+++ /dev/null
-/*******************************************************************************\r
- * ============LICENSE_START====================================================\r
- * * org.onap.aaf\r
- * * ===========================================================================\r
- * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
- * * ===========================================================================\r
- * * Licensed under the Apache License, Version 2.0 (the "License");\r
- * * you may not use this file except in compliance with the License.\r
- * * You may obtain a copy of the License at\r
- * * \r
- * * http://www.apache.org/licenses/LICENSE-2.0\r
- * * \r
- * * Unless required by applicable law or agreed to in writing, software\r
- * * distributed under the License is distributed on an "AS IS" BASIS,\r
- * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
- * * See the License for the specific language governing permissions and\r
- * * limitations under the License.\r
- * * ============LICENSE_END====================================================\r
- * *\r
- * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
- * *\r
- ******************************************************************************/\r
-package org.onap.aaf.cadi.taf.localhost;\r
-\r
-import java.net.InetAddress;\r
-import java.net.NetworkInterface;\r
-import java.net.SocketException;\r
-import java.net.UnknownHostException;\r
-import java.util.Enumeration;\r
-import java.util.TreeSet;\r
-\r
-import javax.servlet.http.HttpServletRequest;\r
-import javax.servlet.http.HttpServletResponse;\r
-\r
-import org.onap.aaf.cadi.Access;\r
-import org.onap.aaf.cadi.CachedPrincipal;\r
-import org.onap.aaf.cadi.Taf;\r
-import org.onap.aaf.cadi.Access.Level;\r
-import org.onap.aaf.cadi.CachedPrincipal.Resp;\r
-import org.onap.aaf.cadi.taf.HttpTaf;\r
-import org.onap.aaf.cadi.taf.TafResp;\r
-import org.onap.aaf.cadi.taf.TafResp.RESP;\r
-\r
-/**\r
- * Implement the ability to utilize LocalHost as a TAF.\r
- * \r
- * Configure with two properties, \r
- * localhost.deny\r
- * localhost.accept\r
- * \r
- * 1) If localhost.deny==true, then no localhost requests are allowed\r
- * 2) If localhost.deny==false, but accept==false, return "Try Another TAF" (i.e. allow further checking of the\r
- * chain, but don't treat localhost as an acceptable credential)\r
- * 3) If localhost.deny=false and accept=true, then the processes coming from the same machine, given logins are needed, \r
- * to run, are treated as validated. This is primarily for Developer purposes.\r
- * \r
- * \r
- *\r
- */\r
-public class LocalhostTaf implements HttpTaf {\r
- private TafResp isLocalHost,isNotLocalHost;\r
- private static final TreeSet<String> addrSet;\r
- \r
- static {\r
- addrSet = new TreeSet<String>();\r
- try {\r
- for(Enumeration<NetworkInterface> en = NetworkInterface.getNetworkInterfaces();en.hasMoreElements();) {\r
- NetworkInterface ni = en.nextElement();\r
- for(Enumeration<InetAddress> eia = ni.getInetAddresses();eia.hasMoreElements();) {\r
- InetAddress ia = eia.nextElement();\r
- addrSet.add(ia.getHostAddress());\r
- }\r
- }\r
- } catch (SocketException e) {\r
- }\r
- \r
- }\r
-\r
- public LocalhostTaf(Access access, boolean accept, boolean isDenied) {\r
- String hostname = access.getProperty("hostname",null);\r
- if(hostname !=null) {\r
- try {\r
- addrSet.add(InetAddress.getByName(hostname).getHostAddress());\r
- } catch (UnknownHostException e) {\r
- access.log(e,"Unknown Host");\r
- }\r
- }\r
- \r
- if(isDenied) {\r
- access.log(Level.INFO,"LocalhostTaf will deny all localhost traffic");\r
- } else {\r
- access.log(Level.INFO,"LocalhostTaf will not deny localhost requests, ",\r
- (accept?"and will treat them as authenticated":"but will require other authentication"));\r
- }\r
- // Set the appropriate behavior for when ID coming in is from localhost\r
- isLocalHost = isDenied? \r
- new LocalhostTafResp(access, RESP.NO_FURTHER_PROCESSING,"Localhost is denied"):\r
- accept?\r
- new LocalhostTafResp(access, RESP.IS_AUTHENTICATED,"Localhost is allowed"):\r
- new LocalhostTafResp(access, RESP.TRY_ANOTHER_TAF,"Localhost is allowed");\r
- isNotLocalHost = new LocalhostTafResp(access, RESP.TRY_ANOTHER_TAF,"Address is not Localhost");\r
- }\r
-\r
-// @Override\r
- public TafResp validate(Taf.LifeForm reading, HttpServletRequest req, HttpServletResponse resp) {\r
- String remote = req.getRemoteAddr();\r
- return addrSet.contains(remote)\r
- ?isLocalHost\r
- :isNotLocalHost;\r
- }\r
-\r
- /** \r
- * This function used for other TAFs (i.e. CSP, which can't work on localhost address)\r
- * \r
- * @param address\r
- * @return\r
- */\r
- public static boolean isLocalAddress(String address) {\r
- return addrSet.contains(address);\r
- }\r
- \r
- public String toString() {\r
- return "Localhost TAF activated: " + isLocalHost.desc();\r
- }\r
-\r
- public Resp revalidate(CachedPrincipal prin) {\r
- // shouldn't get here, since there's no need to Cache, but if so, LocalHost is always valid...\r
- return Resp.REVALIDATED;\r
- }\r
-}\r
Code Review / aaf / cadi.git / blobdiff