X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-locate%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Flocate%2Fapi%2FAPI_AAFAccess.java;h=2076e84743ad03cc01d99460bb387486f30566fe;hb=HEAD;hp=9de92d14a36afd1618104f734e2bbe6656bb746a;hpb=ceda6e8bc270202bcb24340b86617110289c902e;p=aaf%2Fauthz.git diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java index 9de92d14..2076e847 100644 --- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java +++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_AAFAccess.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -21,6 +21,8 @@ package org.onap.aaf.auth.locate.api; +import static org.onap.aaf.auth.layer.Result.OK; + import java.io.IOException; import java.net.ConnectException; import java.net.URI; @@ -53,207 +55,237 @@ import org.onap.aaf.misc.env.Env; import org.onap.aaf.misc.env.TimeTaken; public class API_AAFAccess { -// private static String service, version, envContext; +// private static String service, version, envContext; + + private static final String GET_PERMS_BY_USER = "Get Perms by User"; + private static final String USER_HAS_PERM ="User Has Perm"; +// private static final String USER_IN_ROLE ="User Has Role"; + + /** + * Normal Init level APIs + * + * @param gwAPI + * @param facade + * @throws Exception + */ + public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception { + + + gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) { + @Override + public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception { + TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB); + try { + final String accept = req.getHeader("ACCEPT"); + final String user = pathParam(req,":user"); + if (!user.contains("@")) { + context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user); + return; + } + final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json"); + TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB); + Dated d; + try { + d = gwAPI.cacheUser.get(key); + } finally { + tt2.done(); + } + + if (d==null || d.data.isEmpty()) { + tt2 = trans.start("AAF Service Call",Env.REMOTE); + try { + gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable() { + @Override + public Void code(Rcli client) throws CadiException, ConnectException, APIException { + Future fp = client.read("/authz/perms/user/"+user,accept); + if (fp.get(5000)) { + gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn)); + resp.setStatus(HttpStatus.OK_200); + ServletOutputStream sos; + try { + sos = resp.getOutputStream(); + sos.print(fp.value); + } catch (IOException e) { + throw new CadiException(e); + } + } else { + gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn)); + context.error(trans,resp,fp.code(),fp.body()); + } + return null; + } + }); + } finally { + tt2.done(); + } + } else { + User u = (User)d.data.get(0); + resp.setStatus(u.code); + ServletOutputStream sos = resp.getOutputStream(); + sos.print(u.resp); + } + } finally { + tt.done(); + } + } + }); + + + gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new BasicAuthCode(gwAPI.aafAuthn,facade) + ,"text/plain","*/*","*"); + + /** + * Query User Has Perm is DEPRECATED + * + * Need to move towards NS declaration... is this even being used? + * @deprecated + */ + gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new LocateCode(facade,USER_HAS_PERM, true) { + @Override + public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception { + try { + String type = pathParam(req,":type"); + int idx = type.lastIndexOf('.'); + String ns = type.substring(0,idx); + type = type.substring(idx+1); + resp.getOutputStream().print( + gwAPI.aafLurPerm.fish(new Principal() { + public String getName() { + return pathParam(req,":user"); + }; + }, new AAFPermission( + ns, + type, + pathParam(req,":instance"), + pathParam(req,":action")))); + resp.setStatus(HttpStatus.OK_200); + } catch (Exception e) { + context.error(trans, resp, Result.ERR_General, e.getMessage()); + } + } + }); + + gwAPI.route(HttpMethods.GET,"/gui/:path*",API.VOID,new LocateCode(facade,"Short Access PROD GUI for AAF", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + try { + redirect(trans, req, resp, context, + gwAPI.getGUILocator(), + "gui/"+pathParam(req,":path")); + } catch (LocatorException e) { + context.error(trans, resp, Result.ERR_BadData, e.getMessage()); + } catch (Exception e) { + context.error(trans, resp, Result.ERR_General, e.getMessage()); + } + } + }); - private static final String GET_PERMS_BY_USER = "Get Perms by User"; - private static final String USER_HAS_PERM ="User Has Perm"; -// private static final String USER_IN_ROLE ="User Has Role"; - - /** - * Normal Init level APIs - * - * @param gwAPI - * @param facade - * @throws Exception - */ - public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception { - - - gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception { - TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB); - try { - final String accept = req.getHeader("ACCEPT"); - final String user = pathParam(req,":user"); - if(!user.contains("@")) { - context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user); - return; - } - final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json"); - TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB); - Dated d; - try { - d = gwAPI.cacheUser.get(key); - } finally { - tt2.done(); - } - - if(d==null || d.data.isEmpty()) { - tt2 = trans.start("AAF Service Call",Env.REMOTE); - try { - gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable() { - @Override - public Void code(Rcli client) throws CadiException, ConnectException, APIException { - Future fp = client.read("/authz/perms/user/"+user,accept); - if(fp.get(5000)) { - gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn)); - resp.setStatus(HttpStatus.OK_200); - ServletOutputStream sos; - try { - sos = resp.getOutputStream(); - sos.print(fp.value); - } catch (IOException e) { - throw new CadiException(e); - } - } else { - gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn)); - context.error(trans,resp,fp.code(),fp.body()); - } - return