2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.locate.api;
24 import java.io.IOException;
25 import java.net.ConnectException;
27 import java.security.Principal;
29 import javax.servlet.ServletOutputStream;
30 import javax.servlet.http.HttpServletRequest;
31 import javax.servlet.http.HttpServletResponse;
33 import org.eclipse.jetty.http.HttpStatus;
34 import org.onap.aaf.auth.cache.Cache.Dated;
35 import org.onap.aaf.auth.env.AuthzTrans;
36 import org.onap.aaf.auth.layer.Result;
37 import org.onap.aaf.auth.locate.AAF_Locate;
38 import org.onap.aaf.auth.locate.BasicAuthCode;
39 import org.onap.aaf.auth.locate.LocateCode;
40 import org.onap.aaf.auth.locate.facade.LocateFacade;
41 import org.onap.aaf.auth.locate.mapper.Mapper.API;
42 import org.onap.aaf.auth.rserv.HttpMethods;
43 import org.onap.aaf.cadi.CadiException;
44 import org.onap.aaf.cadi.Locator;
45 import org.onap.aaf.cadi.Locator.Item;
46 import org.onap.aaf.cadi.LocatorException;
47 import org.onap.aaf.cadi.aaf.AAFPermission;
48 import org.onap.aaf.cadi.client.Future;
49 import org.onap.aaf.cadi.client.Rcli;
50 import org.onap.aaf.cadi.client.Retryable;
51 import org.onap.aaf.misc.env.APIException;
52 import org.onap.aaf.misc.env.Env;
53 import org.onap.aaf.misc.env.TimeTaken;
55 public class API_AAFAccess {
56 // private static String service, version, envContext;
58 private static final String GET_PERMS_BY_USER = "Get Perms by User";
59 private static final String USER_HAS_PERM ="User Has Perm";
60 // private static final String USER_IN_ROLE ="User Has Role";
63 * Normal Init level APIs
69 public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
72 gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) {
74 public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
75 TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
77 final String accept = req.getHeader("ACCEPT");
78 final String user = pathParam(req,":user");
79 if(!user.contains("@")) {
80 context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
83 final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
84 TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
87 d = gwAPI.cacheUser.get(key);
92 if(d==null || d.data.isEmpty()) {
93 tt2 = trans.start("AAF Service Call",Env.REMOTE);
95 gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
97 public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
98 Future<String> fp = client.read("/authz/perms/user/"+user,accept);
100 gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
101 resp.setStatus(HttpStatus.OK_200);
102 ServletOutputStream sos;
104 sos = resp.getOutputStream();
106 } catch (IOException e) {
107 throw new CadiException(e);
110 gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
111 context.error(trans,resp,fp.code(),fp.body());
120 User u = (User)d.data.get(0);
121 resp.setStatus(u.code);
122 ServletOutputStream sos = resp.getOutputStream();
132 gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new BasicAuthCode(gwAPI.aafAuthn,facade)
133 ,"text/plain","*/*","*");
136 * Query User Has Perm
138 gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new LocateCode(facade,USER_HAS_PERM, true) {
140 public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
142 resp.getOutputStream().print(
143 gwAPI.aafLurPerm.fish(new Principal() {
144 public String getName() {
145 return pathParam(req,":user");
147 }, new AAFPermission(
148 pathParam(req,":type"),
149 pathParam(req,":instance"),
150 pathParam(req,":action"))));
151 resp.setStatus(HttpStatus.OK_200);
152 } catch(Exception e) {
153 context.error(trans, resp, Result.ERR_General, e.getMessage());
158 gwAPI.route(HttpMethods.GET,"/gui/:path*",API.VOID,new LocateCode(facade,"Short Access PROD GUI for AAF", true) {
160 public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
162 redirect(trans, req, resp, context,
163 gwAPI.getGUILocator(),
164 "gui/"+pathParam(req,":path"));
165 } catch (LocatorException e) {
166 context.error(trans, resp, Result.ERR_BadData, e.getMessage());
167 } catch (Exception e) {
168 context.error(trans, resp, Result.ERR_General, e.getMessage());
173 gwAPI.route(HttpMethods.GET,"/aaf/:version/:path*",API.VOID,new LocateCode(facade,"Access PROD GUI for AAF", true) {
175 public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
177 redirect(trans, req, resp, context,
178 gwAPI.getGUILocator(),
179 pathParam(req,":path"));
180 } catch (LocatorException e) {
181 context.error(trans, resp, Result.ERR_BadData, e.getMessage());
182 } catch (Exception e) {
183 context.error(trans, resp, Result.ERR_General, e.getMessage());
189 public static void initDefault(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
194 gwAPI.route(HttpMethods.GET,"/login",API.VOID,new LocateCode(facade,"Access Login GUI for AAF", true) {
196 public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
198 redirect(trans, req, resp, context,
199 gwAPI.getGUILocator(),
201 } catch (LocatorException e) {
202 context.error(trans, resp, Result.ERR_BadData, e.getMessage());
203 } catch (Exception e) {
204 context.error(trans, resp, Result.ERR_General, e.getMessage());
213 gwAPI.route(HttpMethods.GET,"/",API.VOID,new LocateCode(facade,"Access GUI for AAF", true) {
215 public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
217 redirect(trans, req, resp, context,
218 gwAPI.getGUILocator(),
220 } catch (Exception e) {
221 context.error(trans, resp, Result.ERR_General, e.getMessage());
227 private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException {
230 Item item = loc.best();
231 URI uri = loc.get(item);
232 StringBuilder redirectURL = new StringBuilder(uri.toString());
233 redirectURL.append('/');
234 redirectURL.append(path);
235 String str = req.getQueryString();
237 redirectURL.append('?');
238 redirectURL.append(str);
240 trans.info().log("Redirect to",redirectURL);
241 resp.sendRedirect(redirectURL.toString());
243 context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
245 } catch (LocatorException e) {
246 context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Endpoints found for %s",req.getPathInfo()));
250 private static class User {
251 public final int code;
252 public final String resp;
254 public User(int code, String resp) {
Code Review / aaf / authz.git / blob