2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.auth.direct;
24 import static org.onap.aaf.auth.layer.Result.OK;
26 import java.security.Principal;
27 import java.util.List;
29 import org.onap.aaf.auth.dao.cass.NsSplit;
30 import org.onap.aaf.auth.dao.cass.PermDAO;
31 import org.onap.aaf.auth.dao.cass.PermDAO.Data;
32 import org.onap.aaf.auth.dao.cass.Status;
33 import org.onap.aaf.auth.dao.hl.Question;
34 import org.onap.aaf.auth.env.AuthzEnv;
35 import org.onap.aaf.auth.env.AuthzTrans;
36 import org.onap.aaf.auth.env.NullTrans;
37 import org.onap.aaf.auth.layer.Result;
38 import org.onap.aaf.cadi.Access.Level;
39 import org.onap.aaf.cadi.Lur;
40 import org.onap.aaf.cadi.Permission;
41 import org.onap.aaf.cadi.lur.LocalPermission;
42 import org.onap.aaf.misc.env.util.Split;
44 public class DirectAAFLur implements Lur {
45 private final AuthzEnv env;
46 private final Question question;
48 public DirectAAFLur(AuthzEnv env, Question question/*, TokenMgr tm*/) {
50 this.question = question;
51 // oauth = new OAuth2Lur(null);
55 public boolean fish(Principal bait, Permission ... pond) {
56 return fish(env.newTransNoAvg(),bait,pond);
59 public boolean fish(AuthzTrans trans, Principal bait, Permission ... pond) {
61 Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);
64 for (PermDAO.Data d : pdr.value) {
66 for (Permission p : pond) {
67 if (new PermPermission(d).match(p)) {
75 case Status.ERR_UserRoleNotFound:
76 case Status.ERR_BadData:
79 trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);
85 public void fishAll(Principal bait, List<Permission> permissions) {
86 Result<List<Data>> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false);
89 for (PermDAO.Data d : pdr.value) {
90 permissions.add(new PermPermission(d));
94 env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details);
99 public void destroy() {
103 public boolean handlesExclusively(Permission ... pond) {
108 * Small Class implementing CADI's Permission with Cassandra Data
112 public static class PermPermission implements Permission {
113 private PermDAO.Data data;
115 public PermPermission(PermDAO.Data d) {
119 public PermPermission(AuthzTrans trans, Question q, String p) {
120 data = PermDAO.Data.create(trans, q, p);
123 public PermPermission(String ns, String type, String instance, String action) {
124 data = new PermDAO.Data();
127 data.instance = instance;
128 data.action = action;
132 public String getKey() {
137 public boolean match(Permission p) {
142 if (p instanceof DirectAAFLur.PermPermission) {
143 pd = ((DirectAAFLur.PermPermission)p).data;
144 if (data.ns.equals(pd.ns))
145 if (data.type.equals(pd.type))
146 if (data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance)))
147 if (data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action)))
150 String[] lp = p.getKey().split("\\|");
151 if (lp.length<3)return false;
152 if (data.fullType().equals(lp[0]))
153 if (data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance)))
154 if (data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action)))
161 public String permType() {
167 public String toString() {
168 return "DirectAAFLur is enabled";
173 * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
176 public boolean handles(Principal principal) {
181 public Permission createPerm(String p) {
182 String[] params = Split.split('|', p);
183 if (params.length==3) {
184 Result<NsSplit> nss = question.deriveNsSplit(NullTrans.singleton(), params[0]);
186 return new PermPermission(nss.value.ns,nss.value.name,params[1],params[2]);
189 return new LocalPermission(p);
193 public void clear(Principal p, StringBuilder sb) {
194 AuthzTrans trans = env.newTrans();
195 question.clearCache(trans,"all");
196 env.log(Level.AUDIT, p.getName(), "has cleared Cache for",getClass().getSimpleName());
197 trans.auditTrail(0, sb);