import javax.servlet.http.HttpServletRequest;
-import org.apache.log4j.Logger;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
import org.onap.dmaap.datarouter.authz.Authorizer;
import org.onap.dmaap.datarouter.authz.impl.AuthzResource.ResourceType;
*/
public class ProvAuthorizer implements Authorizer {
- private Logger log;
+ private EELFLogger log;
private ProvDataProvider provData;
- private static final String SUBJECT_HEADER = "X-ATT-DR-ON-BEHALF-OF"; // HTTP header carrying requester identity
- private static final String SUBJECT_HEADER_GROUP = "X-ATT-DR-ON-BEHALF-OF-GROUP"; // HTTP header carrying requester identity by group Rally : US708115
+ private static final String SUBJECT_HEADER = "X-DMAAP-DR-ON-BEHALF-OF"; // HTTP header carrying requester identity
+ private static final String SUBJECT_HEADER_GROUP = "X-DMAAP-DR-ON-BEHALF-OF-GROUP"; // HTTP header carrying requester identity by group Rally : US708115
/** Constructor. For the moment, do nothing special. Make it a singleton?
*
*/
public ProvAuthorizer(ProvDataProvider provData) {
this.provData = provData;
- this.log = Logger.getLogger(this.getClass());
+ this.log = EELFManager.getInstance().getLogger(this.getClass());
}
/**
private boolean allowFeedsCollectionAccess(AuthzResource resource, String method, String subject, String subjectgroup) {
// Allow GET or POST unconditionally
- return method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("POST"));
+ return method != null && ("GET".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method));
}
private boolean allowSubsCollectionAccess(AuthzResource resource, String method, String subject, String subjectgroup) {
// Allow GET or POST unconditionally
- return method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("POST"));
+ return method != null && ("GET".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method));
}
private boolean allowFeedAccess(AuthzResource resource, String method, String subject, String subjectgroup) {
boolean decision = false;
// Allow GET, PUT, or DELETE if requester (subject) is the owner (publisher) of the feed
- if ( method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("PUT") ||
- method.equalsIgnoreCase("DELETE"))) {
+ if ( method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) ||
+ "DELETE".equalsIgnoreCase(method))) {
String owner = provData.getFeedOwner(resource.getId());
decision = (owner != null) && owner.equals(subject);
boolean decision = false;
// Allow GET, PUT, or DELETE if requester (subject) is the owner of the subscription (subscriber)
- if (method != null && (method.equalsIgnoreCase("GET") || method.equalsIgnoreCase("PUT") ||
- method.equalsIgnoreCase("DELETE") || method.equalsIgnoreCase("POST"))) {
+ if (method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) ||
+ "DELETE".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method))) {
String owner = provData.getSubscriptionOwner(resource.getId());
decision = (owner != null) && owner.equals(subject);