest)request;\r
+ HttpServletResponse res = (HttpServletResponse)response;\r
+ \r
+ TimeTaken security = trans.start("CADI Security", Env.SUB);\r
+// TimeTaken ttvalid;\r
+ TafResp resp;\r
+ RESP r;\r
+ CadiWrap cw = null;\r
+ try {\r
+ resp = cadi.validate(req,res);\r
+ switch(r=resp.isAuthenticated()) {\r
+ case IS_AUTHENTICATED:\r
+ cw = new CadiWrap(req,resp,cadi.getLur());\r
+ authenticated(trans, cw.getUserPrincipal());\r
+ break;\r
+ default:\r
+ break;\r
+ }\r
+ } finally {\r
+ security.done();\r
+ }\r
+ \r
+ if(r==RESP.IS_AUTHENTICATED) {\r
+ trans.checkpoint(resp.desc());\r
+ chain.doFilter(cw, response);\r
+ } else {\r
+ //TODO this is a good place to check if too many checks recently\r
+ // Would need Cached Counter objects that are cleaned up on \r
+ // use\r
+ trans.checkpoint(resp.desc(),Env.ALWAYS);\r
+ if(resp.isFailedAttempt())\r
+ trans.audit().log(resp.desc());\r
+ }\r
+ } catch(Exception e) {\r
+ trans.error().log(e);\r
+ trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());\r
+ throw new ServletException(e);\r
+ } finally {\r
+ overall.done();\r
+ tallyHo(trans);\r
+ }\r
+ }\r
+\r
+ @Override\r
+ public void destroy() {\r
+ };\r
+}\r
Code Review / aaf / authz.git / blobdiff