--- /dev/null
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aai
+ * ================================================================================
+ * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright © 2017-2018 Amdocs
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aai.sa.auth;
+
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.File;
+import java.io.FileNotFoundException;
+import java.io.FileReader;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Timer;
+import org.json.simple.parser.JSONParser;
+import org.json.simple.parser.ParseException;
+import org.onap.aai.cl.api.Logger;
+import org.onap.aai.cl.eelf.LoggerFactory;
+import org.onap.aai.sa.searchdbabstraction.util.SearchDbConstants;
+
+public class SearchDbServiceAuthCore {
+
+ private static Logger logger = LoggerFactory.getInstance().getLogger(SearchDbServiceAuthCore.class.getName());
+
+ private static String authFileName = SearchDbConstants.SDB_AUTH_CONFIG_FILENAME;
+
+ private enum HTTP_METHODS {
+ POST,
+ GET,
+ PUT,
+ DELETE
+ }
+
+ private static boolean usersInitialized = false;
+ private static HashMap<String, SearchDbAuthUser> users;
+ private static Timer timer = null;
+
+ // Don't instantiate
+ private SearchDbServiceAuthCore() {}
+
+ public static synchronized void init() {
+ if (SearchDbServiceAuthCore.authFileName == null) {
+ SearchDbServiceAuthCore.authFileName = "/home/aaiadmin/etc/aaipolicy.json";
+ }
+ SearchDbServiceAuthCore.reloadUsers();
+ }
+
+ public static void cleanup() {
+ timer.cancel();
+ }
+
+ public static synchronized void reloadUsers() {
+ users = new HashMap<>();
+ ObjectMapper mapper = new ObjectMapper(); // can reuse, share globally
+ JSONParser parser = new JSONParser();
+ try {
+ parser.parse(new FileReader(authFileName));
+ JsonNode rootNode = mapper.readTree(new File(authFileName));
+ JsonNode rolesNode = rootNode.path("roles");
+
+ for (JsonNode roleNode : rolesNode) {
+ String roleName = roleNode.path("name").asText();
+
+ TabularAuthRole authRole = new TabularAuthRole();
+ JsonNode usersNode = roleNode.path("users");
+ JsonNode functionsNode = roleNode.path("functions");
+ for (JsonNode functionNode : functionsNode) {
+ String function = functionNode.path("name").asText();
+ JsonNode methodsNode = functionNode.path("methods");
+ boolean hasMethods = false;
+ for (JsonNode methodNode : methodsNode) {
+ String methodName = methodNode.path("name").asText();
+ hasMethods = true;
+ String thisFunction = methodName + ":" + function;
+
+ authRole.addAllowedFunction(thisFunction);
+ }
+
+ if (!hasMethods) {
+ // iterate the list from HTTP_METHODS
+ for (HTTP_METHODS meth : HTTP_METHODS.values()) {
+ String thisFunction = meth.toString() + ":" + function;
+ authRole.addAllowedFunction(thisFunction);
+ }
+ }
+
+ }
+ for (JsonNode userNode : usersNode) {
+ String username = userNode.path("username").asText().toLowerCase();
+ SearchDbAuthUser authUser = null;
+ if (users.containsKey(username)) {
+ authUser = users.get(username);
+ } else {
+ authUser = new SearchDbAuthUser();
+ }
+
+ authUser.setUser(username);
+ authUser.addRole(roleName, authRole);
+ users.put(username, authUser);
+ }
+ }
+ } catch (FileNotFoundException fnfe) {
+ logger.debug("Failed to load the policy file ");
+
+ } catch (ParseException e) {
+ logger.debug("Failed to Parse the policy file ");
+
+ } catch (JsonProcessingException e) {
+ logger.debug("JSON processing error while parsing policy file: " + e.getMessage());
+
+ } catch (IOException e) {
+ logger.debug("IO Exception while parsing policy file: " + e.getMessage());
+ }
+
+ usersInitialized = true;
+ }
+
+ public static class SearchDbAuthUser {
+ public SearchDbAuthUser() {
+ this.roles = new HashMap<>();
+ }
+
+ private String username;
+ private HashMap<String, TabularAuthRole> roles;
+
+ public String getUser() {
+ return this.username;
+ }
+
+ public Map<String, TabularAuthRole> getRoles() {
+ return this.roles;
+ }
+
+ public void addRole(String roleName, TabularAuthRole authRole) {
+ this.roles.put(roleName, authRole);
+ }
+
+ public boolean checkAllowed(String checkFunc) {
+ for (Map.Entry<String, TabularAuthRole> roleEntry : this.roles.entrySet()) {
+ TabularAuthRole role = roleEntry.getValue();
+ if (role.hasAllowedFunction(checkFunc)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ public void setUser(String myuser) {
+ this.username = myuser;
+ }
+ }
+
+ public static class TabularAuthRole {
+ public TabularAuthRole() {
+ this.allowedFunctions = new ArrayList<>();
+ }
+
+ private List<String> allowedFunctions;
+
+ public void addAllowedFunction(String func) {
+ this.allowedFunctions.add(func);
+ }
+
+ public void delAllowedFunction(String delFunc) {
+ if (this.allowedFunctions.contains(delFunc)) {
+ this.allowedFunctions.remove(delFunc);
+ }
+ }
+
+ public boolean hasAllowedFunction(String afunc) {
+ return this.allowedFunctions.contains(afunc);
+ }
+ }
+
+ public static Map<String, SearchDbAuthUser> getUsers() {
+ if (!usersInitialized || (users == null)) {
+ reloadUsers();
+ }
+ return users;
+ }
+
+ public static boolean authorize(String username, String authFunction) {
+ if (!usersInitialized || (users == null)) {
+ init();
+ }
+ if (users.containsKey(username)) {
+ return users.get(username).checkAllowed(authFunction);
+ } else {
+ return false;
+ }
+ }
+}
Code Review / aai / search-data-service.git / blobdiff