Fix Babel authorisation mechanism
Change-Id: Iae3139b33e315fae0c205fd7e0df67554d91cd5b
Issue-ID: AAI-1126
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
diff --git a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
index 67eee9a..0412c1a 100644
--- a/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
+++ b/src/main/java/org/onap/aai/auth/AAIMicroServiceAuth.java
@@ -51,30 +51,6 @@
}
/**
- * @param username
- * @param policyFunction
- * @return
- * @throws AAIAuthException
- */
- public boolean authorize(String username, String policyFunction) throws AAIAuthException {
- return AAIMicroServiceAuthCore.authorize(username, policyFunction);
- }
-
- /**
- * @param authUser
- * @param policyFunction
- * @return
- * @throws AAIAuthException
- */
- public String authenticate(String authUser, String policyFunction) throws AAIAuthException {
- if (authorize(authUser, policyFunction)) {
- return "OK";
- } else {
- return "AAI_9101";
- }
- }
-
- /**
* @param headers
* @param req
* @param action
@@ -94,11 +70,7 @@
}
String[] ps = apiPath.split("/");
- String authPolicyFunctionName = ps[0];
- if (ps.length > 1 && authPolicyFunctionName.matches("v\\d+")) {
- authPolicyFunctionName = ps[1];
- }
-
+ String authPolicyFunctionName = ps[ps.length - 1];
String cipherSuite = (String) req.getAttribute("javax.servlet.request.cipher_suite");
String authUser = null;
@@ -110,7 +82,8 @@
}
if (authUser != null) {
- return "OK".equals(authenticate(authUser.toLowerCase(), action.toString() + ":" + authPolicyFunctionName));
+ return AAIMicroServiceAuthCore.authorize(authUser.toLowerCase(),
+ action.toString() + ":" + authPolicyFunctionName);
} else {
return false;
}
diff --git a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java
index 17d0b65..532d8c7 100644
--- a/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java
+++ b/src/main/java/org/onap/aai/babel/service/GenerateArtifactsServiceImpl.java
@@ -30,6 +30,7 @@
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.PathSegment;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.Response.Status;
import javax.ws.rs.core.UriInfo;
@@ -49,8 +50,10 @@
import org.onap.aai.babel.service.data.BabelRequest;
import org.onap.aai.babel.util.RequestValidationException;
import org.onap.aai.babel.util.RequestValidator;
+import org.springframework.stereotype.Service;
/** Generate SDC Artifacts by passing in a CSAR payload, Artifact Name and Artifact version */
+@Service
public class GenerateArtifactsServiceImpl implements GenerateArtifactsService {
private static final LogHelper applicationLogger = LogHelper.INSTANCE;
@@ -96,8 +99,12 @@
Response response;
try {
+ // Get last URI path segment to use for authentication
+ List<PathSegment> pathSegments = uriInfo.getPathSegments();
+ String lastPathSegment = pathSegments.isEmpty() ? "" : pathSegments.get(pathSegments.size() - 1).getPath();
+
boolean authorized = aaiMicroServiceAuth.validateRequest(headers, servletRequest,
- AAIMicroServiceAuthCore.HTTP_METHODS.POST, uriInfo.getPath(false));
+ AAIMicroServiceAuthCore.HTTP_METHODS.POST, lastPathSegment);
response = authorized ? generateArtifacts(requestBody)
: buildResponse(Status.UNAUTHORIZED, "User not authorized to perform the operation.");
diff --git a/src/main/java/org/onap/aai/babel/service/InfoService.java b/src/main/java/org/onap/aai/babel/service/InfoService.java
index c993746..e115568 100644
--- a/src/main/java/org/onap/aai/babel/service/InfoService.java
+++ b/src/main/java/org/onap/aai/babel/service/InfoService.java
@@ -31,6 +31,7 @@
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
+import org.springframework.stereotype.Service;
/**
* Information service for the micro-service. Return status details to the caller.
