1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package org.onap.aaf.example;
\r
25 import java.security.Principal;
\r
26 import java.util.ArrayList;
\r
27 import java.util.List;
\r
29 import org.onap.aaf.cadi.Permission;
\r
30 import org.onap.aaf.cadi.PropAccess;
\r
31 import org.onap.aaf.cadi.aaf.AAFPermission;
\r
32 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
\r
33 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
\r
34 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
\r
35 import org.onap.aaf.cadi.locator.DNSLocator;
\r
37 public class JU_ExamplePerm2_0_DME2 {
\r
38 public static void main(String args[]) {
\r
39 // Link or reuse to your Logging mechanism
\r
40 PropAccess myAccess = new PropAccess();
\r
44 AAFConHttp acon = new AAFConHttp(myAccess, new DNSLocator(
\r
45 myAccess,"https","localhost","8100"));
\r
47 // AAFLur has pool of DME clients as needed, and Caches Client lookups
\r
48 AAFLurPerm aafLur = acon.newLur();
\r
50 // Note: If you need both Authn and Authz construct the following:
\r
51 AAFAuthn<?> aafAuthn = acon.newAuthn(aafLur);
\r
53 // Do not set Mech ID until after you construct AAFAuthn,
\r
54 // because we initiate "401" info to determine the Realm of
\r
55 // of the service we're after.
\r
56 acon.basicAuth("mc0897@aaf.att.com", "XXXXXX");
\r
60 // Normally, you obtain Principal from Authentication System.
\r
61 // For J2EE, you can ask the HttpServletRequest for getUserPrincipal()
\r
62 // If you use CADI as Authenticator, it will get you these Principals from
\r
63 // CSP or BasicAuth mechanisms.
\r
64 String id = "mc0897@aaf.att.com"; //"cluster_admin@gridcore.att.com";
\r
66 // If Validate succeeds, you will get a Null, otherwise, you will a String for the reason.
\r
67 String ok = aafAuthn.validate(id, "XXXXXX");
\r
68 if(ok!=null)System.out.println(ok);
\r
70 ok = aafAuthn.validate(id, "wrongPass");
\r
71 if(ok!=null)System.out.println(ok);
\r
74 // AAF Style permissions are in the form
\r
75 // Type, Instance, Action
\r
76 AAFPermission perm = new AAFPermission("com.att.grid.core.coh",":dev_cluster", "WRITE");
\r
78 // Now you can ask the LUR (Local Representative of the User Repository about Authorization
\r
79 // With CADI, in J2EE, you can call isUserInRole("com.att.mygroup|mytype|write") on the Request Object
\r
80 // instead of creating your own LUR
\r
81 System.out.println("Does " + id + " have " + perm);
\r
82 if(aafLur.fish(id, perm)) {
\r
83 System.out.println("Yes, you have permission");
\r
85 System.out.println("No, you don't have permission");
\r
88 System.out.println("Does Bogus have " + perm);
\r
89 if(aafLur.fish("Bogus", perm)) {
\r
90 System.out.println("Yes, you have permission");
\r
92 System.out.println("No, you don't have permission");
\r
95 // Or you can all for all the Permissions available
\r
96 List<Permission> perms = new ArrayList<Permission>();
\r
98 aafLur.fishAll(id,perms);
\r
99 for(Permission prm : perms) {
\r
100 System.out.println(prm.getKey());
\r
103 // It might be helpful in some cases to clear the User's identity from the Cache
\r
108 } catch (Exception e) {
\r
109 e.printStackTrace();
\r