auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.rserv;
  23
  24 import java.io.IOException;
  25 import java.security.Principal;
  26
  27 import javax.servlet.Filter;
  28 import javax.servlet.FilterChain;
  29 import javax.servlet.FilterConfig;
  30 import javax.servlet.ServletException;
  31 import javax.servlet.ServletRequest;
  32 import javax.servlet.ServletResponse;
  33 import javax.servlet.http.HttpServletRequest;
  34 import javax.servlet.http.HttpServletResponse;
  35
  36 import org.onap.aaf.cadi.Access;
  37 import org.onap.aaf.cadi.CadiException;
  38 import org.onap.aaf.cadi.CadiWrap;
  39 import org.onap.aaf.cadi.Connector;
  40 import org.onap.aaf.cadi.Lur;
  41 import org.onap.aaf.cadi.TrustChecker;
  42 import org.onap.aaf.cadi.config.Config;
  43 import org.onap.aaf.cadi.filter.CadiHTTPManip;
  44 import org.onap.aaf.cadi.taf.TafResp;
  45 import org.onap.aaf.cadi.taf.TafResp.RESP;
  46 import org.onap.aaf.misc.env.Env;
  47 import org.onap.aaf.misc.env.TimeTaken;
  48 import org.onap.aaf.misc.env.TransStore;
  49 import org.onap.aaf.misc.env.util.Split;
  50
  51 /**
  52  * Create a new Transaction Object for each and every incoming Transaction
  53  *
  54  * Attach to Request.  User "FilterHolder" mechanism to retain single instance.
  55  *
  56  * TransFilter includes CADIFilter as part of the package, so that it can
  57  * set User Data, etc, as necessary.
  58  *
  59  * @author Jonathan
  60  *
  61  */
  62 public abstract class TransFilter<TRANS extends TransStore> implements Filter {
  63         public static final String TRANS_TAG = "__TRANS__";
  64
  65         private CadiHTTPManip cadi;
  66
  67         private final String[] no_authn;
  68
  69         public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {
  70                 cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
  71                 String no = access.getProperty(Config.CADI_NOAUTHN, null);
  72                 if(no!=null) {
  73                         no_authn = Split.split(':', no);
  74                 } else {
  75                         no_authn=null;
  76                 }
  77         }
  78
  79         @Override
  80         public void init(FilterConfig filterConfig) throws ServletException {
  81         }
  82
  83         protected Lur getLur() {
  84                 return cadi.getLur();
  85         }
  86
  87         protected abstract TRANS newTrans();
  88         protected abstract TimeTaken start(TRANS trans, ServletRequest request);
  89         protected abstract void authenticated(TRANS trans, Principal p);
  90         protected abstract void tallyHo(TRANS trans);
  91
  92         @Override
  93         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  94                 TRANS trans = newTrans();
  95
  96                 TimeTaken overall = start(trans,request);
  97                 try {
  98                         request.setAttribute(TRANS_TAG, trans);
  99
 100                         HttpServletRequest req = (HttpServletRequest)request;
 101                         HttpServletResponse res = (HttpServletResponse)response;
 102
 103                         if(no_authn!=null) {
 104                                 for(String prefix : no_authn) {
 105                                         if(req.getPathInfo().startsWith(prefix)) {
 106                                                 chain.doFilter(request, response);
 107                                                 return;
 108                                         }
 109                                 }
 110                         }
 111
 112                         TimeTaken security = trans.start("CADI Security", Env.SUB);
 113                         TafResp resp;
 114                         RESP r;
 115                         CadiWrap cw = null;
 116                         try {
 117                                 resp = cadi.validate(req,res,trans);
 118                                 switch(r=resp.isAuthenticated()) {
 119                                         case IS_AUTHENTICATED:
 120                                                 cw = new CadiWrap(req,resp,cadi.getLur());
 121                                                 authenticated(trans, cw.getUserPrincipal());
 122                                                 break;
 123                                         default:
 124                                                 break;
 125                                 }
 126                         } finally {
 127                                 security.done();
 128                         }
 129
 130                         if(r==RESP.IS_AUTHENTICATED) {
 131                                 trans.checkpoint(resp.desc());
 132                                 if(cadi.notCadi(cw, res)) {
 133                                         chain.doFilter(cw, response);
 134                                 }
 135                         } else {
 136                                 //TODO this is a good place to check if too many checks recently
 137                                 // Would need Cached Counter objects that are cleaned up on
 138                                 // use
 139                                 trans.checkpoint(resp.desc(),Env.ALWAYS);
 140                                 if(resp.isFailedAttempt())
 141                                                 trans.audit().log(resp.desc());
 142                         }
 143                 } catch(Exception e) {
 144                         trans.error().log(e);
 145                         trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
 146                         throw new ServletException(e);
 147                 } finally {
 148                         overall.done();
 149                         tallyHo(trans);
 150                 }
 151         }
 152
 153         @Override
 154         public void destroy() {
 155         };
 156 }