X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Frserv%2FTransFilter.java;h=5b8569352773c807f17a107f8cdc47644e1faeff;hb=1296352d8eafee57f982a4342ad79ada4aa56d28;hp=b36fd23470caa856bcec2b1121064f3dc3078bb6;hpb=4b5a7d721d994a49057e9bfb403c7bff1b376660;p=aaf%2Fauthz.git

diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java
index b36fd234..5b856935 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java
@@ -7,9 +7,9 @@
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -33,6 +33,7 @@ import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.onap.aaf.auth.env.AuthzTrans;
 import org.onap.aaf.cadi.Access;
 import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.cadi.CadiWrap;
@@ -51,26 +52,26 @@ import org.onap.aaf.misc.env.util.Split;
 
 /**
  * Create a new Transaction Object for each and every incoming Transaction
- * 
+ *
  * Attach to Request.  User "FilterHolder" mechanism to retain single instance.
- * 
+ *
  * TransFilter includes CADIFilter as part of the package, so that it can
  * set User Data, etc, as necessary.
- * 
+ *
  * @author Jonathan
  *
  */
 public abstract class TransFilter<TRANS extends TransStore> implements Filter {
     public static final String TRANS_TAG = "__TRANS__";
-    
+
     private CadiHTTPManip cadi;
 
     private final String[] no_authn;
-    
+
     public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException {
         cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
         String no = access.getProperty(Config.CADI_NOAUTHN, null);
-        if(no!=null) {
+        if (no!=null) {
             no_authn = Split.split(':', no);
         } else {
             no_authn=null;
@@ -80,30 +81,31 @@ public abstract class TransFilter<TRANS extends TransStore> implements Filter {
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
     }
-    
+
     protected Lur getLur() {
         return cadi.getLur();
     }
 
-    protected abstract TRANS newTrans(HttpServletRequest request);
-    protected abstract TimeTaken start(TRANS trans, ServletRequest request);
+    protected abstract TRANS newTrans(HttpServletRequest request,HttpServletResponse response);
+    protected abstract TimeTaken start(TRANS trans);
     protected abstract void authenticated(TRANS trans, Principal p);
-    protected abstract void tallyHo(TRANS trans);
-    
+    protected abstract void tallyHo(TRANS trans, String target);
+
     @Override
     public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
         HttpServletRequest req = (HttpServletRequest)request;
         HttpServletResponse res = (HttpServletResponse)response;
-        
-        TRANS trans = newTrans(req);
-        
-        TimeTaken overall = start(trans,request);
+
+        TRANS trans = newTrans(req,res);
+
+        TimeTaken overall = start(trans);
+        String target = "n/a";
         try {
             request.setAttribute(TRANS_TAG, trans);
-            
-            if(no_authn!=null) {
-                for(String prefix : no_authn) {
-                    if(req.getPathInfo().startsWith(prefix)) {
+
+            if (no_authn!=null) {
+                for (String prefix : no_authn) {
+                    if (req.getPathInfo().startsWith(prefix)) {
                         chain.doFilter(request, response);
                         return;
                     }
@@ -116,6 +118,10 @@ public abstract class TransFilter<TRANS extends TransStore> implements Filter {
             CadiWrap cw = null;
             try {
                 resp = cadi.validate(req,res,trans);
+                Object tag = req.getAttribute("CRED_TAG");
+                if(tag!=null) {
+                    ((AuthzTrans)trans).setTag(tag.toString());
+                }
                 switch(r=resp.isAuthenticated()) {
                     case IS_AUTHENTICATED:
                         cw = new CadiWrap(req,resp,cadi.getLur());
@@ -127,27 +133,28 @@ public abstract class TransFilter<TRANS extends TransStore> implements Filter {
             } finally {
                 security.done();
             }
-            
-            if(r==RESP.IS_AUTHENTICATED) {
+
+            if (r==RESP.IS_AUTHENTICATED) {
                 trans.checkpoint(resp.desc());
-                if(cadi.notCadi(cw, res)) {
+                if (cadi.notCadi(cw, res)) {
                     chain.doFilter(cw, response);
                 }
             } else {
                 //TODO this is a good place to check if too many checks recently
-                // Would need Cached Counter objects that are cleaned up on 
+                // Would need Cached Counter objects that are cleaned up on
                 // use
                 trans.checkpoint(resp.desc(),Env.ALWAYS);
-                if(resp.isFailedAttempt())
-                        trans.audit().log(resp.desc());
+                if (resp.isFailedAttempt()) {
+                    target = resp.getTarget();
+                }
             }
-        } catch(Exception e) {
+        } catch (Exception e) {
             trans.error().log(e);
             trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
             throw new ServletException(e);
         } finally {
             overall.done();
-            tallyHo(trans);
+            tallyHo(trans,target);
         }
     }