Code Review / dmaap / datarouter.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
DR AAF CADI integration
[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / SubscriptionServlet.java
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
index ec4d33a..d7c4657 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/SubscriptionServlet.java
@@ -58,7 +58,7 @@ import static org.onap.dmaap.datarouter.provisioning.utils.HttpServletUtils.send
 @SuppressWarnings("serial")\r
 public class SubscriptionServlet extends ProxyServlet {\r
 \r
-    public static final String SUBCNTRL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-control";\r
+    private static final String SUBCNTRL_CONTENT_TYPE = "application/vnd.dmaap-dr.subscription-control";\r
     //Adding EELF Logger Rally:US664892\r
     private static EELFLogger eelflogger = EELFManager.getInstance()\r
         .getLogger(SubscriptionServlet.class);\r
@@ -113,17 +113,37 @@ public class SubscriptionServlet extends ProxyServlet {
                 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
                 return;\r
             }\r
-            // Check with the Authorizer\r
-            AuthorizationResponse aresp = authz.decide(req);\r
-            if (!aresp.isAuthorized()) {\r
-                message = "Policy Engine disallows access.";\r
-                elr.setMessage(message);\r
-                elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
-                eventlogger.info(elr);\r
-                sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
-                return;\r
+            /*\r
+             * START - AAF changes\r
+             * TDP EPIC US# 307413\r
+             * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription\r
+             */\r
+            String aafInstance = sub.getAafInstance();\r
+            if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) {\r
+                AuthorizationResponse aresp = authz.decide(req);\r
+                if (!aresp.isAuthorized()) {\r
+                    message = "Policy Engine disallows access.";\r
+                    elr.setMessage(message);\r
+                    elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+                    eventlogger.info(elr);\r
+                    sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+                    return;\r
+                }\r
+            } else {\r
+                String permission = getSubscriberPermission(aafInstance, BaseServlet.DELETE_PERMISSION);\r
+                eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);\r
+                if (!req.isUserInRole(permission)) {\r
+                    message = "AAF disallows access to permission - " + permission;\r
+                    elr.setMessage(message);\r
+                    elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+                    eventlogger.info(elr);\r
+                    sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+                    return;\r
+                }\r
             }\r
-\r
+            /*\r
+             * END - AAF changes\r
+             */\r
             // Delete Subscription\r
             if (doDelete(sub)) {\r
                 activeSubs--;\r
@@ -270,16 +290,6 @@ public class SubscriptionServlet extends ProxyServlet {
                 sendResponseError(resp, HttpServletResponse.SC_NOT_FOUND, message, eventlogger);\r
                 return;\r
             }\r
-            // Check with the Authorizer\r
-            AuthorizationResponse aresp = authz.decide(req);\r
-            if (!aresp.isAuthorized()) {\r
-                message = "Policy Engine disallows access.";\r
-                elr.setMessage(message);\r
-                elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
-                eventlogger.info(elr);\r
-                sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
-                return;\r
-            }\r
             // check content type is SUB_CONTENT_TYPE, version 1.0\r
             ContentHeader ch = getContentHeader(req);\r
             String ver = ch.getAttribute("version");\r
@@ -314,6 +324,38 @@ public class SubscriptionServlet extends ProxyServlet {
                 sendResponseError(resp, HttpServletResponse.SC_BAD_REQUEST, message, eventlogger);\r
                 return;\r
             }\r
+\r
+            /*\r
+             * START - AAF changes\r
+             * TDP EPIC US# 307413\r
+             * CADI code - check on permissions based on Legacy/AAF users to allow to delete/remove subscription\r
+             */\r
+            String aafInstance = sub.getAafInstance();\r
+            if (aafInstance == null || aafInstance.equals("") || aafInstance.equalsIgnoreCase("legacy")) {\r
+                AuthorizationResponse aresp = authz.decide(req);\r
+                if (!aresp.isAuthorized()) {\r
+                    message = "Policy Engine disallows access.";\r
+                    elr.setMessage(message);\r
+                    elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+                    eventlogger.info(elr);\r
+                    sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+                    return;\r
+                }\r
+            } else {\r
+                String permission = getSubscriberPermission(aafInstance, BaseServlet.EDIT_PERMISSION);\r
+                eventlogger.info("SubscriptionServlet.doDelete().. Permission String - " + permission);\r
+                if (!req.isUserInRole(permission)) {\r
+                    message = "AAF disallows access to permission - " + permission;\r
+                    elr.setMessage(message);\r
+                    elr.setResult(HttpServletResponse.SC_FORBIDDEN);\r
+                    eventlogger.info(elr);\r
+                    sendResponseError(resp, HttpServletResponse.SC_FORBIDDEN, message, eventlogger);\r
+                    return;\r
+                }\r
+            }\r
+            /*\r
+             * END - AAF changes\r
+             */\r
             sub.setSubid(oldsub.getSubid());\r
             sub.setFeedid(oldsub.getFeedid());\r
             sub.setSubscriber(bhdr);    // set from X-DMAAP-DR-ON-BEHALF-OF header\r
@@ -373,13 +415,6 @@ public class SubscriptionServlet extends ProxyServlet {
      */\r
     @Override\r
     public void doPost(HttpServletRequest req, HttpServletResponse resp) {\r
-// OLD pre-3.0 code\r
-//        String message = "POST not allowed for the subscriptionURL.";\r
-//        EventLogRecord elr = new EventLogRecord(req);\r
-//        elr.setMessage(message);\r
-//        elr.setResult(HttpServletResponse.SC_METHOD_NOT_ALLOWED);\r
-//        eventlogger.info(elr);\r
-//        resp.sendError(HttpServletResponse.SC_METHOD_NOT_ALLOWED, message);\r
 \r
         setIpFqdnRequestIDandInvocationIDForEelf("doPost", req);\r
         eelflogger.info(EelfMsgs.ENTRY);\r
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API