* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
- *
+ *
* http://www.apache.org/licenses/LICENSE-2.0
- *
+ *
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
import org.onap.aaf.auth.oauth.mapper.Mapper.API;
import org.onap.aaf.auth.oauth.service.OAuthService;
import org.onap.aaf.auth.oauth.service.OAuthService.GRANT_TYPE;
-import org.onap.aaf.cadi.client.Holder;
+import org.onap.aaf.cadi.util.Holder;
import org.onap.aaf.cadi.oauth.OAuth2Principal;
import org.onap.aaf.cadi.principal.OAuth2FormPrincipal;
import org.onap.aaf.misc.env.APIException;
/**
* AuthzFacade
- *
+ *
* This Service Facade encapsulates the essence of the API Service can do, and provides
* a single created object for elements such as RosettaDF.
*
* a) In the future, we may support multiple Response Formats, aka JSON or XML, based on User Request.
* 4) Log Service info, warnings and exceptions as necessary
* 5) When asked by the API layer, this will create and write Error content to the OutputStream
- *
- * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be
+ *
+ * Note: This Class does NOT set the HTTP Status Code. That is up to the API layer, so that it can be
* clearly coordinated with the API Documentation
- *
+ *
* @author Jonathan
*
*/
-public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR>
+public abstract class OAFacadeImpl<TOKEN_REQ,TOKEN,INTROSPECT,ERROR>
extends DirectIntrospectImpl<INTROSPECT> implements OAFacade<INTROSPECT> {
private static final String INVALID_INPUT = "Invalid Input";
private final RosettaDF<TOKEN> tokenDF;
private final RosettaDF<ERROR> errDF;
public final RosettaDF<Perms> permsDF;
private final Mapper<TOKEN_REQ, TOKEN, INTROSPECT, ERROR> mapper;
-
+
public OAFacadeImpl(AAF_OAuth api,
- OAuthService service,
+ OAuthService service,
Mapper<TOKEN_REQ,TOKEN,INTROSPECT,ERROR> mapper,
Data.TYPE dataType) throws APIException {
super(service, mapper);
(permsDF = env.newDataFactory(Perms.class)).in(dataType).out(dataType);
(errDF = env.newDataFactory(mapper.getClass(API.ERROR))).in(dataType).out(dataType);
}
-
+
///////////////////////////
// Tokens
///////////////////////////
public static final String CREATE_TOKEN = "createToken";
public static final String INTROSPECT = "introspect";
-
+
/* (non-Javadoc)
* @see org.onap.aaf.auth.oauth.facade.OAFacade#getToken(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, org.onap.aaf.auth.oauth.service.OAuthAPI)
*/
TOKEN_REQ request;
try {
request = mapper.tokenReqFromParams(req);
- if(request==null) {
+ if (request==null) {
Data<TOKEN_REQ> rd = tokenReqDF.newData().load(req.getInputStream());
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,rd.asString());
}
request = rd.asObject();
}
- } catch(APIException e) {
+ } catch (APIException e) {
trans.error().log(INVALID_INPUT,IN,CREATE_TOKEN);
return Result.err(Status.ERR_BadData,INVALID_INPUT);
}
// Already validated for Oauth2FormPrincipal
// Result<Void> rv = service.validate(trans,mapper.credsFromReq(request));
-// if(rv.notOK()) {
+// if (rv.notOK()) {
// return rv;
// }
Holder<GRANT_TYPE> hgt = new Holder<GRANT_TYPE>(GRANT_TYPE.unknown);
Result<OAuthTokenDAO.Data> rs = service.createToken(trans,req,mapper.clientTokenReq(request,hgt),hgt);
Result<TOKEN> rp;
- if(rs.isOKhasData()) {
+ if (rs.isOKhasData()) {
rp = mapper.tokenFromData(rs);
} else {
rp = Result.err(rs);
}
switch(rp.status) {
- case OK:
+ case OK:
RosettaData<TOKEN> data = tokenDF.newData(trans).load(rp.value);
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
data.to(resp.getOutputStream());
try {
Principal p = req.getUserPrincipal();
