aaf/src/test/java/org/onap/aaf/example/ExamplePerm2_0_DME2.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aaf\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * ===========================================================================\r
   7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   8  * * you may not use this file except in compliance with the License.\r
   9  * * You may obtain a copy of the License at\r
  10  * * \r
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  12  * * \r
  13  *  * Unless required by applicable law or agreed to in writing, software\r
  14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  16  * * See the License for the specific language governing permissions and\r
  17  * * limitations under the License.\r
  18  * * ============LICENSE_END====================================================\r
  19  * *\r
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  21  * *\r
  22  ******************************************************************************/\r
  23 package org.onap.aaf.example;\r
  24 \r
  25 import java.security.Principal;\r
  26 import java.util.ArrayList;\r
  27 import java.util.List;\r
  28 \r
  29 import org.onap.aaf.cadi.Permission;\r
  30 import org.onap.aaf.cadi.PropAccess;\r
  31 import org.onap.aaf.cadi.aaf.AAFPermission;\r
  32 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;\r
  33 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;\r
  34 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;\r
  35 import org.onap.aaf.cadi.locator.DNSLocator;\r
  36 \r
  37 public class ExamplePerm2_0_DME2 {\r
  38         public static void main(String args[]) {\r
  39                 // Link or reuse to your Logging mechanism\r
  40                 PropAccess myAccess = new PropAccess();  \r
  41                 \r
  42                 // \r
  43                 try {\r
  44                         AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(\r
  45                                         myAccess,"https","localhost","8100"));\r
  46                         \r
  47                         // AAFLur has pool of DME clients as needed, and Caches Client lookups\r
  48                         AAFLurPerm aafLur = acon.newLur();\r
  49                         \r
  50                         // Note: If you need both Authn and Authz construct the following:\r
  51                         AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);\r
  52 \r
  53                         // Do not set Mech ID until after you construct AAFAuthn,\r
  54                         // because we initiate  "401" info to determine the Realm of \r
  55                         // of the service we're after.\r
  56                         acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");\r
  57 \r
  58                         try {\r
  59                                 \r
  60                                 // Normally, you obtain Principal from Authentication System.\r
  61                                 // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()\r
  62                                 // If you use CADI as Authenticator, it will get you these Principals from\r
  63                                 // CSP or BasicAuth mechanisms.\r
  64                                 String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";\r
  65 \r
  66                                 // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.\r
  67                                 String ok = aafAuthn.validate(id, "XXXXXX");\r
  68                                 if(ok!=null)System.out.println(ok);\r
  69                                 \r
  70                                 ok = aafAuthn.validate(id, "wrongPass");\r
  71                                 if(ok!=null)System.out.println(ok);\r
  72 \r
  73 \r
  74                                 // AAF Style permissions are in the form\r
  75                                 // Type, Instance, Action \r
  76                                 AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");\r
  77                                 \r
  78                                 // Now you can ask the LUR (Local Representative of the User Repository about Authorization\r
  79                                 // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object \r
  80                                 // instead of creating your own LUR\r
  81                                 System.out.println("Does " + id + " have " + perm);\r
  82                                 if(aafLur.fish(id, perm)) {\r
  83                                         System.out.println("Yes, you have permission");\r
  84                                 } else {\r
  85                                         System.out.println("No, you don't have permission");\r
  86                                 }\r
  87 \r
  88                                 System.out.println("Does Bogus have " + perm);\r
  89                                 if(aafLur.fish("Bogus", perm)) {\r
  90                                         System.out.println("Yes, you have permission");\r
  91                                 } else {\r
  92                                         System.out.println("No, you don't have permission");\r
  93                                 }\r
  94 \r
  95                                 // Or you can all for all the Permissions available\r
  96                                 List<Permission> perms = new ArrayList<Permission>();\r
  97                                 \r
  98                                 aafLur.fishAll(id,perms);\r
  99                                 for(Permission prm : perms) {\r
 100                                         System.out.println(prm.getKey());\r
 101                                 }\r
 102                                 \r
 103                                 // It might be helpful in some cases to clear the User's identity from the Cache\r
 104                                 aafLur.remove(id);\r
 105                         } finally {\r
 106                                 aafLur.destroy();\r
 107                         }\r
 108                 } catch (Exception e) {\r
 109                         e.printStackTrace();\r
 110                 }\r
 111 \r
 112         }\r
 113 }\r