cadi/servlet-sample/src/test/java/org/onap/aaf/sample/cadi/MyServlet.java

   1 /**
   2  * ============LICENSE_START====================================================
   3  * org.onap.aaf
   4  * ===========================================================================
   5  * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
   6  * ===========================================================================
   7  * Licensed under the Apache License, Version 2.0 (the "License");
   8  * you may not use this file except in compliance with the License.
   9  * You may obtain a copy of the License at
  10  *
  11  *      http://www.apache.org/licenses/LICENSE-2.0
  12  *
  13  * Unless required by applicable law or agreed to in writing, software
  14  * distributed under the License is distributed on an "AS IS" BASIS,
  15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  16  * See the License for the specific language governing permissions and
  17  * limitations under the License.
  18  * ============LICENSE_END====================================================
  19  *
  20  */
  21
  22 package org.onap.aaf.sample.cadi;
  23
  24 import java.io.IOException;
  25 import java.security.Principal;
  26
  27 import javax.servlet.Servlet;
  28 import javax.servlet.ServletConfig;
  29 import javax.servlet.ServletException;
  30 import javax.servlet.ServletRequest;
  31 import javax.servlet.ServletResponse;
  32 import javax.servlet.http.HttpServletRequest;
  33
  34 import org.onap.aaf.cadi.aaf.v2_0.AAFCon;
  35 import org.onap.aaf.cadi.client.Future;
  36 import org.onap.aaf.cadi.principal.TaggedPrincipal;
  37
  38 // Uncomment if you utilized the "MiniJASPIWrap" in the Servlet setup in "main()", and want to protect your service via Permission or mapped role
  39 //      @RolesAllowed({"com.att.aaf.myPerm|myInstance|myAction"})
  40         public class MyServlet implements Servlet {
  41                 private ServletConfig servletConfig;
  42
  43                 public void init(ServletConfig config) throws ServletException {
  44                         servletConfig = config;
  45                 }
  46
  47                 public ServletConfig getServletConfig() {
  48                         return servletConfig;
  49                 }
  50
  51                 public void service(ServletRequest req, ServletResponse res) throws ServletException, IOException {
  52                         HttpServletRequest request;
  53                         try {
  54                                 request = (HttpServletRequest)req;
  55                         } catch (ClassCastException e) {
  56                                 throw new ServletException("Only serving HTTP today",e);
  57                         }
  58
  59                         res.getOutputStream().println("<html><header><title>CSP Servlet Test</title></header><body><h1>You're good to go!</h1><pre>" +
  60                                         request.getUserPrincipal());
  61
  62                         String perm = request.getParameter("PERM");
  63                         if(perm!=null) {
  64                                 if(request.isUserInRole(perm)) {
  65                                         if(perm.indexOf('|')<0) {
  66                                                 res.getOutputStream().println("\nCongrats!, You are in Role " + perm);
  67                                         } else {
  68                                                 res.getOutputStream().println("\nCongrats!, You have Permission " + perm);
  69                                         }
  70                                 } else {
  71                                         if(perm.indexOf('|')<0) {
  72                                                 res.getOutputStream().println("\nSorry, you are NOT in Role " + perm);
  73                                         } else {
  74                                                 res.getOutputStream().println("\nSorry, you do NOT have Permission " + perm);
  75                                         }
  76                                 }
  77                         }
  78
  79                         // You can get the working AAFCon from Trans
  80                         AAFCon<?> aafcon = AAFCon.obtain(req);
  81                         if(aafcon!=null) {
  82                                 try {
  83                                         res.getOutputStream().println("----- Perms JSON from direct call -----");
  84                                         final Principal up = request.getUserPrincipal();
  85                                         TaggedPrincipal tp;
  86                                         if(up instanceof TaggedPrincipal) {
  87                                                 tp = (TaggedPrincipal)up;
  88                                         } else {
  89                                                 tp = new TaggedPrincipal() {
  90                                                         @Override
  91                                                         public String getName() {
  92                                                                 return up.getName();
  93                                                         }
  94
  95                                                         @Override
  96                                                         public String tag() {
  97                                                                 return "Unknown";
  98                                                         }
  99                                                 };
 100                                         }
 101                                         // This call will be "as the user calling", but only if permission is set to trust.
 102 //                                      Future<String> future = aafcon.clientAs("2.0",tp).read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
 103                                         Future<String> future = aafcon.client("2.0").read("/authz/perms/user/"+request.getUserPrincipal().getName(),"application/Perms+json");
 104                                         if(future.get(4000 /* timeout */)) {
 105                                                 res.getOutputStream().print(future.value);
 106                                         } else {
 107                                                 System.err.println(future.code() + ", " + future.body());
 108                                                 res.getOutputStream().print(future.code() + ", " + future.body());
 109                                         }
 110                                 } catch (Exception e) {
 111                                         e.printStackTrace();
 112                                 }
 113                         } else {
 114                                 res.getOutputStream().println("No AAFCon instantiated");
 115                         }
 116                         res.getOutputStream().print("</pre></body></html>");
 117
 118                 }
 119
 120                 public String getServletInfo() {
 121                         return "MyServlet";
 122                 }
 123
 124                 public void destroy() {
 125                 }
 126         }