aaf/src/test/java/com/att/cadi/lur/aaf/test/MultiThreadPermHit.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aai\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * Copyright © 2017 Amdocs\r
   7  * * ===========================================================================\r
   8  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   9  * * you may not use this file except in compliance with the License.\r
  10  * * You may obtain a copy of the License at\r
  11  * * \r
  12  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  13  * * \r
  14  *  * Unless required by applicable law or agreed to in writing, software\r
  15  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  16  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  17  * * See the License for the specific language governing permissions and\r
  18  * * limitations under the License.\r
  19  * * ============LICENSE_END====================================================\r
  20  * *\r
  21  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  22  * *\r
  23  ******************************************************************************/\r
  24 package com.att.cadi.lur.aaf.test;\r
  25 \r
  26 import java.security.Principal;\r
  27 import java.util.ArrayList;\r
  28 import java.util.List;\r
  29 \r
  30 import com.att.cadi.Access;\r
  31 import com.att.cadi.Permission;\r
  32 import com.att.cadi.PropAccess;\r
  33 import com.att.cadi.aaf.AAFPermission;\r
  34 import com.att.cadi.aaf.v2_0.AAFAuthn;\r
  35 import com.att.cadi.aaf.v2_0.AAFConHttp;\r
  36 import com.att.cadi.aaf.v2_0.AAFLurPerm;\r
  37 import com.att.cadi.config.Config;\r
  38 import com.att.cadi.locator.PropertyLocator;\r
  39 \r
  40 public class MultiThreadPermHit {\r
  41         public static void main(String args[]) {\r
  42                 // Link or reuse to your Logging mechanism\r
  43                 PropAccess myAccess = new PropAccess(); // \r
  44                 \r
  45                 // \r
  46                 try {\r
  47                         AAFConHttp con = new AAFConHttp(myAccess,new PropertyLocator("https://mithrilcsp.sbc.com:8100"));\r
  48                         \r
  49                         // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
  50                         final AAFLurPerm aafLur = con.newLur();\r
  51                         aafLur.setDebug("m12345@aaf.att.com");\r
  52 \r
  53                         // Note: If you need both Authn and Authz construct the following:\r
  54                         AAFAuthn<?> aafAuthn = con.newAuthn(aafLur);\r
  55                         \r
  56                         // Do not set Mech ID until after you construct AAFAuthn,\r
  57                         // because we initiate  "401" info to determine the Realm of \r
  58                         // of the service we're after.\r
  59                         final String id = myAccess.getProperty(Config.AAF_MECHID,null);\r
  60                         final String pass = myAccess.decrypt(myAccess.getProperty(Config.AAF_MECHPASS,null),false);\r
  61                         if(id!=null && pass!=null) {\r
  62                                 try {\r
  63                                         \r
  64                                         // Normally, you obtain Principal from Authentication System.\r
  65         //                              // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
  66         //                              // If you use CADI as Authenticator, it will get you these Principals from\r
  67         //                              // CSP or BasicAuth mechanisms.\r
  68         //                              String id = "cluster_admin@gridcore.att.com";\r
  69         //\r
  70         //                              // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
  71                                         String ok;\r
  72                                         ok = aafAuthn.validate(id, pass);\r
  73                                         if(ok!=null) {\r
  74                                                 System.out.println(ok);\r
  75                                         }\r
  76 \r
  77                                         List<Permission> pond = new ArrayList<Permission>();\r
  78                                         for(int i=0;i<20;++i) {\r
  79                                                 pond.clear();\r
  80                                                 aafLur.fishAll(i+id, pond);\r
  81                                                 if(ok!=null && i%1000==0) {\r
  82                                                         System.out.println(i + " " + ok);\r
  83                                                 }\r
  84                                         }\r
  85 \r
  86                                         for(int i=0;i<1000000;++i) {\r
  87                                                 ok = aafAuthn.validate( i+ id, "wrongPass");\r
  88                                                 if(ok!=null && i%1000==0) {\r
  89                                                         System.out.println(i + " " + ok);\r
  90                                                 }\r
  91                                         }\r
  92         \r
  93                                         final AAFPermission perm = new AAFPermission("com.att.aaf.access","*","*");\r
  94                                         \r
  95                                         // Now you can ask the LUR (Local Representative of the User Repository about Authorization\r
  96                                         // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object \r
  97                                         // instead of creating your own LUR\r
  98                                         for(int i=0;i<4;++i) {\r
  99                                                 if(aafLur.fish(id, perm)) {\r
 100                                                         System.out.println("Yes, " + id + " has permission for " + perm.getKey());\r
 101                                                 } else {\r
 102                                                         System.out.println("No, " + id + " does not have permission for " + perm.getKey());\r
 103                                                 }\r
 104                                         }\r
 105         \r
 106         \r
 107                                         // Or you can all for all the Permissions available\r
 108                                         List<Permission> perms = new ArrayList<Permission>();\r
 109         \r
 110                                         \r
 111                                         aafLur.fishAll(id,perms);\r
 112                                         System.out.println("Perms for " + id);\r
 113                                         for(Permission prm : perms) {\r
 114                                                 System.out.println(prm.getKey());\r
 115                                         }\r
 116                                         \r
 117                                         System.out.println("Press any key to continue");\r
 118                                         System.in.read();\r
 119                                         \r
 120                                         for(int j=0;j<5;++j) {\r
 121                                                 new Thread(new Runnable() {\r
 122                                                         @Override\r
 123                                                         public void run() {\r
 124                                                                 for(int i=0;i<20;++i) {\r
 125                                                                         if(aafLur.fish(id, perm)) {\r
 126                                                                                 System.out.println("Yes, " + id + " has permission for " + perm.getKey());\r
 127                                                                         } else {\r
 128                                                                                 System.out.println("No, " + id + " does not have permission for " + perm.getKey());\r
 129                                                                         }\r
 130                                                                 }\r
 131                                                         }\r
 132                                                 }).start();\r
 133                                         }\r
 134         \r
 135                                         \r
 136                                 } finally {\r
 137                                         aafLur.destroy();\r
 138                                 }\r
 139                         } else { // checked on IDs\r
 140                                 System.err.println(Config.AAF_MECHID + " and/or " + Config.AAF_MECHPASS + " are not set.");\r
 141                         }\r
 142                 } catch (Exception e) {\r
 143                         e.printStackTrace();\r
 144                 }\r
 145         }\r
 146 }\r