X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=auth%2Fauth-service%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fauth%2Fservice%2Fapi%2FAPI_Mgmt.java;h=be608df563b22d5442d0b15b8cf5ef1790030209;hb=refs%2Fchanges%2F75%2F65275%2F1;hp=b68b445c30fb8f1cb0a38bc17f17be8626fcb9e3;hpb=824dc7b5fc0e1ccdf7f460479aff344727f0f01e;p=aaf%2Fauthz.git diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java index b68b445c..be608df5 100644 --- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java +++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/api/API_Mgmt.java @@ -48,229 +48,229 @@ import org.onap.aaf.misc.env.Trans; */ public class API_Mgmt { - private static final String SUCCESS = "SUCCESS"; - private final static String PERM_DB_POOL_CLEAR=Define.ROOT_NS()+".db|pool|clear"; - private final static String PERM_DENY_IP = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|ip"; - private final static String PERM_DENY_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id"; - private final static String PERM_LOG_ID = Define.ROOT_NS()+".log|" + Define.ROOT_COMPANY() + "|id"; + private static final String SUCCESS = "SUCCESS"; + private final static String PERM_DB_POOL_CLEAR=Define.ROOT_NS()+".db|pool|clear"; + private final static String PERM_DENY_IP = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|ip"; + private final static String PERM_DENY_ID = Define.ROOT_NS()+".deny|" + Define.ROOT_COMPANY() + "|id"; + private final static String PERM_LOG_ID = Define.ROOT_NS()+".log|" + Define.ROOT_COMPANY() + "|id"; - /** - * Normal Init level APIs - * - * @param authzAPI - * @param facade - * @throws Exception - */ - public static void init(final AAF_Service authzAPI, AuthzFacade facade) throws Exception { + /** + * Normal Init level APIs + * + * @param authzAPI + * @param facade + * @throws Exception + */ + public static void init(final AAF_Service authzAPI, AuthzFacade facade) throws Exception { - /** - * Clear Cache Segment - */ - authzAPI.route(DELETE,"/mgmt/cache/:area/:segments",API.VOID,new Code(facade,"Clear Cache by Segment", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result r = context.cacheClear(trans, pathParam(req,"area"), pathParam(req,"segments")); - switch(r.status) { - case OK: - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); - break; - default: - context.error(trans,resp,r); - } - } - }); - - /** - * Clear Cache - */ - authzAPI.route(DELETE,"/mgmt/cache/:area",API.VOID,new Code(facade,"Clear Cache", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - Result r; - String area; - r = context.cacheClear(trans, area=pathParam(req,"area")); - switch(r.status) { - case OK: - trans.audit().log("Cache " + area + " has been cleared by "+trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); - break; - default: - context.error(trans,resp,r); - } - } - }); + /** + * Clear Cache Segment + */ + authzAPI.route(DELETE,"/mgmt/cache/:area/:segments",API.VOID,new Code(facade,"Clear Cache by Segment", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + Result r = context.cacheClear(trans, pathParam(req,"area"), pathParam(req,"segments")); + switch(r.status) { + case OK: + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.OK_200); + break; + default: + context.error(trans,resp,r); + } + } + }); + + /** + * Clear Cache + */ + authzAPI.route(DELETE,"/mgmt/cache/:area",API.VOID,new Code(facade,"Clear Cache", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + Result r; + String area; + r = context.cacheClear(trans, area=pathParam(req,"area")); + switch(r.status) { + case OK: + trans.audit().log("Cache " + area + " has been cleared by "+trans.user()); + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.OK_200); + break; + default: + context.error(trans,resp,r); + } + } + }); - /** - * Clear DB Sessions - */ - authzAPI.route(DELETE,"/mgmt/dbsession",API.VOID,new Code(facade,"Clear DBSessions", true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - try { - if(req.isUserInRole(PERM_DB_POOL_CLEAR)) { - context.dbReset(trans); + /** + * Clear DB Sessions + */ + authzAPI.route(DELETE,"/mgmt/dbsession",API.VOID,new Code(facade,"Clear DBSessions", true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + try { + if(req.isUserInRole(PERM_DB_POOL_CLEAR)) { + context.dbReset(trans); - trans.audit().log("DB Sessions have been cleared by "+trans.user()); + trans.audit().log("DB Sessions have been cleared by "+trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); - return; - } - context.error(trans,resp,Result.err(Result.ERR_Denied,"%s is not allowed to clear dbsessions",trans.user())); - } catch(Exception e) { - trans.error().log(e, "clearing dbsession"); - context.error(trans,resp,Result.err(e)); - } - } - }); + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.OK_200); + return; + } + context.error(trans,resp,Result.err(Result.ERR_Denied,"%s is not allowed to clear dbsessions",trans.user())); + } catch(Exception