X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-core%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Frserv%2FTransFilter.java;h=b36fd23470caa856bcec2b1121064f3dc3078bb6;hb=4b5a7d721d994a49057e9bfb403c7bff1b376660;hp=1011767a081eebed6b8124eb47930f8182b05082;hpb=ceda6e8bc270202bcb24340b86617110289c902e;p=aaf%2Fauthz.git diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java index 1011767a..b36fd234 100644 --- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java +++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java @@ -37,6 +37,7 @@ import org.onap.aaf.cadi.Access; import org.onap.aaf.cadi.CadiException; import org.onap.aaf.cadi.CadiWrap; import org.onap.aaf.cadi.Connector; +import org.onap.aaf.cadi.LocatorException; import org.onap.aaf.cadi.Lur; import org.onap.aaf.cadi.TrustChecker; import org.onap.aaf.cadi.config.Config; @@ -60,97 +61,97 @@ import org.onap.aaf.misc.env.util.Split; * */ public abstract class TransFilter implements Filter { - public static final String TRANS_TAG = "__TRANS__"; - - private CadiHTTPManip cadi; + public static final String TRANS_TAG = "__TRANS__"; + + private CadiHTTPManip cadi; - private final String[] no_authn; - - public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException { - cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs); - String no = access.getProperty(Config.CADI_NOAUTHN, null); - if(no!=null) { - no_authn = Split.split(':', no); - } else { - no_authn=null; - } - } + private final String[] no_authn; + + public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException { + cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs); + String no = access.getProperty(Config.CADI_NOAUTHN, null); + if(no!=null) { + no_authn = Split.split(':', no); + } else { + no_authn=null; + } + } - @Override - public void init(FilterConfig filterConfig) throws ServletException { - } - - protected Lur getLur() { - return cadi.getLur(); - } + @Override + public void init(FilterConfig filterConfig) throws ServletException { + } + + protected Lur getLur() { + return cadi.getLur(); + } - protected abstract TRANS newTrans(); - protected abstract TimeTaken start(TRANS trans, ServletRequest request); - protected abstract void authenticated(TRANS trans, Principal p); - protected abstract void tallyHo(TRANS trans); - - @Override - public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { - TRANS trans = newTrans(); - - TimeTaken overall = start(trans,request); - try { - request.setAttribute(TRANS_TAG, trans); - - HttpServletRequest req = (HttpServletRequest)request; - HttpServletResponse res = (HttpServletResponse)response; - - if(no_authn!=null) { - for(String prefix : no_authn) { - if(req.getPathInfo().startsWith(prefix)) { - chain.doFilter(request, response); - return; - } - } - } + protected abstract TRANS newTrans(HttpServletRequest request); + protected abstract TimeTaken start(TRANS trans, ServletRequest request); + protected abstract void authenticated(TRANS trans, Principal p); + protected abstract void tallyHo(TRANS trans); + + @Override + public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { + HttpServletRequest req = (HttpServletRequest)request; + HttpServletResponse res = (HttpServletResponse)response; + + TRANS trans = newTrans(req); + + TimeTaken overall = start(trans,request); + try { + request.setAttribute(TRANS_TAG, trans); + + if(no_authn!=null) { + for(String prefix : no_authn) { + if(req.getPathInfo().startsWith(prefix)) { + chain.doFilter(request, response); + return; + } + } + } - TimeTaken security = trans.start("CADI Security", Env.SUB); - TafResp resp; - RESP r; - CadiWrap cw = null; - try { - resp = cadi.validate(req,res,trans); - switch(r=resp.isAuthenticated()) { - case IS_AUTHENTICATED: - cw = new CadiWrap(req,resp,cadi.getLur()); - authenticated(trans, cw.getUserPrincipal()); - break; - default: - break; - } - } finally { - security.done(); - } - - if(r==RESP.IS_AUTHENTICATED) { - trans.checkpoint(resp.desc()); - if(cadi.notCadi(cw, res)) { - chain.doFilter(cw, response); - } - } else { - //TODO this is a good place to check if too many checks recently - // Would need Cached Counter objects that are cleaned up on - // use - trans.checkpoint(resp.desc(),Env.ALWAYS); - if(resp.isFailedAttempt()) - trans.audit().log(resp.desc()); - } - } catch(Exception e) { - trans.error().log(e); - trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage()); - throw new ServletException(e); - } finally { - overall.done(); - tallyHo(trans); - } - } + TimeTaken security = trans.start("CADI Security", Env.SUB); + TafResp resp; + RESP r; + CadiWrap cw = null; + try { + resp = cadi.validate(req,res,trans); + switch(r=resp.isAuthenticated()) { + case IS_AUTHENTICATED: + cw = new CadiWrap(req,resp,cadi.getLur()); + authenticated(trans, cw.getUserPrincipal()); + break; + default: + break; + } + } finally { + security.done(); + } + + if(r==RESP.IS_AUTHENTICATED) { + trans.checkpoint(resp.desc()); + if(cadi.notCadi(cw, res)) { + chain.doFilter(cw, response); + } + } else { + //TODO this is a good place to check if too many checks recently + // Would need Cached Counter objects that are cleaned up on + // use + trans.checkpoint(resp.desc(),Env.ALWAYS); + if(resp.isFailedAttempt()) + trans.audit().log(resp.desc()); + } + } catch(Exception e) { + trans.error().log(e); + trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage()); + throw new ServletException(e); + } finally { + overall.done(); + tallyHo(trans); + } + } - @Override - public void destroy() { - }; + @Override + public void destroy() { + }; }