X-Git-Url: https://gerrit.onap.org/r/gitweb?p=policy%2Fengine.git;a=blobdiff_plain;f=ONAP-PAP-REST%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fpap%2Fxacml%2FrestAuth%2FPAPAuthenticationFilter.java;h=323b89a0135ff8291d831d462ab1391586489829;hp=c4b97f59225a015ea5a8d49116a4816d3a087d61;hb=1e61676b77dd09659027b8984f050df7e8538526;hpb=f0c563df34a999a1702d51cb6cb44fe10155b16b

diff --git a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/PAPAuthenticationFilter.java b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/PAPAuthenticationFilter.java
index c4b97f592..323b89a01 100644
--- a/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/PAPAuthenticationFilter.java
+++ b/ONAP-PAP-REST/src/main/java/org/onap/policy/pap/xacml/restAuth/PAPAuthenticationFilter.java
@@ -2,14 +2,14 @@
  * ============LICENSE_START=======================================================
  * ONAP-PAP-REST
  * ================================================================================
- * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2019 AT&T Intellectual Property. All rights reserved.
  * ================================================================================
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *      http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -41,69 +41,69 @@ import org.apache.commons.logging.LogFactory;
 @WebFilter("/*")
 public class PAPAuthenticationFilter implements Filter {
 
-	private static final Log logger	= LogFactory.getLog(PAPAuthenticationFilter.class);
-	public static final String AUTHENTICATION_HEADER = "Authorization";
-
-	@Override
-	public void doFilter(ServletRequest request, ServletResponse response,
-			FilterChain filter) throws IOException, ServletException {
-		
-		
-		if (request instanceof HttpServletRequest) {
-			HttpServletRequest httpServletRequest = (HttpServletRequest) request;
-
-			String authCredentials = null;
-			String url = httpServletRequest.getRequestURI();
-			
-			logger.info("Request URI: " + url);
-			
-			//getting authentication credentials
-			authCredentials = httpServletRequest.getHeader(AUTHENTICATION_HEADER);
-			
-			// Check Authentication credentials
-			AuthenticationService authenticationService = new AuthenticationService();
-			boolean authenticationStatus = authenticationService.authenticate(authCredentials);
-			
-			if (authenticationStatus) {
-				//indicates the request comes from Traditional Admin Console or PolicyEngineAPI
-				if ("/pap/".equals(url)){
-					logger.info("Request comes from Traditional Admin Console or PolicyEngineAPI");						
-					//forward request to the XACMLPAPServlet if authenticated
-					request.getRequestDispatcher("/pap/pap/").forward(request, response);
-				}else if (url.startsWith("/pap/onap/") && response instanceof HttpServletResponse){
-					//indicates the request comes from the ONAP Portal onap-sdk-app
-					HttpServletResponse alteredResponse = ((HttpServletResponse)response);
-					addCorsHeader(alteredResponse);
-					logger.info("Request comes from Onap Portal");
-					//Spring dispatcher servlet is at the end of the filter chain at /pap/onap/ path
-					filter.doFilter(request, response);
-				}
-			} else {
-				if (response instanceof HttpServletResponse) {
-					HttpServletResponse httpServletResponse = (HttpServletResponse) response;
-					httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-				}
-			}
-
-		}
-	}
-	
-	//method to add CorsHeaders for onap portal rest call
-	private void addCorsHeader(HttpServletResponse response) {
-		logger.info("Adding Cors Response Headers!!!");
-		response.addHeader("Access-Control-Allow-Origin", "*");
+    private static final Log logger = LogFactory.getLog(PAPAuthenticationFilter.class);
+    public static final String AUTHENTICATION_HEADER = "Authorization";
+
+    @Override
+    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filter)
+            throws IOException, ServletException {
+
+        if (request instanceof HttpServletRequest) {
+            HttpServletRequest httpServletRequest = (HttpServletRequest) request;
+
+            String authCredentials = null;
+            String url = httpServletRequest.getRequestURI();
+
+            logger.info("Request URI: " + url);
+
+            // getting authentication credentials
+            authCredentials = httpServletRequest.getHeader(AUTHENTICATION_HEADER);
+
+            // Check Authentication credentials
+            AuthenticationService authenticationService = new AuthenticationService();
+            boolean authenticationStatus = authenticationService.authenticate(authCredentials);
+
+            if (authenticationStatus) {
+                // indicates the request comes from Traditional Admin Console or PolicyEngineAPI
+                if ("/pap/".equals(url)) {
+                    logger.info("Request comes from Traditional Admin Console or PolicyEngineAPI");
+                    // forward request to the XACMLPAPServlet if authenticated
+                    request.getRequestDispatcher("/pap/pap/").forward(request, response);
+                } else if (url.startsWith("/pap/onap/") && response instanceof HttpServletResponse) {
+                    // indicates the request comes from the ONAP Portal onap-sdk-app
+                    HttpServletResponse alteredResponse = ((HttpServletResponse) response);
+                    addCorsHeader(alteredResponse);
+                    logger.info("Request comes from Onap Portal");
+                    // Spring dispatcher servlet is at the end of the filter chain at /pap/onap/ path
+                    filter.doFilter(request, response);
+                }
+            } else {
+                if (response instanceof HttpServletResponse) {
+                    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
+                    httpServletResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                }
+            }
+
+        }
+    }
+
+    // method to add CorsHeaders for onap portal rest call
+    private void addCorsHeader(HttpServletResponse response) {
+        logger.info("Adding Cors Response Headers!!!");
+        response.addHeader("Access-Control-Allow-Origin", "*");
         response.addHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE, HEAD");
-        response.addHeader("Access-Control-Allow-Headers", "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
-        response.addHeader("Access-Control-Max-Age", "1728000");	
-	}
-
-	@Override
-	public void destroy() {
-		//Empty
-	}
-
-	@Override
-	public void init(FilterConfig arg0) throws ServletException {
-		//Empty
-	}
+        response.addHeader("Access-Control-Allow-Headers",
+                "X-PINGOTHER, Origin, X-Requested-With, Content-Type, Accept");
+        response.addHeader("Access-Control-Max-Age", "1728000");
+    }
+
+    @Override
+    public void destroy() {
+        // Empty
+    }
+
+    @Override
+    public void init(FilterConfig arg0) throws ServletException {
+        // Empty
+    }
 }