* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.onap.aaf.misc.env.APIException;
import org.onap.aaf.misc.env.Env;
import org.onap.aaf.misc.env.TimeTaken;
+import org.owasp.esapi.errors.AccessControlException;
+import org.owasp.esapi.reference.DefaultHTTPUtilities;
+import org.owasp.encoder.Encode;
public class API_AAFAccess {
-// private static String service, version, envContext;
+// private static String service, version, envContext;
private static final String GET_PERMS_BY_USER = "Get Perms by User";
private static final String USER_HAS_PERM ="User Has Perm";
// private static final String USER_IN_ROLE ="User Has Role";
-
+
/**
* Normal Init level APIs
- *
+ *
* @param gwAPI
* @param facade
* @throws Exception
*/
public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
-
-
+
+
gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) {
@Override
public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
} finally {
tt2.done();
}
-
+
if (d==null || d.data.isEmpty()) {
tt2 = trans.start("AAF Service Call",Env.REMOTE);
try {
ServletOutputStream sos;
try {
sos = resp.getOutputStream();
- sos.print(fp.value);
+ sos.print(Encode.forJava(fp.value));
} catch (IOException e) {
throw new CadiException(e);
}
User u = (User)d.data.get(0);
resp.setStatus(u.code);
ServletOutputStream sos = resp.getOutputStream();
- sos.print(u.resp);
+ sos.print(Encode.forJava(u.resp));
}
} finally {
tt.done();
/**
* Query User Has Perm is DEPRECATED
- *
+ *
* Need to move towards NS declaration... is this even being used?
* @deprecated
*/
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
try {
- redirect(trans, req, resp, context,
- gwAPI.getGUILocator(),
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
"gui/"+pathParam(req,":path"));
} catch (LocatorException e) {
context.error(trans, resp, Result.ERR_BadData, e.getMessage());
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
try {
- redirect(trans, req, resp, context,
- gwAPI.getGUILocator(),
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
pathParam(req,":path"));
} catch (LocatorException e) {
context.error(trans, resp, Result.ERR_BadData, e.getMessage());
}
});
}
-
+
public static void initDefault(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
/**
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
try {
- redirect(trans, req, resp, context,
+ redirect(trans, req, resp, context,
gwAPI.getGUILocator(),
"login");
} catch (LocatorException e) {
}
});
-
+
/**
* Default URL
*/
@Override
public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
try {
- redirect(trans, req, resp, context,
- gwAPI.getGUILocator(),
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
"gui/home");
} catch (Exception e) {
context.error(trans, resp, Result.ERR_General, e.getMessage());
}
}
});
-
+
/**
- * Configuration
+ * Configuration
*/
gwAPI.route(HttpMethods.GET,"/configure/:id/:type",API.CONFIG,new LocateCode(facade,"Deliver Configuration Properties to AAF", true) {
@Override
});
}
- private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException {
+ private static void redirect(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp, LocateFacade context, Locator<URI> loc, String path) throws IOException, AccessControlException {
try {
if (loc.hasItems()) {
Item item = loc.best();
URI uri = loc.get(item);
- StringBuilder redirectURL = new StringBuilder(uri.toString());
+ StringBuilder redirectURL = new StringBuilder(uri.toString());
redirectURL.append('/');
redirectURL.append(path);
String str = req.getQueryString();
redirectURL.append(str);
}
trans.info().log("Redirect to",redirectURL);
- resp.sendRedirect(redirectURL.toString());
+ DefaultHTTPUtilities util = new DefaultHTTPUtilities();
+ util.sendRedirect(redirectURL.toString());
+ //resp.sendRedirect(redirectURL.toString());
} else {
context.error(trans, resp, Result.err(Result.ERR_NotFound,"No Locations found for redirection"));
}
private static class User {
public final int code;
public final String resp;
-
+
public User(int code, String resp) {
this.code = code;
this.resp = resp;
Code Review / aaf / authz.git / blobdiff