X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Frserv%2FTransFilter.java;h=aaf75fd701d31853b4ebd1a7f0342f1567ee7f12;hb=82755753f41112e1cdd91b2994620ad074dfbf20;hp=1011767a081eebed6b8124eb47930f8182b05082;hpb=71037c39a37d3549dcfe31926832a657744fbe05;p=aaf%2Fauthz.git diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java index 1011767a..aaf75fd7 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -33,10 +33,12 @@ import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.onap.aaf.auth.env.AuthzTrans; import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Connector; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.TrustChecker; import org.onap.aaf.cadi.config.Config; @@ -50,107 +52,113 @@ import org.onap.aaf.misc.env.util.Split; /** * Create a new Transaction Object for each and every incoming Transaction - * + * * Attach to Request. User "FilterHolder" mechanism to retain single instance. - * + * * TransFilter includes CADIFilter as part of the package, so that it can * set User Data, etc, as necessary. - * + * * @author Jonathan * */ public abstract class TransFilter implements Filter { - public static final String TRANS_TAG = "__TRANS__"; - - private CadiHTTPManip cadi; - - private final String[] no_authn; - - public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { - cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs); - String no = access.getProperty(Config.CADI_NOAUTHN, null); - if(no!=null) { - no_authn = Split.split(':', no); - } else { - no_authn=null; - } - } - - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } - - protected Lur getLur() { - return cadi.getLur(); - } - - protected abstract TRANS newTrans(); - protected abstract TimeTaken start(TRANS trans, ServletRequest request); - protected abstract void authenticated(TRANS trans, Principal p); - protected abstract void tallyHo(TRANS trans); - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - TRANS trans = newTrans(); - - TimeTaken overall = start(trans,request); - try { - request.setAttribute(TRANS_TAG, trans); - - HttpServletRequest req = (HttpServletRequest)request; - HttpServletResponse res = (HttpServletResponse)response; - - if(no_authn!=null) { - for(String prefix : no_authn) { - if(req.getPathInfo().startsWith(prefix)) { - chain.doFilter(request, response); - return; - } - } - } - - TimeTaken security = trans.start("CADI Security", Env.SUB); - TafResp resp; - RESP r; - CadiWrap cw = null; - try { - resp = cadi.validate(req,res,trans); - switch(r=resp.isAuthenticated()) { - case IS_AUTHENTICATED: - cw = new CadiWrap(req,resp,cadi.getLur()); - authenticated(trans, cw.getUserPrincipal()); - break; - default: - break; - } - } finally { - security.done(); - } - - if(r==RESP.IS_AUTHENTICATED) { - trans.checkpoint(resp.desc()); - if(cadi.notCadi(cw, res)) { - chain.doFilter(cw, response); - } - } else { - //TODO this is a good place to check if too many checks recently - // Would need Cached Counter objects that are cleaned up on - // use - trans.checkpoint(resp.desc(),Env.ALWAYS); - if(resp.isFailedAttempt()) - trans.audit().log(resp.desc()); - } - } catch(Exception e) { - trans.error().log(e); - trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage()); - throw new ServletException(e); - } finally { - overall.done(); - tallyHo(trans); - } - } - - @Override - public void destroy() { - }; + public static final String TRANS_TAG = "__TRANS__"; + + private CadiHTTPManip cadi; + + private final String[] noAuthn; + + public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException { + cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs); + String no = access.getProperty(Config.CADI_NOAUTHN, null); + if (no!=null) { + noAuthn = Split.split(':', no); + } else { + noAuthn =null; + } + } + + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + protected Lur getLur() { + return cadi.getLur(); + } + + protected abstract TRANS newTrans(HttpServletRequest request,HttpServletResponse response); + protected abstract TimeTaken start(TRANS trans); + protected abstract void authenticated(TRANS trans, Principal p); + protected abstract void tallyHo(TRANS trans, String target); + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletRequest req = (HttpServletRequest)request; + HttpServletResponse res = (HttpServletResponse)response; + + TRANS trans = newTrans(req,res); + + TimeTaken overall = start(trans); + String target = "n/a"; + try { + request.setAttribute(TRANS_TAG, trans); + + if (noAuthn !=null) { + for (String prefix : noAuthn) { + if (req.getPathInfo().startsWith(prefix)) { + chain.doFilter(request, response); + return; + } + } + } + + TimeTaken security = trans.start("CADI Security", Env.SUB); + TafResp resp; + RESP r; + CadiWrap cw = null; + try { + resp = cadi.validate(req,res,trans); + Object tag = req.getAttribute("CRED_TAG"); + if(tag!=null) { + ((AuthzTrans)trans).setTag(tag.toString()); + } + switch(r=resp.isAuthenticated()) { + case IS_AUTHENTICATED: + cw = new CadiWrap(req,resp,cadi.getLur()); + authenticated(trans, cw.getUserPrincipal()); + break; + default: + break; + } + } finally { + security.done(); + } + + if (r==RESP.IS_AUTHENTICATED) { + trans.checkpoint(resp.desc()); + if (cadi.notCadi(cw, res)) { + chain.doFilter(cw, response); + } + } else { + //TODO this is a good place to check if too many checks recently + // Would need Cached Counter objects that are cleaned up on + // use + trans.checkpoint(resp.desc(),Env.ALWAYS); + if (resp.isFailedAttempt()) { + target = resp.getTarget(); + } + } + } catch (Exception e) { + trans.error().log(e); + trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage()); + throw new ServletException(e); + } finally { + overall.done(); + tallyHo(trans,target); + } + } + + @Override + public void destroy() { + }; }