Enable Authorization AAF Filter programmatically

The intent is to reduce configuration options and
automatically set up the authorization filter
(that will complement the authentication filter
that the policy-endpoints common framework automatically
provides).

Previously to enable the AAF authorization filter,
it will need the configuration had to kept track of
AAF flag, and the "filterClasses" property configuration,
make a bit more difficult to keep them sync, and easily
turn on/off AAF.

Change-Id: I3d59de6fa83986c5dcb6b3d38077278b8e75689a
Issue-ID: POLICY-1216
Signed-off-by: Jorge Hernandez <jorge.hernandez-herrero@att.com>

diff --git a/feature-healthcheck/src/main/feature/config/feature-healthcheck.properties b/feature-healthcheck/src/main/feature/config/feature-healthcheck.properties
index e44543a..eaecaa6 100644 (file)
--- a/feature-healthcheck/src/main/feature/config/feature-healthcheck.properties
+++ b/feature-healthcheck/src/main/feature/config/feature-healthcheck.properties
@@ -27,8 +27,7 @@ http.server.services.HEALTHCHECK.swagger=true
 http.server.services.HEALTHCHECK.userName=${{HEALTHCHECK_USER}}
 http.server.services.HEALTHCHECK.password=${{HEALTHCHECK_PASSWORD}}
 http.server.services.HEALTHCHECK.https=true
-http.server.services.HEALTHCHECK.aaf=false
-http.server.services.HEALTHCHECK.filterClasses=
+http.server.services.HEALTHCHECK.aaf=${{AAF}}
 
 http.client.services=PAP,PDP
 

diff --git a/feature-healthcheck/src/main/java/org/onap/policy/drools/healthcheck/HealthCheck.java b/feature-healthcheck/src/main/java/org/onap/policy/drools/healthcheck/HealthCheck.java
index 36444f8..6b5dcfb 100644 (file)
--- a/feature-healthcheck/src/main/java/org/onap/policy/drools/healthcheck/HealthCheck.java
+++ b/feature-healthcheck/src/main/java/org/onap/policy/drools/healthcheck/HealthCheck.java
@@ -256,6 +256,9 @@ class HealthCheckMonitor implements HealthCheck {
             this.clients = getClientFactory().build(healthCheckProperties);
 
             for (HttpServletServer server : servers) {
+                if (server.isAaf()) {
+                    server.addFilterClass(null, AafHealthCheckFilter.class.getCanonicalName());
+                }
                 startServer(server);
             }
         } catch (Exception e) {

diff --git a/policy-management/src/main/java/org/onap/policy/drools/system/PolicyEngine.java b/policy-management/src/main/java/org/onap/policy/drools/system/PolicyEngine.java
index b181ff5..e08b370 100644 (file)
--- a/policy-management/src/main/java/org/onap/policy/drools/system/PolicyEngine.java
+++ b/policy-management/src/main/java/org/onap/policy/drools/system/PolicyEngine.java
@@ -51,6 +51,7 @@ import org.onap.policy.drools.protocol.coders.EventProtocolCoder;
 import org.onap.policy.drools.protocol.configuration.ControllerConfiguration;
 import org.onap.policy.drools.protocol.configuration.PdpdConfiguration;
 import org.onap.policy.drools.server.restful.RestManager;
+import org.onap.policy.drools.server.restful.aaf.AafTelemetryAuthFilter;
 import org.onap.policy.drools.utils.logging.LoggerUtil;
 import org.onap.policy.drools.utils.logging.MDCTransaction;
 import org.slf4j.Logger;
@@ -336,12 +337,14 @@ public interface PolicyEngine extends Startable, Lockable, TopicListener {
  * Policy Engine Manager Implementation.
  */
 class PolicyEngineManager implements PolicyEngine {
-    private static final String INVALID_TOPIC_MSG = "Invalid Topic";
 
+    /**
+     * String literals.
+     */
+    private static final String INVALID_TOPIC_MSG = "Invalid Topic";
     private static final String INVALID_EVENT_MSG = "Invalid Event";
 
     private static final String ENGINE_STOPPED_MSG = "Policy Engine is stopped";
-
     private static final String ENGINE_LOCKED_MSG = "Policy Engine is locked";
 
     /**
@@ -509,6 +512,11 @@ class PolicyEngineManager implements PolicyEngine {
 
         try {
             this.httpServers = getServletFactory().build(properties);
+            for (HttpServletServer server : this.httpServers) {
+                if (server.isAaf()) {
+                    server.addFilterClass(null, AafTelemetryAuthFilter.class.getCanonicalName());
+                }
+            }
         } catch (final IllegalArgumentException e) {
             logger.error("{}: add-http-servers failed", this, e);
         }

diff --git a/policy-management/src/main/server/config/policy-engine.properties b/policy-management/src/main/server/config/policy-engine.properties
index 8e51752..81b7db7 100644 (file)
--- a/policy-management/src/main/server/config/policy-engine.properties
+++ b/policy-management/src/main/server/config/policy-engine.properties
@@ -49,6 +49,7 @@ http.server.services.SECURED-CONFIG.restPackages=org.onap.policy.drools.server.r
 http.server.services.SECURED-CONFIG.managed=false
 http.server.services.SECURED-CONFIG.swagger=true
 http.server.services.SECURED-CONFIG.https=true
+http.server.services.SECURED-CONFIG.aaf=${{AAF}}
 
 aaf.namespace=${{AAF_NAMESPACE}}
 aaf.root.permission=${{AAF_NAMESPACE}}.pdpd

diff --git a/pom.xml b/pom.xml
index cd4be6b..576e0a7 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -70,7 +70,7 @@
         <hibernate.commons.annotations.version>5.0.1.Final</hibernate.commons.annotations.version>
         <commons.io.version>2.5</commons.io.version>
         <xml.apis.version>1.4.01</xml.apis.version>
-        <policy.common.version>1.3.1</policy.common.version>
+        <policy.common.version>1.3.1-SNAPSHOT</policy.common.version>
     </properties>
 
     <modules>