From ee07ee287cab944dfc7371b3eeb230d1ba7e736e Mon Sep 17 00:00:00 2001 From: "Lee, Tian (tl5884)" Date: Tue, 8 May 2018 12:01:21 +0100 Subject: [PATCH] Fix Babel authorisation mechanism Change-Id: Iae3139b33e315fae0c205fd7e0df67554d91cd5b Issue-ID: AAI-1126 Signed-off-by: Lee, Tian (tl5884) --- .../org/onap/aai/auth/AAIMicroServiceAuth.java | 33 ++-------------------- .../service/GenerateArtifactsServiceImpl.java | 9 +++++- .../org/onap/aai/babel/service/InfoService.java | 2 ++ src/main/resources/babel-beans.xml | 14 ++++----- .../org/onap/aai/babel/MicroServiceAuthTest.java | 21 +++++++------- 5 files changed, 29 insertions(+), 50 deletions(-) diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java index 67eee9a..0412c1a 100644 --- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java +++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java @@ -50,30 +50,6 @@ public class AAIMicroServiceAuth { } } - /** - * @param username - * @param policyFunction - * @return - * @throws AAIAuthException - */ - public boolean authorize(String username, String policyFunction) throws AAIAuthException { - return AAIMicroServiceAuthCore.authorize(username, policyFunction); - } - - /** - * @param authUser - * @param policyFunction - * @return - * @throws AAIAuthException - */ - public String authenticate(String authUser, String policyFunction) throws AAIAuthException { - if (authorize(authUser, policyFunction)) { - return "OK"; - } else { - return "AAI_9101"; - } - } - /** * @param headers * @param req @@ -94,11 +70,7 @@ public class AAIMicroServiceAuth { } String[] ps = apiPath.split("/"); - String authPolicyFunctionName = ps[0]; - if (ps.length > 1 && authPolicyFunctionName.matches("v\\d+")) { - authPolicyFunctionName = ps[1]; - } - + String authPolicyFunctionName = ps[ps.length - 1]; String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite"); String authUser = null; @@ -110,7 +82,8 @@ public class AAIMicroServiceAuth { } if (authUser != null) { - return "OK".equals(authenticate(authUser.toLowerCase(), action.toString() + ":" + authPolicyFunctionName)); + return AAIMicroServiceAuthCore.authorize(authUser.toLowerCase(), + action.toString() + ":" + authPolicyFunctionName); } else { return false; } diff --git a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java index 17d0b65..532d8c7 100644 --- a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java +++ b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java @@ -30,6 +30,7 @@ import javax.inject.Inject; import javax.servlet.http.HttpServletRequest; import javax.ws.rs.core.HttpHeaders; import javax.ws.rs.core.MediaType; +import javax.ws.rs.core.PathSegment; import javax.ws.rs.core.Response; import javax.ws.rs.core.Response.Status; import javax.ws.rs.core.UriInfo; @@ -49,8 +50,10 @@ import org.onap.aai.babel.service.data.BabelArtifact; import org.onap.aai.babel.service.data.BabelRequest; import org.onap.aai.babel.util.RequestValidationException; import org.onap.aai.babel.util.RequestValidator; +import org.springframework.stereotype.Service; /** Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version */ +@Service public class GenerateArtifactsServiceImpl implements GenerateArtifactsService { private static final LogHelper applicationLogger = LogHelper.INSTANCE; @@ -96,8 +99,12 @@ public class GenerateArtifactsServiceImpl implements GenerateArtifactsService { Response response; try { + // Get last URI path segment to use for authentication + List pathSegments = uriInfo.getPathSegments(); + String lastPathSegment = pathSegments.isEmpty() ? "" : pathSegments.get(pathSegments.size() - 1).getPath(); + boolean authorized = aaiMicroServiceAuth.validateRequest(headers, servletRequest, - AAIMicroServiceAuthCore.HTTP_METHODS.POST, uriInfo.getPath(false)); + AAIMicroServiceAuthCore.HTTP_METHODS.POST, lastPathSegment); response = authorized ? generateArtifacts(requestBody) : buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation."); diff --git a/src/main/java/org/onap/aai/babel/service/InfoService.java b/src/main/java/org/onap/aai/babel/service/InfoService.java index c993746..e115568 100644 --- a/src/main/java/org/onap/aai/babel/service/InfoService.java +++ b/src/main/java/org/onap/aai/babel/service/InfoService.java @@ -31,6 +31,7 @@ import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.QueryParam; +import org.springframework.stereotype.Service; /** * Information service for the micro-service. Return status details to the caller. @@ -38,6 +39,7 @@ import javax.ws.rs.QueryParam; * @exclude */ @Path("/core/core-service") +@Service public class InfoService { private Clock clock = Clock.systemDefaultZone(); diff --git a/src/main/resources/babel-beans.xml b/src/main/resources/babel-beans.xml index f4cc32c..e979a2e 100644 --- a/src/main/resources/babel-beans.xml +++ b/src/main/resources/babel-beans.xml @@ -1,5 +1,6 @@ - @@ -8,7 +9,9 @@ - + @@ -23,13 +26,8 @@ - + - - - - - diff --git a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java index 99eb4e9..e6f5aa6 100644 --- a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java +++ b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java @@ -20,7 +20,6 @@ */ package org.onap.aai.babel; -import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; import static org.junit.Assert.assertThat; @@ -80,9 +79,9 @@ public class MicroServiceAuthTest { @Test public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException { JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func")); - AAIMicroServiceAuth auth = createAuthService(roles); - assertThat(auth.authorize("nosuchuser", "method:func"), is(false)); - assertThat(auth.authorize("user", "method:func"), is(true)); + createAuthService(roles); + assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false)); + assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true)); } /** @@ -112,9 +111,9 @@ public class MicroServiceAuthTest { @Test public void testAuthUser() throws AAIAuthException { - AAIMicroServiceAuth auth = createStandardAuth(); - assertThat(auth.authenticate(VALID_ADMIN_USER, "GET:actions"), is(equalTo("OK"))); - assertThat(auth.authenticate(VALID_ADMIN_USER, "WRONG:action"), is(equalTo("AAI_9101"))); + createStandardAuth(); + assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false)); } @@ -158,10 +157,10 @@ public class MicroServiceAuthTest { * @throws AAIAuthException */ private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException { - assertThat(auth.authorize(adminUser, "GET:actions"), is(true)); - assertThat(auth.authorize(adminUser, "POST:actions"), is(true)); - assertThat(auth.authorize(adminUser, "PUT:actions"), is(true)); - assertThat(auth.authorize(adminUser, "DELETE:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true)); + assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true)); } private JSONArray createFunctionObject(String functionName) throws JSONException { -- 2.16.6