auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/TransFilter.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.auth.rserv;
  23
  24 import java.io.IOException;
  25 import java.security.Principal;
  26
  27 import javax.servlet.Filter;
  28 import javax.servlet.FilterChain;
  29 import javax.servlet.FilterConfig;
  30 import javax.servlet.ServletException;
  31 import javax.servlet.ServletRequest;
  32 import javax.servlet.ServletResponse;
  33 import javax.servlet.http.HttpServletRequest;
  34 import javax.servlet.http.HttpServletResponse;
  35
  36 import org.onap.aaf.cadi.Access;
  37 import org.onap.aaf.cadi.CadiException;
  38 import org.onap.aaf.cadi.CadiWrap;
  39 import org.onap.aaf.cadi.Connector;
  40 import org.onap.aaf.cadi.LocatorException;
  41 import org.onap.aaf.cadi.Lur;
  42 import org.onap.aaf.cadi.TrustChecker;
  43 import org.onap.aaf.cadi.config.Config;
  44 import org.onap.aaf.cadi.filter.CadiHTTPManip;
  45 import org.onap.aaf.cadi.taf.TafResp;
  46 import org.onap.aaf.cadi.taf.TafResp.RESP;
  47 import org.onap.aaf.misc.env.Env;
  48 import org.onap.aaf.misc.env.TimeTaken;
  49 import org.onap.aaf.misc.env.TransStore;
  50 import org.onap.aaf.misc.env.util.Split;
  51
  52 /**
  53  * Create a new Transaction Object for each and every incoming Transaction
  54  *
  55  * Attach to Request.  User "FilterHolder" mechanism to retain single instance.
  56  *
  57  * TransFilter includes CADIFilter as part of the package, so that it can
  58  * set User Data, etc, as necessary.
  59  *
  60  * @author Jonathan
  61  *
  62  */
  63 public abstract class TransFilter<TRANS extends TransStore> implements Filter {
  64         public static final String TRANS_TAG = "__TRANS__";
  65
  66         private CadiHTTPManip cadi;
  67
  68         private final String[] no_authn;
  69
  70         public TransFilter(Access access, Connector con, TrustChecker tc, Object ... additionalTafLurs) throws CadiException, LocatorException {
  71                 cadi = new CadiHTTPManip(access, con, tc, additionalTafLurs);
  72                 String no = access.getProperty(Config.CADI_NOAUTHN, null);
  73                 if(no!=null) {
  74                         no_authn = Split.split(':', no);
  75                 } else {
  76                         no_authn=null;
  77                 }
  78         }
  79
  80         @Override
  81         public void init(FilterConfig filterConfig) throws ServletException {
  82         }
  83
  84         protected Lur getLur() {
  85                 return cadi.getLur();
  86         }
  87
  88         protected abstract TRANS newTrans(HttpServletRequest request);
  89         protected abstract TimeTaken start(TRANS trans, ServletRequest request);
  90         protected abstract void authenticated(TRANS trans, Principal p);
  91         protected abstract void tallyHo(TRANS trans);
  92
  93         @Override
  94         public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
  95                 HttpServletRequest req = (HttpServletRequest)request;
  96                 HttpServletResponse res = (HttpServletResponse)response;
  97
  98                 TRANS trans = newTrans(req);
  99
 100                 TimeTaken overall = start(trans,request);
 101                 try {
 102                         request.setAttribute(TRANS_TAG, trans);
 103
 104                         if(no_authn!=null) {
 105                                 for(String prefix : no_authn) {
 106                                         if(req.getPathInfo().startsWith(prefix)) {
 107                                                 chain.doFilter(request, response);
 108                                                 return;
 109                                         }
 110                                 }
 111                         }
 112
 113                         TimeTaken security = trans.start("CADI Security", Env.SUB);
 114                         TafResp resp;
 115                         RESP r;
 116                         CadiWrap cw = null;
 117                         try {
 118                                 resp = cadi.validate(req,res,trans);
 119                                 switch(r=resp.isAuthenticated()) {
 120                                         case IS_AUTHENTICATED:
 121                                                 cw = new CadiWrap(req,resp,cadi.getLur());
 122                                                 authenticated(trans, cw.getUserPrincipal());
 123                                                 break;
 124                                         default:
 125                                                 break;
 126                                 }
 127                         } finally {
 128                                 security.done();
 129                         }
 130
 131                         if(r==RESP.IS_AUTHENTICATED) {
 132                                 trans.checkpoint(resp.desc());
 133                                 if(cadi.notCadi(cw, res)) {
 134                                         chain.doFilter(cw, response);
 135                                 }
 136                         } else {
 137                                 //TODO this is a good place to check if too many checks recently
 138                                 // Would need Cached Counter objects that are cleaned up on
 139                                 // use
 140                                 trans.checkpoint(resp.desc(),Env.ALWAYS);
 141                                 if(resp.isFailedAttempt())
 142                                                 trans.audit().log(resp.desc());
 143                         }
 144                 } catch(Exception e) {
 145                         trans.error().log(e);
 146                         trans.checkpoint("Error: " + e.getClass().getSimpleName() + ": " + e.getMessage());
 147                         throw new ServletException(e);
 148                 } finally {
 149                         overall.done();
 150                         tallyHo(trans);
 151                 }
 152         }
 153
 154         @Override
 155         public void destroy() {
 156         };
 157 }