e) { + trans.error().log(e, "clearing dbsession"); + context.error(trans,resp,Result.err(e)); + } + } + }); - /** - * Deny an IP - */ - authzAPI.route(POST, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Deny IP",true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - String ip = pathParam(req,":ip"); - if(req.isUserInRole(PERM_DENY_IP)) { - if(DenialOfServiceTaf.denyIP(ip)) { - trans.audit().log(ip+" has been set to deny by "+trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); + /** + * Deny an IP + */ + authzAPI.route(POST, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Deny IP",true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + String ip = pathParam(req,":ip"); + if(req.isUserInRole(PERM_DENY_IP)) { + if(DenialOfServiceTaf.denyIP(ip)) { + trans.audit().log(ip+" has been set to deny by "+trans.user()); + trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.CREATED_201); - } else { - context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, - ip + " is already being denied")); - } - } else { - trans.audit().log(trans.user(),"has attempted to deny",ip,"without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, - trans.getUserPrincipal().getName() + " is not allowed to set IP Denial")); - } - } - }); - - /** - * Stop Denying an IP - */ - authzAPI.route(DELETE, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Stop Denying IP",true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - String ip = pathParam(req,":ip"); - if(req.isUserInRole(PERM_DENY_IP)) { - if(DenialOfServiceTaf.removeDenyIP(ip)) { - trans.audit().log(ip+" has been removed from denial by "+trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); - } else { - context.error(trans,resp,Result.err(Status.ERR_NotFound, - ip + " is not on the denial list")); - } - } else { - trans.audit().log(trans.user(),"has attempted to remove",ip," from being denied without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, - trans.getUserPrincipal().getName() + " is not allowed to remove IP Denial")); - } - } - }); + resp.setStatus(HttpStatus.CREATED_201); + } else { + context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, + ip + " is already being denied")); + } + } else { + trans.audit().log(trans.user(),"has attempted to deny",ip,"without authorization"); + context.error(trans,resp,Result.err(Status.ERR_Denied, + trans.getUserPrincipal().getName() + " is not allowed to set IP Denial")); + } + } + }); + + /** + * Stop Denying an IP + */ + authzAPI.route(DELETE, "/mgmt/deny/ip/:ip", API.VOID, new Code(facade,"Stop Denying IP",true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + String ip = pathParam(req,":ip"); + if(req.isUserInRole(PERM_DENY_IP)) { + if(DenialOfServiceTaf.removeDenyIP(ip)) { + trans.audit().log(ip+" has been removed from denial by "+trans.user()); + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.OK_200); + } else { + context.error(trans,resp,Result.err(Status.ERR_NotFound, + ip + " is not on the denial list")); + } + } else { + trans.audit().log(trans.user(),"has attempted to remove",ip," from being denied without authorization"); + context.error(trans,resp,Result.err(Status.ERR_Denied, + trans.getUserPrincipal().getName() + " is not allowed to remove IP Denial")); + } + } + }); - /** - * Deny an ID - */ - authzAPI.route(POST, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Deny ID",true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - String id = pathParam(req,":id"); - if(req.isUserInRole(PERM_DENY_ID)) { - if(DenialOfServiceTaf.denyID(id)) { - trans.audit().log(id+" has been set to deny by "+trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.CREATED_201); - } else { - context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, - id + " is already being denied")); - } - } else { - trans.audit().log(trans.user(),"has attempted to deny",id,"without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, - trans.getUserPrincipal().getName() + " is not allowed to set ID Denial")); - } - } - }); - - /** - * Stop Denying an ID - */ - authzAPI.route(DELETE, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Stop Denying ID",true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - String id = pathParam(req,":id"); - if(req.isUserInRole(PERM_DENY_ID)) { - if(DenialOfServiceTaf.removeDenyID(id)) { - trans.audit().log(id+" has been removed from denial by " + trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); - } else { - context.error(trans,resp,Result.err(Status.ERR_NotFound, - id + " is not on the denial list")); - } - } else { - trans.audit().log(trans.user(),"has attempted to remove",id," from being denied without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, - trans.getUserPrincipal().getName() + " is not allowed to remove ID Denial")); - } - } - }); + /** + * Deny an ID + */ + authzAPI.route(POST, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Deny