aaf/src/test/java/com/att/aaf/example/ExamplePerm2_0_DME2.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aai\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * Copyright © 2017 Amdocs\r
   7  * * ===========================================================================\r
   8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   9  * * you may not use this file except in compliance with the License.\r
  10  * * You may obtain a copy of the License at\r
  11  * * \r
  12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  13  * * \r
  14  *  * Unless required by applicable law or agreed to in writing, software\r
  15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  17  * * See the License for the specific language governing permissions and\r
  18  * * limitations under the License.\r
  19  * * ============LICENSE_END====================================================\r
  20  * *\r
  21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  22  * *\r
  23  ******************************************************************************/\r
  24 package com.att.aaf.example;\r
  25 \r
  26 import java.security.Principal;\r
  27 import java.util.ArrayList;\r
  28 import java.util.List;\r
  29 \r
  30 import com.att.cadi.Permission;\r
  31 import com.att.cadi.PropAccess;\r
  32 import com.att.cadi.aaf.AAFPermission;\r
  33 import com.att.cadi.aaf.v2_0.AAFAuthn;\r
  34 import com.att.cadi.aaf.v2_0.AAFConHttp;\r
  35 import com.att.cadi.aaf.v2_0.AAFLurPerm;\r
  36 import com.att.cadi.locator.DNSLocator;\r
  37 \r
  38 public class ExamplePerm2_0_DME2 {\r
  39         public static void main(String args[]) {\r
  40                 // Link or reuse to your Logging mechanism\r
  41                 PropAccess myAccess = new PropAccess();  \r
  42                 \r
  43                 // \r
  44                 try {\r
  45                         AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(\r
  46                                         myAccess,"https","localhost","8100"));\r
  47                         \r
  48                         // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
  49                         AAFLurPerm aafLur = acon.newLur();\r
  50                         \r
  51                         // Note: If you need both Authn and Authz construct the following:\r
  52                         AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);\r
  53 \r
  54                         // Do not set Mech ID until after you construct AAFAuthn,\r
  55                         // because we initiate  "401" info to determine the Realm of \r
  56                         // of the service we're after.\r
  57                         acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");\r
  58 \r
  59                         try {\r
  60                                 \r
  61                                 // Normally, you obtain Principal from Authentication System.\r
  62                                 // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
  63                                 // If you use CADI as Authenticator, it will get you these Principals from\r
  64                                 // CSP or BasicAuth mechanisms.\r
  65                                 String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";\r
  66 \r
  67                                 // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
  68                                 String ok = aafAuthn.validate(id, "XXXXXX");\r
  69                                 if(ok!=null)System.out.println(ok);\r
  70                                 \r
  71                                 ok = aafAuthn.validate(id, "wrongPass");\r
  72                                 if(ok!=null)System.out.println(ok);\r
  73 \r
  74 \r
  75                                 // AAF Style permissions are in the form\r
  76                                 // Type, Instance, Action \r
  77                                 AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");\r
  78                                 \r
  79                                 // Now you can ask the LUR (Local Representative of the User Repository about Authorization\r
  80                                 // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object \r
  81                                 // instead of creating your own LUR\r
  82                                 System.out.println("Does " + id + " have " + perm);\r
  83                                 if(aafLur.fish(id, perm)) {\r
  84                                         System.out.println("Yes, you have permission");\r
  85                                 } else {\r
  86                                         System.out.println("No, you don't have permission");\r
  87                                 }\r
  88 \r
  89                                 System.out.println("Does Bogus have " + perm);\r
  90                                 if(aafLur.fish("Bogus", perm)) {\r
  91                                         System.out.println("Yes, you have permission");\r
  92                                 } else {\r
  93                                         System.out.println("No, you don't have permission");\r
  94                                 }\r
  95 \r
  96                                 // Or you can all for all the Permissions available\r
  97                                 List<Permission> perms = new ArrayList<Permission>();\r
  98                                 \r
  99                                 aafLur.fishAll(id,perms);\r
 100                                 for(Permission prm : perms) {\r
 101                                         System.out.println(prm.getKey());\r
 102                                 }\r
 103                                 \r
 104                                 // It might be helpful in some cases to clear the User's identity from the Cache\r
 105                                 aafLur.remove(id);\r
 106                         } finally {\r
 107                                 aafLur.destroy();\r
 108                         }\r
 109                 } catch (Exception e) {\r
 110                         e.printStackTrace();\r
 111                 }\r
 112 \r
 113         }\r
 114 }\r