Pass roles to HttpEntry

- Pass roles to HttpEntry so that OwnerCheck can verify owning-entity

Issue-ID: AAI-3177
Signed-off-by: Neil Derraugh <neil.derraugh@yoppworks.com>
Change-Id: Ie1536c625be3637fc62658d74690bddcde0a4cba

diff --git a/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java b/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java
index 8939d04..4f7049d 100644 (file)
--- a/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java
+++ b/aai-resources/src/main/java/org/onap/aai/rest/LegacyMoxyConsumer.java
@@ -20,7 +20,10 @@
 package org.onap.aai.rest;
 
 import io.swagger.jaxrs.PATCH;
+import java.security.Principal;
 import org.javatuples.Pair;
+import org.keycloak.adapters.springsecurity.account.SimpleKeycloakAccount;
+import org.keycloak.adapters.springsecurity.token.KeycloakAuthenticationToken;
 import org.onap.aai.concurrent.AaiCallable;
 import org.onap.aai.config.SpringContextAware;
 import org.onap.aai.exceptions.AAIException;
@@ -72,8 +75,9 @@ public class LegacyMoxyConsumer extends RESTAPI {
        @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
        @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
        public Response update (String content, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) {
-               MediaType mediaType = headers.getMediaType();
-               return this.handleWrites(mediaType, HttpMethod.PUT, content, versionParam, uri, headers, info);
+      Set<String> roles = getRoles(req.getUserPrincipal());
+      MediaType mediaType = headers.getMediaType();
+               return this.handleWrites(mediaType, HttpMethod.PUT, content, versionParam, uri, headers, info, roles);
        }
 
        /**
@@ -162,9 +166,9 @@ public class LegacyMoxyConsumer extends RESTAPI {
        @Consumes({ "application/merge-patch+json" })
        @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
        public Response patch (String content, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) {
-
+      Set<String> roles = getRoles(req.getUserPrincipal());
                MediaType mediaType = MediaType.APPLICATION_JSON_TYPE;
-               return this.handleWrites(mediaType, HttpMethod.MERGE_PATCH, content, versionParam, uri, headers, info);
+               return this.handleWrites(mediaType, HttpMethod.MERGE_PATCH, content, versionParam, uri, headers, info, roles);
 
        }
 
@@ -186,7 +190,9 @@ public class LegacyMoxyConsumer extends RESTAPI {
        @Consumes({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
        @Produces({ MediaType.APPLICATION_JSON, MediaType.APPLICATION_XML })
        public Response getLegacy (String content, @DefaultValue("-1") @QueryParam("resultIndex") String resultIndex, @DefaultValue("-1") @QueryParam("resultSize") String resultSize, @PathParam("version")String versionParam, @PathParam("uri") @Encoded String uri, @DefaultValue("all") @QueryParam("depth") String depthParam, @DefaultValue("false") @QueryParam("cleanup") String cleanUp, @Context HttpHeaders headers, @Context UriInfo info, @Context HttpServletRequest req) {
-               return runner(AAIConstants.AAI_CRUD_TIMEOUT_ENABLED,
+      Set<String> roles = getRoles(req.getUserPrincipal());
+
+      return runner(AAIConstants.AAI_CRUD_TIMEOUT_ENABLED,
                                AAIConstants.AAI_CRUD_TIMEOUT_APP,
                                AAIConstants.AAI_CRUD_TIMEOUT_LIMIT,
                                headers,
@@ -195,13 +201,13 @@ public class LegacyMoxyConsumer extends RESTAPI {
                                new AaiCallable<Response>() {
                                        @Override
                                        public Response process() {
-                                               return getLegacy(content, versionParam, uri, depthParam, cleanUp, headers, info, req, new HashSet<String>(), resultIndex, resultSize);
+                                               return getLegacy(content, versionParam, uri, depthParam, cleanUp, headers, info, req, new HashSet<String>(), resultIndex, resultSize, roles);
                                        }
                                }
                );
        }
 
