X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=ONAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Frest%2FXacmlAdminAuthorization.java;h=8a59ec6037c88ad145df4aaeca6bb711112ff303;hb=9450c8d0102b9188933b5d26193df754a70a7157;hp=c29e17637f79e4431ffe7ea03de05294cffe10b4;hpb=79343205a720ef656837275f973de93f1d26b3e9;p=policy%2Fengine.git diff --git a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java index c29e17637..8a59ec603 100644 --- a/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java +++ b/ONAP-REST/src/main/java/org/onap/policy/rest/XacmlAdminAuthorization.java @@ -2,7 +2,7 @@ * ============LICENSE_START======================================================= * ONAP-REST * ================================================================================ - * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved. + * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved. * ================================================================================ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,77 +20,8 @@ package org.onap.policy.rest; -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; -import org.onap.policy.common.logging.eelf.MessageCodes; -import org.onap.policy.common.logging.eelf.PolicyLogger; -import org.onap.policy.rest.jpa.UserInfo; -import org.onap.policy.xacml.api.XACMLErrorConstants; - -import com.att.research.xacml.api.DataTypeException; -import com.att.research.xacml.api.Decision; -import com.att.research.xacml.api.Request; -import com.att.research.xacml.api.Response; -import com.att.research.xacml.api.Result; -import com.att.research.xacml.api.pdp.PDPEngine; -import com.att.research.xacml.api.pdp.PDPEngineFactory; -import com.att.research.xacml.api.pdp.PDPException; -import com.att.research.xacml.std.annotations.RequestParser; -import com.att.research.xacml.std.annotations.XACMLAction; -import com.att.research.xacml.std.annotations.XACMLRequest; -import com.att.research.xacml.std.annotations.XACMLResource; -import com.att.research.xacml.std.annotations.XACMLSubject; -import com.att.research.xacml.util.FactoryException; - - - public class XacmlAdminAuthorization { - private static Log logger = LogFactory.getLog(XacmlAdminAuthorization.class); - - private static UserInfo userId; - public static UserInfo getUserId() { - return userId; - } - - public static void setUserId(UserInfo userId) { - XacmlAdminAuthorization.userId = userId; - } - public enum AdminAction { - ACTION_ACCESS("access"), - ACTION_READ("read"), - ACTION_WRITE("write"), - ACTION_ADMIN("admin"); - - String action; - AdminAction(String a) { - this.action = a; - } - @Override - public String toString() { - return this.action; - } - } - - public enum AdminResource { - RESOURCE_APPLICATION("application"), - RESOURCE_POLICY_WORKSPACE("workspace"), - RESOURCE_POLICY_EDITOR("editor"), - RESOURCE_DICTIONARIES("dictionaries"), - RESOURCE_PDP_ADMIN("pdp_admin"), - RESOURCE_PIP_ADMIN("pip_admin"), - RESOURCE_SCOPES_SUPERADMIN("manage_scopes"); - - String resource; - AdminResource(String r) { - this.resource = r; - } - @Override - public String toString() { - return this.resource; - } - } - public enum Role { ROLE_GUEST("guest"), ROLE_ADMIN("admin"), @@ -109,115 +40,4 @@ public class XacmlAdminAuthorization { return this.userRole; } } - - @XACMLRequest(ReturnPolicyIdList=true) - public class AuthorizationRequest { - - @XACMLSubject(includeInResults=true) - String userID; - - @XACMLAction() - String action; - - @XACMLResource() - String resource; - - public AuthorizationRequest(String userId, String action, String resource) { - this.userID = userId; - this.action = action; - this.resource = resource; - } - - public String getUserID() { - return userID; - } - - public void setUserID(String userID) { - this.userID = userID; - } - - public String getAction() { - return action; - } - - public void setAction(String action) { - this.action = action; - } - - public String getResource() { - return resource; - } - - public void setResource(String resource) { - this.resource = resource; - } - } - - // - // The PDP Engine - // - protected PDPEngine pdpEngine; - - public XacmlAdminAuthorization() { - PDPEngineFactory pdpEngineFactory = null; - try { - pdpEngineFactory = PDPEngineFactory.newInstance(); - if (pdpEngineFactory == null) { - logger.error("Failed to create PDP Engine Factory"); - PolicyLogger.error("Failed to create PDP Engine Factory"); - } - this.pdpEngine = pdpEngineFactory.newEngine(); - } catch (FactoryException e) { - logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Exception create PDP Engine: " + e.getLocalizedMessage()); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Exception create PDP Engine"); - } - } - - public boolean isAuthorized(String userid, AdminAction action, AdminResource resource) { - logger.info("authorize: " + userid + " to " + action + " with " + resource); - if (this.pdpEngine == null) { - logger.warn("no pdp engine available to authorize"); - return false; - } - Request request; - try { - request = RequestParser.parseRequest(new AuthorizationRequest(userid, action.toString(), resource.toString())); - } catch (IllegalArgumentException | IllegalAccessException | DataTypeException e) { - logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "Failed to create request: " + e.getLocalizedMessage()); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "Failed to create request"); - return false; - } - if (request == null) { - logger.error("Failed to parse request."); - PolicyLogger.error("Failed to parse request"); - return false; - } - logger.info("Request: " + request); - // - // Ask the engine - // - try { - Response response = this.pdpEngine.decide(request); - if (response == null) { - logger.error("Null response from PDP decide"); - PolicyLogger.error("Null response from PDP decide"); - } - // - // Should only be one result - // - if(response != null){ - for (Result result : response.getResults()) { - Decision decision = result.getDecision(); - logger.info("Decision: " + decision); - if (decision.equals(Decision.PERMIT)) { - return true; - } - } - } - } catch (PDPException e) { - logger.error(XACMLErrorConstants.ERROR_PROCESS_FLOW + "PDP Decide failed: " + e.getLocalizedMessage()); - PolicyLogger.error(MessageCodes.ERROR_PROCESS_FLOW, e, "XacmlAdminAuthorization", "PDP Decide failed"); - } - return false; - } }