X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fonap%2Fclamp%2Fauthorization%2FAuthorizationController.java;h=f4da09a2e4ceb2390623c88924ea8c8aeb4a0b96;hb=cac17e887b4df189fc9123097e1442d0b6c421b8;hp=4a35f4583cc6e95667b19366a09c28f98cb661cf;hpb=04e45990217e54aba1de2d5b89287aec118f7ad1;p=clamp.git

diff --git a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java
index 4a35f458..f4da09a2 100644
--- a/src/main/java/org/onap/clamp/authorization/AuthorizationController.java
+++ b/src/main/java/org/onap/clamp/authorization/AuthorizationController.java
@@ -27,70 +27,95 @@ package org.onap.clamp.authorization;
 
 import com.att.eelf.configuration.EELFLogger;
 import com.att.eelf.configuration.EELFManager;
-
 import java.util.Date;
-
-import javax.ws.rs.NotAuthorizedException;
-
 import org.apache.camel.Exchange;
 import org.onap.clamp.clds.config.ClampProperties;
-import org.onap.clamp.clds.service.SecureServiceBase;
-import org.onap.clamp.clds.service.SecureServicePermission;
+import org.onap.clamp.clds.exception.NotAuthorizedException;
+import org.onap.clamp.clds.model.ClampInformation;
 import org.onap.clamp.clds.util.LoggingUtils;
-import org.onap.clamp.util.PrincipalUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 
 /**
- * Create CLDS Event.
+ * Verify user has right permissions.
  */
 @Component
 public class AuthorizationController {
 
-    protected static final EELFLogger logger          = EELFManager.getInstance().getLogger(SecureServiceBase.class);
-    protected static final EELFLogger auditLogger     = EELFManager.getInstance().getMetricsLogger();
-    protected static final EELFLogger securityLogger  = EELFManager.getInstance().getSecurityLogger();
+    protected static final EELFLogger logger =
+        EELFManager.getInstance().getLogger(AuthorizationController.class);
+    protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger();
+    protected static final EELFLogger securityLogger =
+        EELFManager.getInstance().getSecurityLogger();
 
     // By default we'll set it to a default handler
     @Autowired
     private ClampProperties refProp;
 
-    private static final String PERM_PREFIX = "security.permission.type.";
+    private SecurityContext securityContext = SecurityContextHolder.getContext();
+
+    public static final String PERM_PREFIX = "security.permission.type.";
     private static final String PERM_INSTANCE = "security.permission.instance";
 
+    private static String retrieveUserName(SecurityContext securityContext) {
+        if (securityContext == null || securityContext.getAuthentication() == null) {
+            return null;
+        }
+        if ((securityContext.getAuthentication().getPrincipal()) instanceof String) {
+            // anonymous case
+            return ((String) securityContext.getAuthentication().getPrincipal());
+        } else {
+            return ((UserDetails) securityContext.getAuthentication().getPrincipal()).getUsername();
+        }
+    }
+
+    /**
+     * Get the principal name.
+     *
+     * @return The principal name
+     */
+    public static String getPrincipalName(SecurityContext securityContext) {
+        String principal = AuthorizationController.retrieveUserName(securityContext);
+        String name = "Not found";
+        if (principal != null) {
+            name = principal;
+        }
+        return name;
+    }
+
     /**
-     * Insert authorize the api based on the permission
+     * Insert authorize the api based on the permission.
      *
-     * @param camelExchange
-     *        The Camel Exchange object containing the properties
-     * @param typeVar
-     *        The type of the permissions
-     * @param instanceVar
-     *        The instance of the permissions. e.g. dev
-     * @param action
-     *        The action of the permissions. e.g. read
+     * @param camelExchange The Camel Exchange object containing the properties
+     * @param typeVar The type of the permissions
+     * @param instanceVar The instance of the permissions. e.g. dev
+     * @param action The action of the permissions. e.g. read
      */
-    public void authorize(Exchange camelExchange, String typeVar, String instanceVar, String action) {
+    public void authorize(Exchange camelExchange, String typeVar, String instanceVar,
+        String action) {
         String type = refProp.getStringValue(PERM_PREFIX + typeVar);
         String instance = refProp.getStringValue(PERM_INSTANCE);
 
