2 * ============LICENSE_START==========================================
4 * ===================================================================
5 * Copyright (c) 2017 AT&T Intellectual Property
6 * ===================================================================
7 * Modifications Copyright (c) 2019 Samsung
8 * ===================================================================
9 * Licensed under the Apache License, Version 2.0 (the "License");
10 * you may not use this file except in compliance with the License.
11 * You may obtain a copy of the License at
13 * http://www.apache.org/licenses/LICENSE-2.0
15 * Unless required by applicable law or agreed to in writing, software
16 * distributed under the License is distributed on an "AS IS" BASIS,
17 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
18 * See the License for the specific language governing permissions and
19 * limitations under the License.
21 * ============LICENSE_END=============================================
22 * ====================================================================
25 package org.onap.music.authentication;
27 import java.util.HashMap;
30 import javax.ws.rs.core.MediaType;
32 import org.apache.commons.jcs.access.CacheAccess;
33 import org.onap.music.datastore.PreparedQueryObject;
34 import org.onap.music.eelf.logging.EELFLoggerDelegate;
35 import org.onap.music.eelf.logging.format.AppMessages;
36 import org.onap.music.eelf.logging.format.ErrorSeverity;
37 import org.onap.music.eelf.logging.format.ErrorTypes;
38 import org.onap.music.exceptions.MusicServiceException;
39 import org.onap.music.authentication.MusicAuthenticator.Operation;
40 import org.onap.music.main.MusicCore;
41 import org.onap.music.main.MusicUtil;
43 import com.datastax.driver.core.DataType;
44 import com.datastax.driver.core.Row;
45 import com.sun.jersey.api.client.Client;
46 import com.sun.jersey.api.client.ClientResponse;
47 import com.sun.jersey.api.client.WebResource;
49 public class MusicAAFAuthentication implements MusicAuthenticator {
51 private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(MusicAAFAuthentication.class);
54 public boolean authenticateAdmin(String authorization) {
55 logger.info(EELFLoggerDelegate.applicationLogger, "MusicCore.authenticateAdmin: ");
56 String userId = MusicUtil.extractBasicAuthentication(authorization).get(MusicUtil.USERID);
57 CacheAccess<String, String> adminCache = CachingUtil.getAdminUserCache();
58 if (authorization == null) {
59 logger.error(EELFLoggerDelegate.errorLogger, "Authorization cannot be empty...");
62 if (adminCache.get(authorization) != null && adminCache.get(authorization).equals(userId)) {
63 logger.info(EELFLoggerDelegate.applicationLogger, "MusicCore.authenticateAdmin: Validated against admincache.. ");
67 Client client = Client.create();
68 String aafUrl = MusicUtil.getAafAdminUrl();
70 logger.error(EELFLoggerDelegate.errorLogger, "Admin url is not set, please set in properties");
74 WebResource webResource = client.resource(
75 MusicUtil.getAafAdminUrl().concat(userId).concat("/").concat(MusicUtil.getAdminAafRole()));
77 ClientResponse response = webResource.accept(MediaType.APPLICATION_JSON)
78 .header("Authorization", authorization).get(ClientResponse.class);
79 if (response.getStatus() == 200) {
80 CachingUtil.updateAdminUserCache(authorization, userId);
88 public boolean authenticateUser(String namespace, String authorization, String keyspace,
89 String aid, Operation operation) {
90 logger.info(EELFLoggerDelegate.applicationLogger,"Inside User Authentication.......");
91 Map<String,String> userCredentials = MusicUtil.extractBasicAuthentication(authorization);
92 String userId = userCredentials.get(MusicUtil.USERID);
93 String password = userCredentials.get(MusicUtil.PASSWORD);
95 Map<String, Object> resultMap = new HashMap<>();
97 if(! MusicUtil.getIsCadi()) {
98 resultMap = CachingUtil.validateRequest(namespace, userId, password, keyspace, aid,
100 if (!resultMap.isEmpty())
102 String isAAFApp = null;
104 isAAFApp= CachingUtil.isAAFApplication(namespace);
105 } catch(MusicServiceException e) {
106 logger.error(e.getErrorMessage(), e);
107 resultMap.put("Exception", e.getMessage());
110 if(isAAFApp == null) {
111 resultMap.put("Exception", "Namespace: "+namespace+" doesn't exist. Please make sure ns(appName)"
112 + " is correct and Application is onboarded.");
115 boolean isAAF = Boolean.parseBoolean(isAAFApp);
116 if (userId == null || password == null) {
117 logger.error(EELFLoggerDelegate.errorLogger,"", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
118 logger.error(EELFLoggerDelegate.errorLogger,"UserId/Password or more required headers is missing.");
119 resultMap.put("Exception",
120 "UserId and Password are mandatory for the operation " + operation);
123 if(!isAAF && !(operation==Operation.CREATE_KEYSPACE)) {
124 resultMap = CachingUtil.authenticateAIDUser(namespace, userId, password, keyspace);
125 if (!resultMap.isEmpty())
129 if (isAAF && namespace != null && userId != null && password != null) {
130 boolean isValid = true;
132 isValid = CachingUtil.authenticateAAFUser(namespace, userId, password, keyspace);
133 } catch (Exception e) {
134 logger.error(EELFLoggerDelegate.errorLogger,"Error while aaf authentication for user:" + userId);
135 logger.error(EELFLoggerDelegate.errorLogger,"Error: "+ e.getMessage(), e);
136 logger.error(EELFLoggerDelegate.errorLogger,e.getMessage(), AppMessages.AUTHENTICATIONERROR ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
137 logger.error(EELFLoggerDelegate.errorLogger,"Got exception while AAF authentication for namespace " + namespace);
138 resultMap.put("Exception", e.getMessage());
141 logger.error(EELFLoggerDelegate.errorLogger,"User not authenticated...", AppMessages.MISSINGINFO ,ErrorSeverity.WARN, ErrorTypes.AUTHENTICATIONERROR);
142 resultMap.put("Exception", "User not authenticated...");
144 if (!resultMap.isEmpty())
150 String cachedKS = CachingUtil.getKSFromCadiCache(userId);
151 if(cachedKS != null && !cachedKS.equals(keyspace)) {
152 resultMap.put("Exception", "User not authenticated to access this keyspace...");
157 if (operation==Operation.CREATE_KEYSPACE) {
159 logger.info(EELFLoggerDelegate.applicationLogger,"AID is not provided. Creating new UUID for keyspace.");
160 PreparedQueryObject pQuery = new PreparedQueryObject();
161 pQuery.appendQueryString(
162 "select uuid from admin.keyspace_master where application_name=? and username=? and keyspace_name=? allow filtering");
163 pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), namespace));
164 pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(), userId));
165 pQuery.addValue(MusicUtil.convertToActualDataType(DataType.text(),
166 MusicUtil.DEFAULTKEYSPACENAME));
167 Row rs = MusicCore.get(pQuery).one();
168 uuid = rs.getUUID("uuid").toString();
169 resultMap.put("uuid", "existing");
170 } catch (Exception e) {
171 logger.error(EELFLoggerDelegate.applicationLogger,"No UUID found in DB. So creating new UUID.", e);
172 uuid = MusicUtil.generateUUID();
173 resultMap.put("uuid", "new");
175 resultMap.put("aid", uuid);
176 CachingUtil.updateCadiCache(userId, keyspace);