2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2019 Nokia Intellectual Property. All rights reserved.
6 * ================================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END=========================================================
20 package org.onap.dmaap.dbcapi.resources;
22 import com.fasterxml.jackson.core.JsonProcessingException;
23 import com.fasterxml.jackson.databind.ObjectMapper;
24 import java.io.IOException;
25 import javax.servlet.Filter;
26 import javax.servlet.FilterChain;
27 import javax.servlet.FilterConfig;
28 import javax.servlet.ServletException;
29 import javax.servlet.ServletRequest;
30 import javax.servlet.ServletResponse;
31 import javax.servlet.http.HttpServletRequest;
32 import javax.servlet.http.HttpServletResponse;
33 import org.eclipse.jetty.http.HttpStatus;
34 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
35 import org.onap.dmaap.dbcapi.model.ApiError;
36 import org.onap.dmaap.dbcapi.service.DmaapService;
37 import org.onap.dmaap.dbcapi.util.DmaapConfig;
38 import org.onap.dmaap.dbcapi.util.PermissionBuilder;
40 public class AAFAuthorizationFilter extends BaseLoggingClass implements Filter {
42 static final String CADI_AUTHZ_FLAG = "enableCADI";
43 private boolean isCadiEnabled = false;
45 private PermissionBuilder permissionBuilder;
48 public void init(FilterConfig filterConfig) throws ServletException {
49 DmaapConfig dmaapConfig = getConfig();
50 isCadiEnabled = "true".equalsIgnoreCase(dmaapConfig.getProperty(CADI_AUTHZ_FLAG, "false"));
52 permissionBuilder = new PermissionBuilder(dmaapConfig, getDmaapService());
57 public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
58 throws IOException, ServletException {
61 HttpServletRequest httpRequest = (HttpServletRequest) servletRequest;
62 permissionBuilder.updateDmaapInstance();
63 String permission = permissionBuilder.buildPermission(httpRequest);
65 if (httpRequest.isUserInRole(permission)) {
66 logger.info("User " + httpRequest.getUserPrincipal().getName() + " has permission " + permission);
67 filterChain.doFilter(servletRequest, servletResponse);
69 String msg = "User " + httpRequest.getUserPrincipal().getName() + " does not have permission " + permission;
70 errorLogger.error(msg);
71 ((HttpServletResponse) servletResponse).setStatus(HttpStatus.FORBIDDEN_403);
72 servletResponse.setContentType("application/json");
73 servletResponse.setCharacterEncoding("UTF-8");
74 servletResponse.getWriter().print(buildErrorResponse(msg));
75 servletResponse.getWriter().flush();
78 filterChain.doFilter(servletRequest, servletResponse);
83 public void destroy() {
87 DmaapConfig getConfig() {
88 return (DmaapConfig) DmaapConfig.getConfig();
91 DmaapService getDmaapService() {
92 return new DmaapService();
95 private String buildErrorResponse(String msg) {
97 return new ObjectMapper().writeValueAsString(new ApiError(HttpStatus.FORBIDDEN_403, msg, "Authorization"));
98 } catch (JsonProcessingException e) {
99 logger.warn("Could not serialize response entity: " + e.getMessage());
104 PermissionBuilder getPermissionBuilder() {
105 return permissionBuilder;
108 void setPermissionBuilder(PermissionBuilder permissionBuilder) {
109 this.permissionBuilder = permissionBuilder;
112 void setCadiEnabled(boolean cadiEnabled) {
113 isCadiEnabled = cadiEnabled;