X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fauthz%2Fimpl%2FProvAuthorizer.java;h=48e31bfeb83a78998f252f26c13f81c60799d2fa;hb=bda6aeaa60607ab4fe5af508156019d7bd5c0ce4;hp=595b626cdb48ddbf8cd70d0475dd4812fdaca9d5;hpb=06271b9df78dadfdab95dc2f6f853cdaa3148d9d;p=dmaap%2Fdatarouter.git
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
index 595b626c..48e31bfe 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
@@ -26,7 +26,7 @@ package org.onap.dmaap.datarouter.authz.impl;
import com.att.eelf.configuration.EELFLogger;
import com.att.eelf.configuration.EELFManager;
import java.util.Map;
-import javax.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequest;
import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
import org.onap.dmaap.datarouter.authz.Authorizer;
import org.onap.dmaap.datarouter.authz.impl.AuthzResource.ResourceType;
@@ -42,7 +42,8 @@ public class ProvAuthorizer implements Authorizer {
private ProvDataProvider provData;
private static final String SUBJECT_HEADER = "X-DMAAP-DR-ON-BEHALF-OF"; // HTTP header carrying requester identity
- private static final String SUBJECT_HEADER_GROUP = "X-DMAAP-DR-ON-BEHALF-OF-GROUP"; // HTTP header carrying requester identity by group Rally : US708115
+ // HTTP header carrying requester identity by group Rally : US708115
+ private static final String SUBJECT_HEADER_GROUP = "X-DMAAP-DR-ON-BEHALF-OF-GROUP";
/** Constructor. For the moment, do nothing special. Make it a singleton?
*
@@ -66,11 +67,11 @@ public class ProvAuthorizer implements Authorizer {
}
/**
- * Determine if the API request carried in the request
parameter, with additional attributes provided in
+ * Determine if the API request carried in the request
parameter,with additional attributes provided in
* the additionalAttrs
parameter, is permitted. additionalAttrs
isn't used in R1.
*
* @param request the HTTP request for which an authorization decision is needed
- * @param additionalAttrs additional attributes that the Authorizer
can in making an authorization decision
+ * @param additionalAttrs additional attributes that the Authorizer
can in making a decision
* @return an object implementing the AuthorizationResponse
interface. This object includes the
* permit/deny decision for the request and (after R1) supplemental information related to the response in the form
* of advice and obligations.
@@ -128,7 +129,8 @@ public class ProvAuthorizer implements Authorizer {
private boolean allowFeedAccess(AuthzResource resource, String method, String subject, String subjectgroup) {
boolean decision = false;
// Allow GET, PUT, or DELETE if requester (subject) is the owner (publisher) of the feed
- if ( method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) || "DELETE".equalsIgnoreCase(method))) {
+ if ( method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method)
+ || "DELETE".equalsIgnoreCase(method))) {
String owner = provData.getFeedOwner(resource.getId());
decision = (owner != null) && owner.equals(subject);
@@ -145,7 +147,8 @@ public class ProvAuthorizer implements Authorizer {
boolean decision = false;
// Allow GET, PUT, or DELETE if requester (subject) is the owner of the subscription (subscriber)
- if (method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) || "DELETE".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method))) {
+ if (method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method)
+ || "DELETE".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method))) {
String owner = provData.getSubscriptionOwner(resource.getId());
decision = (owner != null) && owner.equals(subject);