null; - } - }); - } finally { - tt2.done(); - } - } else { - User u = (User)d.data.get(0); - resp.setStatus(u.code); - ServletOutputStream sos = resp.getOutputStream(); - sos.print(u.resp); - } - } finally { - tt.done(); - } - } - }); + gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new LocateCode(facade,"Access PROD GUI for AAF", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + try { + redirect(trans, req, resp, context, + gwAPI.getGUILocator(), + pathParam(req,":path")); + } catch (LocatorException e) { + context.error(trans, resp, Result.ERR_BadData, e.getMessage()); + } catch (Exception e) { + context.error(trans, resp, Result.ERR_General, e.getMessage()); + } + } + }); + } + public static void initDefault(final AAF_Locate gwAPI, LocateFacade facade) throws Exception { - gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new BasicAuthCode(gwAPI.aafAuthn,facade) - ,"text/plain","*/*","*"); + /** + * "login" url + */ + gwAPI.route(HttpMethods.GET,"/login",API.VOID,new LocateCode(facade,"Access Login GUI for AAF", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + try { + redirect(trans, req, resp, context, + gwAPI.getGUILocator(), + "login"); + } catch (LocatorException e) { + context.error(trans, resp, Result.ERR_BadData, e.getMessage()); + } catch (Exception e) { + context.error(trans, resp, Result.ERR_General, e.getMessage()); + } + } + }); - /** - * Query User Has Perm - */ - gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new LocateCode(facade,USER_HAS_PERM, true) { - @Override - public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - resp.getOutputStream().print( - gwAPI.aafLurPerm.fish(new Principal() { - public String getName() { - return pathParam(req,":user"); - }; - }, new AAFPermission( - pathParam(req,":type"), - pathParam(req,":instance"), - pathParam(req,":action")))); - resp.setStatus(HttpStatus.OK_200); - } catch(Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - gwAPI.route(HttpMethods.GET,"/gui/:path*",API.VOID,new LocateCode(facade,"Short Access PROD GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - gwAPI.getGUILocator(), - "gui/"+pathParam(req,":path")); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); + /** + * Default URL + */ + gwAPI.route(HttpMethods.GET,"/",API.VOID,new LocateCode(facade,"Access GUI for AAF", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + try { + redirect(trans, req, resp, context, + gwAPI.getGUILocator(), + "gui/home"); + } catch (Exception e) { + context.error(trans, resp, Result.ERR_General, e.getMessage()); + } + } + }); - gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new LocateCode(facade,"Access PROD GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - gwAPI.getGUILocator(), - pathParam(req,":path")); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - } - - public static void initDefault(final AAF_Locate gwAPI, LocateFacade facade) throws Exception { + /** + * Configuration + */ + gwAPI.route(HttpMethods.GET,"/configure/:id/:type",API.CONFIG,new LocateCode(facade,"Deliver Configuration Properties to AAF", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + try { + Result r = facade.getConfig(trans, req, resp, pathParam(req, ":id"),pathParam(req,":type")); + switch(r.status) { + case OK: + resp.setStatus(HttpStatus.OK_200); + break; + default: + context.error(trans,resp,r); + } - /** - * "login" url - */ - gwAPI.route(HttpMethods.GET,"/login",API.VOID,new LocateCode(facade,"Access Login GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - gwAPI.getGUILocator(), - "login"); - } catch (LocatorException e) { - context.error(trans, resp, Result.ERR_BadData, e.getMessage()); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); + } catch (Exception e) { + context.error(trans, resp, Result.ERR_General, e.getMessage()); + } + } + }); + } - - /** - * Default URL - */ - gwAPI.route(HttpMethods.GET,"/",API.VOID,new LocateCode(facade,"Access GUI for AAF", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - redirect(trans, req, resp, context, - gwAPI.getGUILocator(), - "gui/home"); - } catch (Exception e) { - context.error(trans, resp, Result.ERR_General, e.getMessage()); - } - } - }); - } + private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator loc, String path) throws IOException { + try { + if (loc.hasItems()) { + Item item = loc.best(); + URI uri = loc.get(item); + StringBuilder redirectURL = new StringBuilder(uri.toString()); + redirectURL.append('/'); + redirectURL.append(path); + String str = req.getQueryString(); + if (str!=null) { + redirectURL.append('?'); + redirectURL.append(str); + } + trans.info().log("Redirect to",redirectURL); + resp.sendRedirect(redirectURL.toString()); + } else { + context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection")); + } + } catch (LocatorException e) { + context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Endpoints found for %s",req.getPathInfo())); + } + } - private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator loc, String path) throws IOException { - try { - if(loc.hasItems()) { - Item item = loc.best(); - URI uri = loc.get(item); - StringBuilder redirectURL = new StringBuilder(uri.toString()); - redirectURL.append('/'); - redirectURL.append(path); - String str = req.getQueryString(); - if(str!=null) { - redirectURL.append('?'); - redirectURL.append(str); - } - trans.info().log("Redirect to",redirectURL); - resp.sendRedirect(redirectURL.toString()); - } else { - context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection")); - } - } catch (LocatorException e) { - context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Endpoints found for %s",req.getPathInfo())); - } - } + private static class User { + public final int code; + public final String resp; - private static class User { - public final int code; - public final String resp; - - public User(int code, String resp) { - this.code = code; - this.resp = resp; - } - } + public User(int code, String resp) { + this.code = code; + this.resp = resp; + } + } }