@@ -38,6 +39,7 @@
* @exclude
*/
@Path("/core/core-service")
+@Service
public class InfoService {
private Clock clock = Clock.systemDefaultZone();
diff --git a/src/main/resources/babel-beans.xml b/src/main/resources/babel-beans.xml
index f4cc32c..e979a2e 100644
--- a/src/main/resources/babel-beans.xml
+++ b/src/main/resources/babel-beans.xml
@@ -1,5 +1,6 @@
<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
+<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd">
@@ -8,7 +9,9 @@
<!-- PROPERTY AND CONFIGURATION FILES -->
<!-- ////////////////////////////////////////////////////////////////// -->
- <context:property-placeholder location="file:${CONFIG_HOME}/babel-auth.properties" ignore-unresolvable="true" />
+ <context:property-placeholder
+ location="file:${CONFIG_HOME}/babel-auth.properties"
+ ignore-unresolvable="true" />
<!-- ////////////////////////////////////////////////////////////////// -->
<!-- CONFIG BEANS -->
@@ -23,13 +26,8 @@
<!-- IMPLEMENTATION BEANS -->
<!-- ////////////////////////////////////////////////////////////////// -->
- <bean id="aaiMicroServiceAuth" class="org.onap.aai.auth.AAIMicroServiceAuth" >
+ <bean id="aaiMicroServiceAuth" class="org.onap.aai.auth.AAIMicroServiceAuth">
<constructor-arg ref="babelAuthConfig" />
</bean>
-
- <bean id="generateArtifacts" class="org.onap.aai.babel.service.GenerateArtifactsServiceImpl" >
- <constructor-arg ref="aaiMicroServiceAuth" />
- </bean>
-
</beans>
diff --git a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java
index 99eb4e9..e6f5aa6 100644
--- a/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java
+++ b/src/test/java/org/onap/aai/babel/MicroServiceAuthTest.java
@@ -20,7 +20,6 @@
*/
package org.onap.aai.babel;
-import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
@@ -80,9 +79,9 @@
@Test
public void createLocalAuthFile() throws AAIAuthException, IOException, JSONException {
JSONObject roles = createRoleObject("role", createUserObject("user"), createFunctionObject("func"));
- AAIMicroServiceAuth auth = createAuthService(roles);
- assertThat(auth.authorize("nosuchuser", "method:func"), is(false));
- assertThat(auth.authorize("user", "method:func"), is(true));
+ createAuthService(roles);
+ assertThat(AAIMicroServiceAuthCore.authorize("nosuchuser", "method:func"), is(false));
+ assertThat(AAIMicroServiceAuthCore.authorize("user", "method:func"), is(true));
}
/**
@@ -112,9 +111,9 @@
@Test
public void testAuthUser() throws AAIAuthException {
- AAIMicroServiceAuth auth = createStandardAuth();
- assertThat(auth.authenticate(VALID_ADMIN_USER, "GET:actions"), is(equalTo("OK")));
- assertThat(auth.authenticate(VALID_ADMIN_USER, "WRONG:action"), is(equalTo("AAI_9101")));
+ createStandardAuth();
+ assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "GET:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(VALID_ADMIN_USER, "WRONG:action"), is(false));
}
@@ -158,10 +157,10 @@
* @throws AAIAuthException
*/
private void assertAdminUserAuthorisation(AAIMicroServiceAuth auth, String adminUser) throws AAIAuthException {
- assertThat(auth.authorize(adminUser, "GET:actions"), is(true));
- assertThat(auth.authorize(adminUser, "POST:actions"), is(true));
- assertThat(auth.authorize(adminUser, "PUT:actions"), is(true));
- assertThat(auth.authorize(adminUser, "DELETE:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "GET:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "POST:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "PUT:actions"), is(true));
+ assertThat(AAIMicroServiceAuthCore.authorize(adminUser, "DELETE:actions"), is(true));
}
private JSONArray createFunctionObject(String functionName) throws JSONException {