X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-PDP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpdp%2Frest%2Frestauth%2FPdpAuthenticationFilter.java;fp=ONAP-PDP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpdp%2Frest%2Frestauth%2FPdpAuthenticationFilter.java;h=b573b2e10260d033cc5f81d74f87167bfce46a15;hb=1b1640ae538cfdb3667fd3222dc4dec469b0e3f7;hp=0000000000000000000000000000000000000000;hpb=6da5838f43a4bf0dc8786c539f9a9aa521139e55;p=policy%2Fengine.git

diff --git a/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restauth/PdpAuthenticationFilter.java b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restauth/PdpAuthenticationFilter.java
new file mode 100644
index 000000000..b573b2e10
--- /dev/null
+++ b/ONAP-PDP-REST/src/main/java/org/onap/policy/pdp/rest/restauth/PdpAuthenticationFilter.java
@@ -0,0 +1,100 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP-PDP-REST
+ * ================================================================================
+ * Copyright (C) 2017,2019 AT&T Intellectual Property. All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+
+package org.onap.policy.pdp.rest.restauth;
+
+import java.io.IOException;
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * Servlet Filter implementation class PdpAuthenticationFilter.
+ */
+@WebFilter("/*")
+public class PdpAuthenticationFilter implements Filter {
+    private static final String APISTR = "/api/";
+    public static final String AUTHENTICATION_HEADER = "Authorization";
+    public static final String ENVIRONMENT_HEADER = "Environment";
+    public static final String CLIENTAUTH_HEADER = "ClientAuth";
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filter)
+            throws IOException, ServletException {
+        if (!(request instanceof HttpServletRequest)) {
+            return;
+        }
+        HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+        String environment = httpServletRequest.getHeader(ENVIRONMENT_HEADER);
+        String authHeader = httpServletRequest.getHeader(AUTHENTICATION_HEADER);
+        String clientAuthHeader = httpServletRequest.getHeader(CLIENTAUTH_HEADER);
+        String path = ((HttpServletRequest) request).getRequestURI();
+        String resource = path.substring(path.lastIndexOf('/') + 1);
+
+        boolean authenticationStatus =
+                AuthenticationService.checkPermissions(clientAuthHeader, authHeader, resource, environment, request);
+
+        if (authenticationStatus) {
+            if (check(path)) {
+                path = path.substring(path.indexOf('/', 1));
+                if (!path.contains(APISTR)) {
+                    request.getRequestDispatcher(APISTR + path).forward(request, response);
+                } else {
+                    request.getRequestDispatcher(path).forward(request, response);
+                }
+
+            } else {
+                filter.doFilter(request, response);
+            }
+        } else if (path.contains("swagger") || path.contains("api-docs") || path.contains("configuration")
+                || path.contains("count")) {
+            path = path.substring(path.indexOf('/', 1) + 1);
+            request.getRequestDispatcher(APISTR + path).forward(request, response);
+        } else if (path.contains("notifications")) {
+            filter.doFilter(request, response);
+        } else {
+            if (response instanceof HttpServletResponse) {
+                HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+                httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            }
+        }
+    }
+
+    private boolean check(String path) {
+        return !(path.endsWith("/pdp/") || path.endsWith("/pdp") || path.endsWith("/test"));
+    }
+
+    @Override
+    public void destroy() {
+        // Do nothing.
+    }
+
+    @Override
+    public void init(FilterConfig arg0) throws ServletException {
+        // Do nothing.
+    }
+
+}