1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.aaf.example;
\r
26 import java.security.Principal;
\r
27 import java.util.ArrayList;
\r
28 import java.util.List;
\r
30 import com.att.cadi.Permission;
\r
31 import com.att.cadi.PropAccess;
\r
32 import com.att.cadi.aaf.AAFPermission;
\r
33 import com.att.cadi.aaf.v2_0.AAFAuthn;
\r
34 import com.att.cadi.aaf.v2_0.AAFConHttp;
\r
35 import com.att.cadi.aaf.v2_0.AAFLurPerm;
\r
36 import com.att.cadi.locator.DNSLocator;
\r
38 public class ExamplePerm2_0_DME2 {
\r
39 public static void main(String args[]) {
\r
40 // Link or reuse to your Logging mechanism
\r
41 PropAccess myAccess = new PropAccess();
\r
45 AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(
\r
46 myAccess,"https","localhost","8100"));
\r
48 // AAFLur has pool of DME clients as needed, and Caches Client lookups
\r
49 AAFLurPerm aafLur = acon.newLur();
\r
51 // Note: If you need both Authn and Authz construct the following:
\r
52 AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);
\r
54 // Do not set Mech ID until after you construct AAFAuthn,
\r
55 // because we initiate "401" info to determine the Realm of
\r
56 // of the service we're after.
\r
57 acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");
\r
61 // Normally, you obtain Principal from Authentication System.
\r
62 // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
\r
63 // If you use CADI as Authenticator, it will get you these Principals from
\r
64 // CSP or BasicAuth mechanisms.
\r
65 String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";
\r
67 // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
\r
68 String ok = aafAuthn.validate(id, "XXXXXX");
\r
69 if(ok!=null)System.out.println(ok);
\r
71 ok = aafAuthn.validate(id, "wrongPass");
\r
72 if(ok!=null)System.out.println(ok);
\r
75 // AAF Style permissions are in the form
\r
76 // Type, Instance, Action
\r
77 AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");
\r
79 // Now you can ask the LUR (Local Representative of the User Repository about Authorization
\r
80 // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object
\r
81 // instead of creating your own LUR
\r
82 System.out.println("Does " + id + " have " + perm);
\r
83 if(aafLur.fish(id, perm)) {
\r
84 System.out.println("Yes, you have permission");
\r
86 System.out.println("No, you don't have permission");
\r
89 System.out.println("Does Bogus have " + perm);
\r
90 if(aafLur.fish("Bogus", perm)) {
\r
91 System.out.println("Yes, you have permission");
\r
93 System.out.println("No, you don't have permission");
\r
96 // Or you can all for all the Permissions available
\r
97 List<Permission> perms = new ArrayList<Permission>();
\r
99 aafLur.fishAll(id,perms);
\r
100 for(Permission prm : perms) {
\r
101 System.out.println(prm.getKey());
\r
104 // It might be helpful in some cases to clear the User's identity from the Cache
\r
109 } catch (Exception e) {
\r
110 e.printStackTrace();
\r