import javax.servlet.http.HttpServletResponse;
import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.portalsdk.core.onboarding.util.AuthUtil;
import org.onap.portalsdk.core.onboarding.util.PortalApiConstants;
import org.onap.portalsdk.core.onboarding.util.PortalApiProperties;
public class CadiAuthFilter extends CadiFilter {
- private static String inlclude_url_endpoints ="";
+ private static String include_url_endpoints ="";
+ private static String exclude_url_endpoints = "";
public static final String AUTHORIZATION = "Authorization";
public void init(FilterConfig filterConfig) throws ServletException {
super.init(filterConfig);
- inlclude_url_endpoints = filterConfig.getInitParameter("inlclude_url_endpoints");
+ include_url_endpoints = filterConfig.getInitParameter("include_url_endpoints");
+ exclude_url_endpoints = filterConfig.getInitParameter("exclude_url_endpoints");
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
- if (inlclude_url_endpoints.equals("") || inlclude_url_endpoints == null || inlclude_url_endpoints.isEmpty()) {
+ if (include_url_endpoints.equals("") || include_url_endpoints == null || include_url_endpoints.isEmpty()) {
throw new NullPointerException("inlclude_url_endpoints is null");
} else {
- String includeUrlEndPointString = inlclude_url_endpoints;
+ String includeUrlEndPointString = include_url_endpoints;
+ if (exclude_url_endpoints.equals("") || exclude_url_endpoints == null || exclude_url_endpoints.isEmpty()) {
+ throw new NullPointerException("exculde_url_endpoints is null");
+ }
+ String excludeUrlEndPointString = exclude_url_endpoints;
+ ArrayList<String> excludeUrlEndPointList = new ArrayList<String>(
+ Arrays.asList(excludeUrlEndPointString.split(",")));
ArrayList<String> includeUrlEndPointList = new ArrayList<String>(
Arrays.asList(includeUrlEndPointString.split(",")));
- if (includeFilter(request, includeUrlEndPointList)) {
+ if (excludeFilter(request, excludeUrlEndPointList))
+ chain.doFilter(request, response);
+ else if (includeFilter(request, includeUrlEndPointList))
super.doFilter(request, response, chain);
- } else
+ else
chain.doFilter(request, response);
}
}
+
+ private String getUrl(ServletRequest request) {
+ String path = "";
+ HttpServletRequest httpRequest = (HttpServletRequest) request;
+ path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1);
+ return path;
+ }
+
+ private boolean excludeFilter(ServletRequest request, ArrayList<String> excludeUrlEndPointList) {
+ boolean isUrlExcluded = false;
+ String Path = getUrl(request);
+
+ for (String str : excludeUrlEndPointList) {
+ if (!isUrlExcluded)
+ isUrlExcluded = AuthUtil.matchPattern(Path, str.substring(1));
+ }
+ return isUrlExcluded;
+ }
+
private boolean includeFilter(ServletRequest request, ArrayList<String> includeapisList) {
boolean isauthenticated = false;
HttpServletRequest httpRequest = (HttpServletRequest) request;
return isauthenticated;
// TODO: refactor to have exclusion pattern
String path = httpRequest.getRequestURI().substring(httpRequest.getContextPath().length() + 1);
- if (path.contains("analytics")) {
- return isauthenticated;
- }
-
for (String str : includeapisList) {
if (!isauthenticated)
isauthenticated = matchPattern(path, str);
Code Review / portal / sdk.git / commitdiff