2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
6 * Copyright © 2017 Amdocs
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
21 * ECOMP is a trademark and service mark of AT&T Intellectual Property.
23 package org.onap.aai.sa.auth;
25 import com.fasterxml.jackson.core.JsonProcessingException;
26 import com.fasterxml.jackson.databind.JsonNode;
27 import com.fasterxml.jackson.databind.ObjectMapper;
28 import org.json.simple.parser.JSONParser;
29 import org.json.simple.parser.ParseException;
30 import org.onap.aai.sa.searchdbabstraction.util.SearchDbConstants;
31 import org.openecomp.cl.api.Logger;
32 import org.openecomp.cl.eelf.LoggerFactory;
35 import java.io.FileNotFoundException;
36 import java.io.FileReader;
37 import java.io.IOException;
38 import java.util.ArrayList;
39 import java.util.HashMap;
40 import java.util.List;
42 import java.util.Timer;
44 public class SearchDbServiceAuthCore {
46 private static Logger logger = LoggerFactory.getInstance()
47 .getLogger(SearchDbServiceAuthCore.class.getName());
49 private static String GlobalAuthFileName = SearchDbConstants.SDB_AUTH_CONFIG_FILENAME;
51 private static enum HTTP_METHODS {
52 POST, GET, PUT, DELETE
58 private SearchDbServiceAuthCore() {
61 private static boolean usersInitialized = false;
62 private static HashMap<String, SearchDbAuthUser> users;
63 private static boolean timerSet = false;
64 private static Timer timer = null;
66 public synchronized static void init() {
69 SearchDbServiceAuthCore.getConfigFile();
70 SearchDbServiceAuthCore.reloadUsers();
74 public static void cleanup() {
78 public static String getConfigFile() {
79 if (GlobalAuthFileName == null) {
80 String nc = SearchDbConstants.SDB_AUTH_CONFIG_FILENAME;
82 nc = "/home/aaiadmin/etc/aaipolicy.json";
85 GlobalAuthFileName = nc;
87 return GlobalAuthFileName;
90 public synchronized static void reloadUsers() {
91 users = new HashMap<String, SearchDbAuthUser>();
94 ObjectMapper mapper = new ObjectMapper(); // can reuse, share globally
95 JSONParser parser = new JSONParser();
97 Object obj = parser.parse(new FileReader(GlobalAuthFileName));
98 // aailogger.debug(logline, "Reading from " + GlobalAuthFileName);
99 JsonNode rootNode = mapper.readTree(new File(GlobalAuthFileName));
100 JsonNode rolesNode = rootNode.path("roles");
102 for (JsonNode roleNode : rolesNode) {
103 String roleName = roleNode.path("name").asText();
105 TabularAuthRole authRole = new TabularAuthRole();
106 JsonNode usersNode = roleNode.path("users");
107 JsonNode functionsNode = roleNode.path("functions");
108 for (JsonNode functionNode : functionsNode) {
109 String function = functionNode.path("name").asText();
110 JsonNode methodsNode = functionNode.path("methods");
111 boolean hasMethods = false;
112 for (JsonNode methodNode : methodsNode) {
113 String methodName = methodNode.path("name").asText();
115 String thisFunction = methodName + ":" + function;
117 authRole.addAllowedFunction(thisFunction);
120 if (hasMethods == false) {
121 // iterate the list from HTTP_METHODS
122 for (HTTP_METHODS meth : HTTP_METHODS.values()) {
123 String thisFunction = meth.toString() + ":" + function;
125 authRole.addAllowedFunction(thisFunction);
130 for (JsonNode userNode : usersNode) {
131 // make the user lower case
132 String username = userNode.path("username").asText().toLowerCase();
133 SearchDbAuthUser authUser = null;
134 if (users.containsKey(username)) {
135 authUser = users.get(username);
137 authUser = new SearchDbAuthUser();
141 authUser.setUser(username);
142 authUser.addRole(roleName, authRole);
143 users.put(username, authUser);
146 } catch (FileNotFoundException fnfe) {
147 logger.debug("Failed to load the policy file ");
149 } catch (ParseException e) {
150 logger.debug("Failed to Parse the policy file ");
152 } catch (JsonProcessingException e) {
153 logger.debug("JSON processing error while parsing policy file: " + e.getMessage());
155 } catch (IOException e) {
156 logger.debug("IO Exception while parsing policy file: " + e.getMessage());
159 usersInitialized = true;
163 public static class SearchDbAuthUser {
164 public SearchDbAuthUser() {
165 this.roles = new HashMap<String, TabularAuthRole>();
168 private String username;
169 private HashMap<String, TabularAuthRole> roles;
171 public String getUser() {
172 return this.username;
175 public HashMap<String, TabularAuthRole> getRoles() {
179 public void addRole(String roleName, TabularAuthRole authRole) {
180 this.roles.put(roleName, authRole);
183 public boolean checkAllowed(String checkFunc) {
184 for (Map.Entry<String, TabularAuthRole> roleEntry : this.roles.entrySet()) {
185 TabularAuthRole role = roleEntry.getValue();
186 if (role.hasAllowedFunction(checkFunc)) {
187 // break out as soon as we find it
191 // we would have got positive confirmation had it been there
195 public void setUser(String myuser) {
196 this.username = myuser;
201 public static class TabularAuthRole {
202 public TabularAuthRole() {
203 this.allowedFunctions = new ArrayList<String>();
206 private List<String> allowedFunctions;
208 public void addAllowedFunction(String func) {
209 this.allowedFunctions.add(func);
212 public void delAllowedFunction(String delFunc) {
213 if (this.allowedFunctions.contains(delFunc)) {
214 this.allowedFunctions.remove(delFunc);
218 public boolean hasAllowedFunction(String afunc) {
219 if (this.allowedFunctions.contains(afunc)) {
227 public static HashMap<String, SearchDbAuthUser> getUsers(String key) {
228 if (!usersInitialized || (users == null)) {
234 public static boolean authorize(String username, String authFunction) {
235 // logline.init(component, transId, fromAppId, "authorize()");
237 if (!usersInitialized || (users == null)) {
240 if (users.containsKey(username)) {
241 if (users.get(username).checkAllowed(authFunction) == true) {