1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.cadi.aaf.v2_0;
\r
25 import java.net.URISyntaxException;
\r
26 import java.security.Principal;
\r
27 import java.util.ArrayList;
\r
28 import java.util.Date;
\r
29 import java.util.List;
\r
31 import org.onap.aaf.cadi.AbsUserCache;
\r
32 import org.onap.aaf.cadi.CachingLur;
\r
33 import org.onap.aaf.cadi.Permission;
\r
34 import org.onap.aaf.cadi.StrLur;
\r
35 import org.onap.aaf.cadi.Transmutate;
\r
36 import org.onap.aaf.cadi.User;
\r
37 import org.onap.aaf.cadi.Access.Level;
\r
38 import org.onap.aaf.cadi.aaf.AAFPermission;
\r
39 import org.onap.aaf.cadi.aaf.AAFTransmutate;
\r
40 import org.onap.aaf.cadi.config.Config;
\r
42 import com.att.aft.dme2.api.DME2Exception;
\r
43 import org.onap.aaf.inno.env.APIException;
\r
44 import org.onap.aaf.inno.env.util.Split;
\r
46 public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements StrLur, CachingLur<PERM> {
\r
47 protected static final byte[] BLANK_PASSWORD = new byte[0];
\r
48 protected static final Transmutate<Principal> transmutate = new AAFTransmutate();
\r
49 private String[] debug = null;
\r
50 public AAFCon<?> aaf;
\r
51 private String[] supports;
\r
53 public AbsAAFLur(AAFCon<?> con) throws DME2Exception, URISyntaxException, APIException {
\r
54 super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);
\r
57 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
\r
60 public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws DME2Exception, URISyntaxException, APIException {
\r
64 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
\r
68 public void setDebug(String ids) {
\r
69 this.debug = ids==null?null:Split.split(',', ids);
\r
72 protected abstract User<PERM> loadUser(Principal bait);
\r
73 protected abstract User<PERM> loadUser(String name);
\r
74 public final boolean supports(String userName) {
\r
75 if(userName!=null) {
\r
76 for(String s : supports) {
\r
77 if(userName.endsWith(s))
\r
84 protected abstract boolean isCorrectPermType(Permission pond);
\r
86 // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"
\r
87 public boolean fish(Principal bait, Permission pond) {
\r
88 return fish(bait.getName(), pond);
\r
91 public void fishAll(Principal bait, List<Permission> perms) {
\r
92 fishAll(bait.getName(),perms);
\r
95 // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"
\r
96 public boolean fish(String bait, Permission pond) {
\r
99 StringBuilder sb = new StringBuilder("Log for ");
\r
101 if(supports(bait)) {
\r
102 User<PERM> user = getUser(bait);
\r
104 sb.append("\n\tUser is not in Cache");
\r
106 if(user.noPerms())sb.append("\n\tUser has no Perms");
\r
107 if(user.permExpired()) {
\r
108 sb.append("\n\tUser's perm expired [");
\r
109 sb.append(new Date(user.permExpires()));
\r
112 sb.append("\n\tUser's perm expires [");
\r
113 sb.append(new Date(user.permExpires()));
\r
117 if(user==null || (user.noPerms() && user.permExpired())) {
\r
118 user = loadUser(bait);
\r
119 sb.append("\n\tloadUser called");
\r
122 sb.append("\n\tUser was not Loaded");
\r
123 } else if(user.contains(pond)) {
\r
124 sb.append("\n\tUser contains ");
\r
125 sb.append(pond.getKey());
\r
128 sb.append("\n\tUser does not contain ");
\r
129 sb.append(pond.getKey());
\r
130 List<Permission> perms = new ArrayList<Permission>();
\r
131 user.copyPermsTo(perms);
\r
132 for(Permission p : perms) {
\r
133 sb.append("\n\t\t");
\r
134 sb.append(p.getKey());
\r
138 sb.append("AAF Lur does not support [");
\r
142 aaf.access.log(Level.INFO, sb);
\r
145 if(supports(bait)) {
\r
146 User<PERM> user = getUser(bait);
\r
147 if(user==null || (user.noPerms() && user.permExpired())) {
\r
148 user = loadUser(bait);
\r
150 return user==null?false:user.contains(pond);
\r
156 public void fishAll(String bait, List<Permission> perms) {
\r
157 if(isDebug(bait)) {
\r
158 StringBuilder sb = new StringBuilder("Log for ");
\r
160 if(supports(bait)) {
\r
161 User<PERM> user = getUser(bait);
\r
163 sb.append("\n\tUser is not in Cache");
\r
165 if(user.noPerms())sb.append("\n\tUser has no Perms");
\r
166 if(user.permExpired()) {
\r
167 sb.append("\n\tUser's perm expired [");
\r
168 sb.append(new Date(user.permExpires()));
\r
171 sb.append("\n\tUser's perm expires [");
\r
172 sb.append(new Date(user.permExpires()));
\r
176 if(user==null || (user.noPerms() && user.permExpired())) {
\r
177 user = loadUser(bait);
\r
178 sb.append("\n\tloadUser called");
\r
181 sb.append("\n\tUser was not Loaded");
\r
183 sb.append("\n\tCopying Perms ");
\r
184 user.copyPermsTo(perms);
\r
185 for(Permission p : perms) {
\r
186 sb.append("\n\t\t");
\r
187 sb.append(p.getKey());
\r
191 sb.append("AAF Lur does not support [");
\r
195 aaf.access.log(Level.INFO, sb);
\r
197 if(supports(bait)) {
\r
198 User<PERM> user = getUser(bait);
\r
199 if(user==null || (user.noPerms() && user.permExpired())) user = loadUser(bait);
\r
201 user.copyPermsTo(perms);
\r
208 public void remove(String user) {
\r
209 super.remove(user);
\r
212 private boolean isDebug(String bait) {
\r
214 if(debug.length==1 && "all".equals(debug[0]))return true;
\r
215 for(String s : debug) {
\r
216 if(s.equals(bait))return true;
\r
222 * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.
\r
230 public<A> void fishOneOf(String bait, A obj, String type, String instance, List<Action<A>> actions) {
\r
231 User<PERM> user = getUser(bait);
\r
232 if(user==null || (user.noPerms() && user.permExpired()))user = loadUser(bait);
\r
233 // return user==null?false:user.contains(pond);
\r
235 ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);
\r
236 for(Action<A> action : actions) {
\r
237 perm.setAction(action.getName());
\r
238 if(user.contains(perm)) {
\r
239 if(action.exec(obj))return;
\r
245 public static interface Action<A> {
\r
246 public String getName();
\r
248 * Return false to continue, True to end now
\r
251 public boolean exec(A a);
\r
254 private class ReuseAAFPermission extends AAFPermission {
\r
255 public ReuseAAFPermission(String type, String instance) {
\r
256 super(type,instance,null);
\r
259 public void setAction(String s) {
\r
264 * This function understands that AAF Keys are hierarchical, :A:B:C,
\r
265 * Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit
\r