X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=cadi%2Faaf%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Faaf%2Fcadi%2Foauth%2FOAuth2HttpTaf.java;h=e22eed0b8732f6143cff3d91d3e7ba0659850312;hb=6dd9704640eb8cc8d6b4ccd266e40a3f6f589e75;hp=3d5f7d9a6b2bd99a4f315c1b7313bbf3e60049af;hpb=a20accc73189d8e5454cd26049c0e6fae75da16f;p=aaf%2Fauthz.git diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTaf.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTaf.java index 3d5f7d9a..e22eed0b 100644 --- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTaf.java +++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/oauth/OAuth2HttpTaf.java @@ -7,9 +7,9 @@ * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. @@ -41,42 +41,42 @@ import org.onap.aaf.cadi.taf.TafResp.RESP; import org.onap.aaf.misc.env.APIException; public class OAuth2HttpTaf implements HttpTaf { - final private Access access; - final private TokenMgr tmgr; + final private Access access; + final private TokenMgr tmgr; + + public OAuth2HttpTaf(final Access access, final TokenMgr tmgr) { + this.tmgr = tmgr; + this.access = access; + } - public OAuth2HttpTaf(final Access access, final TokenMgr tmgr) { - this.tmgr = tmgr; - this.access = access; - } - - @Override - public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) { - String authz = req.getHeader("Authorization"); - if(authz != null && authz.length()>7 && authz.startsWith("Bearer ")) { - if(!req.isSecure()) { - access.log(Level.WARN,"WARNING! OAuth has been used over an insecure channel"); - } - try { - String tkn = authz.substring(7); - Result rp = tmgr.toPrincipal(tkn,Hash.hashSHA256(tkn.getBytes())); - if(rp.isOK()) { - return new OAuth2HttpTafResp(access,rp.value,rp.value.getName()+" authenticated by Bearer Token",RESP.IS_AUTHENTICATED,resp,false); - } else { - return new OAuth2HttpTafResp(access,null,rp.error,RESP.FAIL,resp,true); - } - } catch (APIException | CadiException | LocatorException e) { - return new OAuth2HttpTafResp(access,null,"Bearer Token invalid",RESP.FAIL,resp,true); - } catch (NoSuchAlgorithmException e) { - return new OAuth2HttpTafResp(access,null,"Security Algorithm not available",RESP.FAIL,resp,true); - } - } - return new OAuth2HttpTafResp(access,null,"No OAuth2 ",RESP.TRY_ANOTHER_TAF,resp,true); - } + @Override + public TafResp validate(LifeForm reading, HttpServletRequest req, HttpServletResponse resp) { + String authz = req.getHeader("Authorization"); + if (authz != null && authz.length()>7 && authz.startsWith("Bearer ")) { + if (!req.isSecure()) { + access.log(Level.WARN,"WARNING! OAuth has been used over an insecure channel"); + } + try { + String tkn = authz.substring(7); + Result rp = tmgr.toPrincipal(tkn,Hash.hashSHA256(tkn.getBytes())); + if (rp.isOK()) { + return new OAuth2HttpTafResp(access,rp.value,rp.value.getName()+" authenticated by Bearer Token",RESP.IS_AUTHENTICATED,resp,false); + } else { + return new OAuth2HttpTafResp(access,null,rp.error,RESP.FAIL,resp,true); + } + } catch (APIException | CadiException | LocatorException e) { + return new OAuth2HttpTafResp(access,null,"Bearer Token invalid",RESP.FAIL,resp,true); + } catch (NoSuchAlgorithmException e) { + return new OAuth2HttpTafResp(access,null,"Security Algorithm not available",RESP.FAIL,resp,true); + } + } + return new OAuth2HttpTafResp(access,null,"No OAuth2 ",RESP.TRY_ANOTHER_TAF,resp,true); + } - @Override - public Resp revalidate(CachedPrincipal prin,Object state) { - //TODO!!!! - return null; - } + @Override + public Resp revalidate(CachedPrincipal prin,Object state) { + //TODO!!!! + return null; + } }