[DMAAP-BC] Consolidate bus controller repos

[dmaap/buscontroller.git] / dmaap-bc / src / main / java / org / onap / dmaap / dbcapi / resources / AAFAuthorizationFilter.java

diff --git a/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilter.java b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilter.java
new file mode 100644 (file)
index 0000000..779f71b
--- /dev/null
+++ b/dmaap-bc/src/main/java/org/onap/dmaap/dbcapi/resources/AAFAuthorizationFilter.java
@@ -0,0 +1,115 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * org.onap.dmaap
+ * ================================================================================
+ * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.dmaap.dbcapi.resources;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.eclipse.jetty.http.HttpStatus;
+import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
+import org.onap.dmaap.dbcapi.model.ApiError;
+import org.onap.dmaap.dbcapi.service.DmaapService;
+import org.onap.dmaap.dbcapi.util.DmaapConfig;
+import org.onap.dmaap.dbcapi.util.PermissionBuilder;
+
+public class AAFAuthorizationFilter extends BaseLoggingClass implements Filter {
+
+    static final String CADI_AUTHZ_FLAG = "enableCADI";
+    private boolean isCadiEnabled = false;
+
+    private PermissionBuilder permissionBuilder;
+
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        DmaapConfig dmaapConfig = getConfig();
+        isCadiEnabled = "true".equalsIgnoreCase(dmaapConfig.getProperty(CADI_AUTHZ_FLAG, "false"));
+        if(isCadiEnabled) {
+            permissionBuilder = new PermissionBuilder(dmaapConfig, getDmaapService());
+        }
+    }
+
+    @Override
+    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
+        throws IOException, ServletException {
+
+        if(isCadiEnabled) {
+            HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
+            permissionBuilder.updateDmaapInstance();
+            String permission = permissionBuilder.buildPermission(httpRequest);
+
+            if (httpRequest.isUserInRole(permission)) {
+                logger.info("User " + httpRequest.getUserPrincipal().getName() + " has permission " + permission);
+                filterChain.doFilter(servletRequest, servletResponse);
+            } else {
+                String msg = "User " + httpRequest.getUserPrincipal().getName() + " does not have permission " + permission;
+                errorLogger.error(msg);
+                ((HttpServletResponse) servletResponse).setStatus(HttpStatus.FORBIDDEN_403);
+                servletResponse.setContentType("application/json");
+                servletResponse.setCharacterEncoding("UTF-8");
+                servletResponse.getWriter().print(buildErrorResponse(msg));
+                servletResponse.getWriter().flush();
+            }
+        } else {
+            filterChain.doFilter(servletRequest, servletResponse);
+        }
+    }
+
+    @Override
+    public void destroy() {
+        //nothing to cleanup
+    }
+
+    DmaapConfig getConfig() {
+        return (DmaapConfig) DmaapConfig.getConfig();
+    }
+
+    DmaapService getDmaapService() {
+        return new DmaapService();
+    }
+
+    private String buildErrorResponse(String msg) {
+        try {
+            return new ObjectMapper().writeValueAsString(new ApiError(HttpStatus.FORBIDDEN_403, msg, "Authorization"));
+        } catch (JsonProcessingException e) {
+            logger.warn("Could not serialize response entity: " + e.getMessage());
+            return "";
+        }
+    }
+
+    PermissionBuilder getPermissionBuilder() {
+        return permissionBuilder;
+    }
+
+    void setPermissionBuilder(PermissionBuilder permissionBuilder) {
+        this.permissionBuilder = permissionBuilder;
+    }
+
+    void setCadiEnabled(boolean cadiEnabled) {
+        isCadiEnabled = cadiEnabled;
+    }
+}