ID",true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + String id = pathParam(req,":id"); + if(req.isUserInRole(PERM_DENY_ID)) { + if(DenialOfServiceTaf.denyID(id)) { + trans.audit().log(id+" has been set to deny by "+trans.user()); + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.CREATED_201); + } else { + context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, + id + " is already being denied")); + } + } else { + trans.audit().log(trans.user(),"has attempted to deny",id,"without authorization"); + context.error(trans,resp,Result.err(Status.ERR_Denied, + trans.getUserPrincipal().getName() + " is not allowed to set ID Denial")); + } + } + }); + + /** + * Stop Denying an ID + */ + authzAPI.route(DELETE, "/mgmt/deny/id/:id", API.VOID, new Code(facade,"Stop Denying ID",true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + String id = pathParam(req,":id"); + if(req.isUserInRole(PERM_DENY_ID)) { + if(DenialOfServiceTaf.removeDenyID(id)) { + trans.audit().log(id+" has been removed from denial by " + trans.user()); + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.OK_200); + } else { + context.error(trans,resp,Result.err(Status.ERR_NotFound, + id + " is not on the denial list")); + } + } else { + trans.audit().log(trans.user(),"has attempted to remove",id," from being denied without authorization"); + context.error(trans,resp,Result.err(Status.ERR_Denied, + trans.getUserPrincipal().getName() + " is not allowed to remove ID Denial")); + } + } + }); - /** - * Deny an ID - */ - authzAPI.route(POST, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Special Log ID",true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - String id = pathParam(req,":id"); - if(req.isUserInRole(PERM_LOG_ID)) { - if(Question.specialLogOn(trans,id)) { - trans.audit().log(id+" has been set to special Log by "+trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.CREATED_201); - } else { - context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, - id + " is already being special Logged")); - } - } else { - trans.audit().log(trans.user(),"has attempted to special Log",id,"without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, - trans.getUserPrincipal().getName() + " is not allowed to set ID special Logging")); - } - } - }); - - /** - * Stop Denying an ID - */ - authzAPI.route(DELETE, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Stop Special Log ID",true) { - @Override - public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { - String id = pathParam(req,":id"); - if(req.isUserInRole(PERM_LOG_ID)) { - if(Question.specialLogOff(trans,id)) { - trans.audit().log(id+" has been removed from special Logging by " + trans.user()); - trans.checkpoint(SUCCESS,Trans.ALWAYS); - resp.setStatus(HttpStatus.OK_200); - } else { - context.error(trans,resp,Result.err(Status.ERR_NotFound, - id + " is not on the special Logging list")); - } - } else { - trans.audit().log(trans.user(),"has attempted to remove",id," from being special Logged without authorization"); - context.error(trans,resp,Result.err(Status.ERR_Denied, - trans.getUserPrincipal().getName() + " is not allowed to remove ID special Logging")); - } - } - }); + /** + * Deny an ID + */ + authzAPI.route(POST, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Special Log ID",true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + String id = pathParam(req,":id"); + if(req.isUserInRole(PERM_LOG_ID)) { + if(Question.specialLogOn(trans,id)) { + trans.audit().log(id+" has been set to special Log by "+trans.user()); + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.CREATED_201); + } else { + context.error(trans,resp,Result.err(Status.ERR_ConflictAlreadyExists, + id + " is already being special Logged")); + } + } else { + trans.audit().log(trans.user(),"has attempted to special Log",id,"without authorization"); + context.error(trans,resp,Result.err(Status.ERR_Denied, + trans.getUserPrincipal().getName() + " is not allowed to set ID special Logging")); + } + } + }); + + /** + * Stop Denying an ID + */ + authzAPI.route(DELETE, "/mgmt/log/id/:id", API.VOID, new Code(facade,"Stop Special Log ID",true) { + @Override + public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception { + String id = pathParam(req,":id"); + if(req.isUserInRole(PERM_LOG_ID)) { + if(Question.specialLogOff(trans,id)) { + trans.audit().log(id+" has been removed from special Logging by " + trans.user()); + trans.checkpoint(SUCCESS,Trans.ALWAYS); + resp.setStatus(HttpStatus.OK_200); + } else { + context.error(trans,resp,Result.err(Status.ERR_NotFound, + id + " is not on the special Logging list")); + } + } else { + trans.audit().log(trans.user(),"has attempted to remove",id," from being special Logged without authorization"); + context.error(trans,resp,Result.err(Status.ERR_Denied, + trans.getUserPrincipal().getName() + " is not allowed to remove ID special Logging")); + } + } + }); - } + } }