X-Git-Url: https://gerrit.onap.org/r/gitweb?p=dmaap%2Fdatarouter.git;a=blobdiff_plain;f=datarouter-prov%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fdmaap%2Fdatarouter%2Fauthz%2Fimpl%2FProvAuthorizer.java;h=761df0970fe06848524d5653fd142f0a6bdd597b;hp=525c518ec152a35962f5c5b91074df33b3932b64;hb=bc1df610cddfb558cf6bde90c269b4af59768648;hpb=ee6fa61e2cd7df99891092709765235b6166a041

diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
index 525c518e..761df097 100644
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/authz/impl/ProvAuthorizer.java
@@ -23,33 +23,34 @@
 
 package org.onap.dmaap.datarouter.authz.impl;
 
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
 import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
-
-import org.apache.log4j.Logger;
 import org.onap.dmaap.datarouter.authz.AuthorizationResponse;
 import org.onap.dmaap.datarouter.authz.Authorizer;
 import org.onap.dmaap.datarouter.authz.impl.AuthzResource.ResourceType;
 
-/** Authorizer for the provisioning API for Data Router R1
+/** Authorizer for the provisioning API for Data Router R1.
  *
  * @author J. F. Lucas
  *
  */
 public class ProvAuthorizer implements Authorizer {
 
-    private Logger log;
+    private EELFLogger log;
     private ProvDataProvider provData;
 
     private static final String SUBJECT_HEADER = "X-DMAAP-DR-ON-BEHALF-OF";  // HTTP header carrying requester identity
-    private static final String SUBJECT_HEADER_GROUP = "X-DMAAP-DR-ON-BEHALF-OF-GROUP";  // HTTP header carrying requester identity  by group Rally : US708115
+    // HTTP header carrying requester identity  by group Rally : US708115
+    private static final String SUBJECT_HEADER_GROUP = "X-DMAAP-DR-ON-BEHALF-OF-GROUP";
+
     /** Constructor. For the moment, do nothing special.  Make it a singleton?
      *
      */
     public ProvAuthorizer(ProvDataProvider provData) {
         this.provData = provData;
-        this.log = Logger.getLogger(this.getClass());
+        this.log = EELFManager.getInstance().getLogger(this.getClass());
     }
 
     /**
@@ -62,15 +63,15 @@ public class ProvAuthorizer implements Authorizer {
      */
     @Override
     public AuthorizationResponse decide(HttpServletRequest request) {
-            return this.decide(request, null);
+        return this.decide(request, null);
     }
 
     /**
-     * Determine if the API request carried in the <code>request</code> parameter, with additional attributes provided in
+     * Determine if the API request carried in the <code>request</code> parameter,with additional attributes provided in
      * the <code>additionalAttrs</code> parameter, is permitted.   <code>additionalAttrs</code> isn't used in R1.
      *
      * @param request the HTTP request for which an authorization decision is needed
-     * @param additionalAttrs additional attributes that the <code>Authorizer</code> can in making an authorization decision
+     * @param additionalAttrs additional attributes that the <code>Authorizer</code> can in making a decision
      * @return an object implementing the <code>AuthorizationResponse</code> interface.  This object includes the
      * permit/deny decision for the request and (after R1) supplemental information related to the response in the form
      * of advice and obligations.
@@ -78,80 +79,67 @@ public class ProvAuthorizer implements Authorizer {
     @Override
     public AuthorizationResponse decide(HttpServletRequest request,
             Map<String, String> additionalAttrs) {
-        log.trace ("Entering decide()");
-
+        log.trace("Entering decide()");
         boolean decision = false;
-
         // Extract interesting parts of the HTTP request
         String method = request.getMethod();
         AuthzResource resource = new AuthzResource(request.getRequestURI());
-        String subject = (request.getHeader(SUBJECT_HEADER));         // identity of the requester
-        String subjectgroup = (request.getHeader(SUBJECT_HEADER_GROUP)); // identity of the requester by group Rally : US708115
-
-        log.trace("Method: " + method + " -- Type: " + resource.getType() + " -- Id: " + resource.getId() +
-                " -- Subject: " + subject);
+        String subject = (request.getHeader(SUBJECT_HEADER));
+        String subjectgroup = (request.getHeader(SUBJECT_HEADER_GROUP));
 
