2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.rserv;
24 import java.io.IOException;
25 import java.security.Principal;
27 import javax.servlet.Filter;
28 import javax.servlet.FilterChain;
29 import javax.servlet.FilterConfig;
30 import javax.servlet.ServletException;
31 import javax.servlet.ServletRequest;
32 import javax.servlet.ServletResponse;
33 import javax.servlet.http.HttpServletRequest;
34 import javax.servlet.http.HttpServletResponse;
36 import org.onap.aaf.cadi.Access;
37 import org.onap.aaf.cadi.CadiException;
38 import org.onap.aaf.cadi.CadiWrap;
39 import org.onap.aaf.cadi.Connector;
40 import org.onap.aaf.cadi.Lur;
41 import org.onap.aaf.cadi.TrustChecker;
42 import org.onap.aaf.cadi.config.Config;
43 import org.onap.aaf.cadi.filter.CadiHTTPManip;
44 import org.onap.aaf.cadi.taf.TafResp;
45 import org.onap.aaf.cadi.taf.TafResp.RESP;
46 import org.onap.aaf.misc.env.Env;
47 import org.onap.aaf.misc.env.TimeTaken;
48 import org.onap.aaf.misc.env.TransStore;
49 import org.onap.aaf.misc.env.util.Split;
52 * Create a new Transaction Object for each and every incoming Transaction
54 * Attach to Request. User "FilterHolder" mechanism to retain single instance.
56 * TransFilter includes CADIFilter as part of the package, so that it can
57 * set User Data, etc, as necessary.
62 public abstract class TransFilter<TRANS extends TransStore> implements Filter {
63 public static final String TRANS_TAG = "__TRANS__";
65 private CadiHTTPManip cadi;
67 private final String[] no_authn;
69 public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException {
70 cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
71 String no = access.getProperty(Config.CADI_NOAUTHN, null);
73 no_authn = Split.split(':', no);
80 public void init(FilterConfig filterConfig) throws ServletException {
83 protected Lur getLur() {
87 protected abstract TRANS newTrans();
88 protected abstract TimeTaken start(TRANS trans, ServletRequest request);
89 protected abstract void authenticated(TRANS trans, Principal p);
90 protected abstract void tallyHo(TRANS trans);
93 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
94 TRANS trans = newTrans();
96 TimeTaken overall = start(trans,request);
98 request.setAttribute(TRANS_TAG, trans);
100 HttpServletRequest req = (HttpServletRequest)request;
101 HttpServletResponse res = (HttpServletResponse)response;
104 for(String prefix : no_authn) {
105 if(req.getPathInfo().startsWith(prefix)) {
106 chain.doFilter(request, response);
112 TimeTaken security = trans.start("CADI Security", Env.SUB);
117 resp = cadi.validate(req,res,trans);
118 switch(r=resp.isAuthenticated()) {
119 case IS_AUTHENTICATED:
120 cw = new CadiWrap(req,resp,cadi.getLur());
121 authenticated(trans, cw.getUserPrincipal());
130 if(r==RESP.IS_AUTHENTICATED) {
131 trans.checkpoint(resp.desc());
132 if(cadi.notCadi(cw, res)) {
133 chain.doFilter(cw, response);
136 //TODO this is a good place to check if too many checks recently
137 // Would need Cached Counter objects that are cleaned up on
139 trans.checkpoint(resp.desc(),Env.ALWAYS);
140 if(resp.isFailedAttempt())
141 trans.audit().log(resp.desc());
143 } catch(Exception e) {
144 trans.error().log(e);
145 trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
146 throw new ServletException(e);
154 public void destroy() {