-       /**
+    /**
         * This method exists as a workaround for filtering out undesired query params while routing between REST consumers
         *
         * @param content
@@ -215,7 +221,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
         * @param removeQueryParams
         * @return
         */
-       public Response getLegacy(String content, String versionParam, String uri, String depthParam, String cleanUp,  HttpHeaders headers, UriInfo info, HttpServletRequest req, Set<String> removeQueryParams, String resultIndex, String resultSize) {
+       public Response getLegacy(String content, String versionParam, String uri, String depthParam, String cleanUp,  HttpHeaders headers, UriInfo info, HttpServletRequest req, Set<String> removeQueryParams, String resultIndex, String resultSize, Set<String> roles) {
                String sourceOfTruth = headers.getRequestHeaders().getFirst("X-FromAppId");
                String transId = headers.getRequestHeaders().getFirst("X-TransactionId");
                Response response;
@@ -256,7 +262,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
                                traversalUriHttpEntry.setPaginationIndex(Integer.parseInt(resultIndex));
                                traversalUriHttpEntry.setPaginationBucket(Integer.parseInt(resultSize));
                        }
-                       Pair<Boolean, List<Pair<URI, Response>>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth);
+                       Pair<Boolean, List<Pair<URI, Response>>> responsesTuple = traversalUriHttpEntry.process(requests, sourceOfTruth, roles);
 
                        response = responsesTuple.getValue1().get(0).getValue1();
 
@@ -577,7 +583,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
         * @param info the info
         * @return the response
         */
-       private Response handleWrites(MediaType mediaType, HttpMethod method, String content, String versionParam, String uri, HttpHeaders headers, UriInfo info) {
+       private Response handleWrites(MediaType mediaType, HttpMethod method, String content, String versionParam, String uri, HttpHeaders headers, UriInfo info, Set<String> roles) {
 
                Response response;
                TransactionalGraphEngine dbEngine = null;
@@ -623,7 +629,7 @@ public class LegacyMoxyConsumer extends RESTAPI {
                                                        .rawRequestContent(content).build();
                        List<DBRequest> requests = new ArrayList<>();
                        requests.add(request);
-                       Pair<Boolean, List<Pair<URI, Response>>> responsesTuple  = traversalUriHttpEntry.process(requests,  sourceOfTruth);
+                       Pair<Boolean, List<Pair<URI, Response>>> responsesTuple  = traversalUriHttpEntry.process(requests, sourceOfTruth, roles);
 
                        response = responsesTuple.getValue1().get(0).getValue1();
                        success = responsesTuple.getValue0();
@@ -660,4 +666,17 @@ public class LegacyMoxyConsumer extends RESTAPI {
        protected boolean isEmptyObject(Introspector obj) {
                return "{}".equals(obj.marshal(false));
        }
+
+    private Set<String> getRoles(Principal userPrincipal) {
+        KeycloakAuthenticationToken token = (KeycloakAuthenticationToken) userPrincipal;
+        if (token == null) {
+            return Collections.EMPTY_SET;
+        }
+        SimpleKeycloakAccount account = (SimpleKeycloakAccount) token.getDetails();
+        if (account == null) {
+            return Collections.EMPTY_SET;
+        }
+        return account.getRoles();
+    }
 }
+

diff --git a/aai-resources/src/main/resources/etc/appprops/error.properties b/aai-resources/src/main/resources/etc/appprops/error.properties
index 6e5630c..86d5337 100644 (file)
--- a/aai-resources/src/main/resources/etc/appprops/error.properties
+++ b/aai-resources/src/main/resources/etc/appprops/error.properties
@@ -47,6 +47,7 @@ AAI_3300=5:1:WARN:3300:403:3300:Unauthorized:100
 AAI_3301=5:1:WARN:3301:401:3301:Stale credentials:100
 AAI_3302=5:1:WARN:3302:401:3301:Not authenticated:100
 AAI_3303=5:1:WARN:3303:403:3300:Too many objects would be returned by this request, please refine your request and retry:500
+AAI_3304=5:1:WARN:3304:403:3300:Group not authorized:400
 
 #--- aaigen: 4000-4099
 AAI_4000=5:4:ERROR:4000:500:3002:Internal Error:900

diff --git a/pom.xml b/pom.xml
index 76cc4c2..6f4a0be 100644 (file)
--- a/pom.xml
+++ b/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.onap.aai.aai-common</groupId>
         <artifactId>aai-parent</artifactId>
-        <version>1.7.0</version>
+        <version>1.7.1</version>
     </parent>
     <groupId>org.onap.aai.resources</groupId>
     <artifactId>resources</artifactId>
@@ -48,7 +48,7 @@
         <staging.path>/content/repositories/staging/</staging.path>
         <!-- GMaven plugin uses this property to figure out the name of the docker tag -->
         <aai.project.version>${project.version}</aai.project.version>
-        <aai.common.version>1.7.0</aai.common.version>
+        <aai.common.version>1.7.1</aai.common.version>
         <aai.schema.service.version>1.7.9</aai.schema.service.version>
     </properties>
     <build>