Change-Id: Iae3139b33e315fae0c205fd7e0df67554d91cd5b
Issue-ID: AAI-1126
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
- /**
- * @param username
- * @param policyFunction
- * @return
- * @throws AAIAuthException
- */
- public boolean authorize(String username, String policyFunction) throws AAIAuthException {
- return AAIMicroServiceAuthCore.authorize(username, policyFunction);
- }
-
- /**
- * @param authUser
- * @param policyFunction
- * @return
- * @throws AAIAuthException
- */
- public String authenticate(String authUser, String policyFunction) throws AAIAuthException {
- if (authorize(authUser, policyFunction)) {
- return "OK";
- } else {
- return "AAI_9101";
- }
- }
-
/**
* @param headers
* @param req
/**
* @param headers
* @param req
}
String[] ps = apiPath.split("/");
}
String[] ps = apiPath.split("/");
- String authPolicyFunctionName = ps[0];
- if (ps.length > 1 && authPolicyFunctionName.matches("v\\d+")) {
- authPolicyFunctionName = ps[1];
- }
-
+ String authPolicyFunctionName = ps[ps.length - 1];
String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");
String authUser = null;
String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");
String authUser = null;
}
if (authUser != null) {
}
if (authUser != null) {
- return "OK".equals(authenticate(authUser.toLowerCase(), action.toString() + ":" + authPolicyFunctionName));
+ return AAIMicroServiceAuthCore.authorize(authUser.toLowerCase(),
+ action.toString() + ":" + authPolicyFunctionName);
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
import org.onap.aai.babel.service.data.BabelRequest;
import org.onap.aai.babel.util.RequestValidationException;
import org.onap.aai.babel.util.RequestValidator;
import org.onap.aai.babel.service.data.BabelRequest;
import org.onap.aai.babel.util.RequestValidationException;
import org.onap.aai.babel.util.RequestValidator;
+import org.springframework.stereotype.Service;
/** Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version */
/** Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version */
public class GenerateArtifactsServiceImpl implements GenerateArtifactsService {
private static final LogHelper applicationLogger = LogHelper.INSTANCE;
public class GenerateArtifactsServiceImpl implements GenerateArtifactsService {
private static final LogHelper applicationLogger = LogHelper.INSTANCE;
+ // Get last URI path segment to use for authentication
+ List<PathSegment> pathSegments = uriInfo.getPathSegments();
+ String lastPathSegment = pathSegments.isEmpty() ? "" : pathSegments.get(pathSegments.size() - 1).getPath();
+
boolean authorized = aaiMicroServiceAuth.validateRequest(headers, servletRequest,
boolean authorized = aaiMicroServiceAuth.validateRequest(headers, servletRequest,
- AAIMicroServiceAuthCore.HTTP_METHODS.POST, uriInfo.getPath(false));
+ AAIMicroServiceAuthCore.HTTP_METHODS.POST, lastPathSegment);
response = authorized ? generateArtifacts(requestBody)
: buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation.");
response = authorized ? generateArtifacts(requestBody)
: buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation.");
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
+import org.springframework.stereotype.Service;
/**
* Information service for the micro-service. Return status details to the caller.
/**
* Information service for the micro-service. Return status details to the caller.
* @exclude
*/
@Path("/core/core-service")
* @exclude
*/
@Path("/core/core-service")
public class InfoService {
private Clock clock = Clock.systemDefaultZone();
public class InfoService {
private Clock clock = Clock.systemDefaultZone();
<?xml version="1.0" encoding="UTF-8"?>
<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
+<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd">
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd">
<!-- PROPERTY AND CONFIGURATION FILES -->
<!-- ////////////////////////////////////////////////////////////////// -->
<!-- PROPERTY AND CONFIGURATION FILES -->
<!-- ////////////////////////////////////////////////////////////////// -->
- <context:property-placeholder location="file:${CONFIG_HOME}/babel-auth.properties" ignore-unresolvable="true" />
+ <context:property-placeholder
+ location="file:${CONFIG_HOME}/babel-auth.properties"
+ ignore-unresolvable="true" />
<!-- ////////////////////////////////////////////////////////////////// -->
<!-- CONFIG BEANS -->
<!-- ////////////////////////////////////////////////////////////////// -->
<!-- CONFIG BEANS -->
<!-- IMPLEMENTATION BEANS -->
<!-- ////////////////////////////////////////////////////////////////// -->
<!-- IMPLEMENTATION BEANS -->
<!-- ////////////////////////////////////////////////////////////////// -->
- <bean id="aaiMicroServiceAuth" class="org.onap.aai.auth.AAIMicroServiceAuth" >
+ <bean id="aaiMicroServiceAuth" class="org.onap.aai.auth.AAIMicroServiceAuth">
<constructor-arg ref="babelAuthConfig" />
</bean>
<constructor-arg ref="babelAuthConfig" />
</bean>
-
- <bean id="generateArtifacts" class="org.onap.aai.babel.service.GenerateArtifactsServiceImpl" >
- <constructor-arg ref="aaiMicroServiceAuth" />
- </bean>
-
*/
package org.onap.aai.babel;
*/
package org.onap.aai.babel;
-import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
@Test
public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException {
JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
@Test
public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException {
JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
- AAIMicroServiceAuth auth = createAuthService(roles);
- assertThat(auth.authorize("nosuchuser", "method:func"), is(false));
- assertThat(auth.authorize("user", "method:func"), is(true));
+ createAuthService(roles);
+ assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false));
+ assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true));
@Test
public void testAuthUser() throws AAIAuthException {
@Test
public void testAuthUser() throws AAIAuthException {
- AAIMicroServiceAuth auth = createStandardAuth();
- assertThat(auth.authenticate(VALID_ADMIN_USER, "GET:actions"), is(equalTo("OK")));
- assertThat(auth.authenticate(VALID_ADMIN_USER, "WRONG:action"), is(equalTo("AAI_9101")));
+ createStandardAuth();
+ assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false));
* @throws AAIAuthException
*/
private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException {
* @throws AAIAuthException
*/
private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException {
- assertThat(auth.authorize(adminUser, "GET:actions"), is(true));
- assertThat(auth.authorize(adminUser, "POST:actions"), is(true));
- assertThat(auth.authorize(adminUser, "PUT:actions"), is(true));
- assertThat(auth.authorize(adminUser, "DELETE:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true));
}
private JSONArray createFunctionObject(String functionName) throws JSONException {
}
private JSONArray createFunctionObject(String functionName) throws JSONException {