+        log.trace("Method: " + method + " -- Type: " + resource.getType() + " -- Id: " + resource.getId()
+                          + " -- Subject: " + subject);
         // Choose authorization method based on the resource type
         ResourceType resourceType = resource.getType();
         if (resourceType != null) {
-
             switch (resourceType) {
-
-            case FEEDS_COLLECTION:
-                decision = allowFeedsCollectionAccess(resource, method, subject, subjectgroup);
-                break;
-
-            case SUBS_COLLECTION:
-                decision = allowSubsCollectionAccess(resource, method, subject, subjectgroup);
-                break;
-
-            case FEED:
-                decision = allowFeedAccess(resource, method, subject, subjectgroup);
-                break;
-
-            case SUB:
-                decision = allowSubAccess(resource, method, subject, subjectgroup);
-                break;
-
-            default:
-                decision = false;
-                break;
+                case FEEDS_COLLECTION:
+                    decision = allowFeedsCollectionAccess(method);
+                    break;
+                case SUBS_COLLECTION:
+                    decision = allowSubsCollectionAccess(method);
+                    break;
+                case FEED:
+                    decision = allowFeedAccess(resource, method, subject, subjectgroup);
+                    break;
+                case SUB:
+                    decision = allowSubAccess(resource, method, subject, subjectgroup);
+                    break;
+                default:
+                    decision = false;
+                    break;
             }
         }
-        log.debug("Exit decide(): "  + method + "|" + resourceType + "|" + resource.getId() + "|" + subject + " ==> " + decision);
+        log.debug("Exit decide(): "  + method + "|" + resourceType + "|" + resource.getId() + "|"
+                          + subject + " ==> " + decision);
 
         return new AuthRespImpl(decision);
     }
 
-    private boolean allowFeedsCollectionAccess(AuthzResource resource,    String method, String subject, String subjectgroup) {
-
+    private boolean allowFeedsCollectionAccess(String method) {
         // Allow GET or POST unconditionally
         return method != null && ("GET".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method));
     }
 
-    private boolean allowSubsCollectionAccess(AuthzResource resource, String method, String subject, String subjectgroup) {
-
+    private boolean allowSubsCollectionAccess(String method) {
         // Allow GET or POST unconditionally
         return method != null && ("GET".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method));
     }
 
-    private boolean allowFeedAccess(AuthzResource resource, String method,    String subject, String subjectgroup) {
+    private boolean allowFeedAccess(AuthzResource resource, String method, String subject, String subjectgroup) {
         boolean decision = false;
-
         // Allow GET, PUT, or DELETE if requester (subject) is the owner (publisher) of the feed
-        if ( method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) ||
-        		"DELETE".equalsIgnoreCase(method))) {
+        if ( method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method)
+                                        || "DELETE".equalsIgnoreCase(method))) {
 
             String owner = provData.getFeedOwner(resource.getId());
             decision = (owner != null) && owner.equals(subject);
-
             //Verifying by group Rally : US708115
-            if(subjectgroup != null) {
-                String feedowner = provData.getGroupByFeedGroupId(subject, resource.getId());
-                decision = (feedowner != null) && feedowner.equals(subjectgroup);
+            if (subjectgroup != null) {
+                String feedOwner = provData.getGroupByFeedGroupId(subject, resource.getId());
+                decision = (feedOwner != null) && feedOwner.equals(subjectgroup);
             }
         }
-
         return decision;
     }
 
@@ -159,14 +147,14 @@ public class ProvAuthorizer implements Authorizer {
         boolean decision = false;
 
         // Allow GET, PUT, or DELETE if requester (subject) is the owner of the subscription (subscriber)
-        if (method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method) ||
-        		"DELETE".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method))) {
+        if (method != null && ("GET".equalsIgnoreCase(method) || "PUT".equalsIgnoreCase(method)
+                                       || "DELETE".equalsIgnoreCase(method) || "POST".equalsIgnoreCase(method))) {
 
             String owner = provData.getSubscriptionOwner(resource.getId());
             decision = (owner != null) && owner.equals(subject);
 
             //Verifying by group Rally : US708115
-            if(subjectgroup != null) {
+            if (subjectgroup != null) {
                 String feedowner = provData.getGroupBySubGroupId(subject, resource.getId());
                 decision = (feedowner != null) && feedowner.equals(subjectgroup);
             }