         if (null == type || type.isEmpty()) {
-            //authorization is turned off, since the permission is not defined
+            // authorization is turned off, since the permission is not defined
             return;
         }
         if (null != instanceVar && !instanceVar.isEmpty()) {
             instance = instanceVar;
         }
-        String principalName = PrincipalUtils.getPrincipalName();
+        String principalName = AuthorizationController.getPrincipalName(this.securityContext);
         SecureServicePermission perm = SecureServicePermission.create(type, instance, action);
         Date startTime = new Date();
         LoggingUtils.setTargetContext("Clamp", "authorize");
         LoggingUtils.setTimeContext(startTime, new Date());
         securityLogger.debug("checking if {} has permission: {}", principalName, perm);
 
-        if (!isUserPermitted(perm)){
+        if (!isUserPermitted(perm)) {
             String msg = principalName + " does not have permission: " + perm;
             LoggingUtils.setErrorContext("100", "Authorization Error");
             securityLogger.warn(msg);
@@ -98,24 +123,31 @@ public class AuthorizationController {
         }
     }
 
+    /**
+     * Insert authorize the api based on the permission.
+     *
+     * @param inPermission Security permission in input
+     * @return True if user is permitted
+     */
     public boolean isUserPermitted(SecureServicePermission inPermission) {
 
-        String principalName = PrincipalUtils.getPrincipalName();
+        String principalName = AuthorizationController.getPrincipalName(this.securityContext);
         // check if the user has the permission key or the permission key with a
-        // combination of  all instance and/or all action.
+        // combination of all instance and/or all action.
         if (hasRole(inPermission.getKey()) || hasRole(inPermission.getKeyAllInstance())) {
             auditLogger.info("{} authorized because user has permission with * for instance: {}",
-                    principalName, inPermission.getKey());
+                principalName, inPermission.getKey().replace("|", ":"));
             return true;
             // the rest of these don't seem to be required - isUserInRole method
             // appears to take * as a wildcard
         } else if (hasRole(inPermission.getKeyAllInstanceAction())) {
-            auditLogger.info("{} authorized because user has permission with * for instance and * for action: {}",
-                    principalName, inPermission.getKey());
+            auditLogger.info(
+                "{} authorized because user has permission with * for instance and * for action: {}",
+                principalName, inPermission.getKey().replace("|", ":"));
             return true;
         } else if (hasRole(inPermission.getKeyAllAction())) {
             auditLogger.info("{} authorized because user has permission with * for action: {}",
-                    principalName, inPermission.getKey());
+                principalName, inPermission.getKey().replace("|", ":"));
             return true;
         } else {
             return false;
@@ -123,7 +155,7 @@ public class AuthorizationController {
     }
 
     protected boolean hasRole(String role) {
-        Authentication authentication = PrincipalUtils.getSecurityContext().getAuthentication();
+        Authentication authentication = securityContext.getAuthentication();
         if (authentication == null) {
             return false;
         }
@@ -135,4 +167,23 @@ public class AuthorizationController {
         return false;
     }
 
+    /**
+     * Gets clds info. CLDS IFO service will return 3 things 1. User Name 2. CLDS
+     * code version that is currently installed from pom.xml file 3. User
+     * permissions
+     *
+     * @return the clds info
+     */
+    public ClampInformation getClampInformation() {
+        ClampInformation clampInfo = new ClampInformation();
+        Authentication authentication = securityContext.getAuthentication();
+        if (authentication == null) {
+            return new ClampInformation();
+        }
+        clampInfo.setUserName(AuthorizationController.getPrincipalName(this.securityContext));
+        for (GrantedAuthority auth : authentication.getAuthorities()) {
+            clampInfo.getAllPermissions().add(auth.getAuthority());
+        }
+        return clampInfo;
+    }
 }