String token=null;
- if(p != null) {
- if(p instanceof OAuth2Principal) {
+ if (p != null) {
+ if (p instanceof OAuth2Principal) {
RosettaData<INTROSPECT> data = introspectDF.newData(trans).load(mapper.fromPrincipal((OAuth2Principal)p));
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
data.to(resp.getOutputStream());
resp.getOutputStream().print('\n');
setContentType(resp,tokenDF.getOutType());
return Result.ok();
- } else if(p instanceof OAuth2FormPrincipal) {
- token = req.getParameter("token");
+ } else if (p instanceof OAuth2FormPrincipal) {
+ token = req.getParameter("token");
}
}
-
- if(token==null) {
+
+ if (token==null) {
token = req.getParameter("access_token");
- if(token==null || token.isEmpty()) {
+ if (token==null || token.isEmpty()) {
token = req.getHeader("Authorization");
- if(token != null && token.startsWith("Bearer ")) {
+ if (token != null && token.startsWith("Bearer ")) {
token = token.substring(7);
} else {
token = req.getParameter("token");
- if(token==null) {
+ if (token==null) {
return Result.err(Result.ERR_Security,"token is required");
}
}
Result<INTROSPECT> rti = mappedIntrospect(trans,token);
switch(rti.status) {
- case OK:
+ case OK:
RosettaData<INTROSPECT> data = introspectDF.newData(trans).load(rti.value);
- if(Question.willSpecialLog(trans, trans.user())) {
+ if (Question.willSpecialLog(trans, trans.user())) {
Question.logEncryptTrace(trans,data.asString());
}
data.to(resp.getOutputStream());
tt.done();
}
}
-
+
/* (non-Javadoc)
* @see com.att.authz.facade.AuthzFacade#error(org.onap.aaf.auth.env.test.AuthzTrans, javax.servlet.http.HttpServletResponse, int)
- *
+ *
* Note: Conforms to AT&T TSS RESTful Error Structure
*/
@Override
public void error(AuthzTrans trans, HttpServletResponse response, Result<?> result) {
error(trans, response, result.status,
result.details==null?"":result.details.trim(),
- result.variables==null?new String[0]:result.variables);
+ result.variables==null?Result.EMPTY_VARS:result.variables);
}
-
+
@Override
- public void error(AuthzTrans trans, HttpServletResponse response, int status, final String _msg, final String ... _detail) {
+ public void error(AuthzTrans trans, HttpServletResponse response, int status, final String _msg, final Object ... _detail) {
String msgId;
String prefix;
boolean hidemsg=false;
prefix = "Forbidden";
response.setStatus(/*httpstatus=*/403);
break;
-
+
case 404:
case ERR_NotFound:
msgId = "SVC1404";
prefix = "Not Acceptable";
response.setStatus(/*httpstatus=*/406);
break;
-
+
case 409:
case ERR_ConflictAlreadyExists:
msgId = "SVC1409";
prefix = "Conflict Already Exists";
response.setStatus(/*httpstatus=*/409);
break;
-
+
case 501:
case ERR_NotImplemented:
msgId = "SVC1501";
- prefix = "Not Implemented";
+ prefix = "Not Implemented";
response.setStatus(/*httpstatus=*/501);
break;
-
+
default:
msgId = "SVC1500";
StringBuilder holder = new StringBuilder();
ERROR em = mapper.errorFromMessage(holder, msgId,prefix + ": " + _msg,_detail);
trans.checkpoint(
- "ErrResp [" +
+ "ErrResp [" +
msgId +
"] " +
holder.toString(),
Env.ALWAYS);
- if(hidemsg) {
+ if (hidemsg) {
holder.setLength(0);
em = mapper.errorFromMessage(holder, msgId, "Server had an issue processing this request");
}
errDF.newData(trans).load(em).to(response.getOutputStream());
-
+
} catch (Exception e) {
trans.error().log(e,"unable to send response for",_msg);
}
}
-
+
public Mapper<TOKEN_REQ,TOKEN,INTROSPECT,ERROR> mapper() {
return mapper;
}
-
+
/* (non-Javadoc)
* @see org.onap.aaf.auth.oauth.facade.OAFacade#service()
*/
Code Review / aaf / authz.git / blobdiff