1 /*******************************************************************************
2 * Copyright (c) 2016 AT&T Intellectual Property. All rights reserved.
3 *******************************************************************************/
4 package com.att.authz.gui;
6 import static com.att.cssa.rserv.HttpMethods.GET;
7 import static com.att.cssa.rserv.HttpMethods.POST;
8 import static com.att.cssa.rserv.HttpMethods.PUT;
10 import java.io.IOException;
11 import java.security.GeneralSecurityException;
12 import java.util.ArrayList;
13 import java.util.EnumSet;
14 import java.util.List;
15 import java.util.Properties;
17 import com.att.aft.dme2.api.DME2Exception;
18 import com.att.aft.dme2.api.DME2Manager;
19 import com.att.aft.dme2.api.DME2Server;
20 import com.att.aft.dme2.api.DME2ServerProperties;
21 import com.att.aft.dme2.api.DME2ServiceHolder;
22 import com.att.aft.dme2.api.util.DME2FilterHolder;
23 import com.att.aft.dme2.api.util.DME2FilterHolder.RequestDispatcherType;
24 import com.att.aft.dme2.api.util.DME2ServletHolder;
25 import com.att.authz.common.Define;
26 import com.att.authz.cui.CUI;
27 import com.att.authz.env.AuthzEnv;
28 import com.att.authz.env.AuthzTrans;
29 import com.att.authz.env.AuthzTransFilter;
30 import com.att.authz.env.AuthzTransOnlyFilter;
31 import com.att.authz.gui.pages.ApiDocs;
32 import com.att.authz.gui.pages.ApiExample;
33 import com.att.authz.gui.pages.ApprovalAction;
34 import com.att.authz.gui.pages.ApprovalForm;
35 import com.att.authz.gui.pages.Home;
36 import com.att.authz.gui.pages.LoginLanding;
37 import com.att.authz.gui.pages.LoginLandingAction;
38 import com.att.authz.gui.pages.NsDetail;
39 import com.att.authz.gui.pages.NsHistory;
40 import com.att.authz.gui.pages.NsInfoAction;
41 import com.att.authz.gui.pages.NsInfoForm;
42 import com.att.authz.gui.pages.NssShow;
43 import com.att.authz.gui.pages.PassChangeAction;
44 import com.att.authz.gui.pages.PassChangeForm;
45 import com.att.authz.gui.pages.PendingRequestsShow;
46 import com.att.authz.gui.pages.PermDetail;
47 import com.att.authz.gui.pages.PermGrantAction;
48 import com.att.authz.gui.pages.PermGrantForm;
49 import com.att.authz.gui.pages.PermHistory;
50 import com.att.authz.gui.pages.PermsShow;
51 import com.att.authz.gui.pages.RequestDetail;
52 import com.att.authz.gui.pages.RoleDetail;
53 import com.att.authz.gui.pages.RoleHistory;
54 import com.att.authz.gui.pages.RolesShow;
55 import com.att.authz.gui.pages.UserRoleExtend;
56 import com.att.authz.gui.pages.UserRoleRemove;
57 import com.att.authz.gui.pages.WebCommand;
58 import com.att.authz.org.OrganizationFactory;
59 import com.att.authz.server.AbsServer;
60 import com.att.cadi.CadiException;
61 import com.att.cadi.aaf.v2_0.AAFTrustChecker;
62 import com.att.cadi.client.Future;
63 import com.att.cadi.config.Config;
64 import com.att.cssa.rserv.CachingFileAccess;
65 import com.att.inno.env.APIException;
66 import com.att.inno.env.Env;
67 import com.att.inno.env.Slot;
68 import com.att.rosetta.env.RosettaDF;
69 import com.att.xgen.html.HTMLGen;
70 import com.att.xgen.html.State;
73 import aaf.v2_0.Approvals;
74 import aaf.v2_0.CredRequest;
75 import aaf.v2_0.Error;
76 import aaf.v2_0.History;
78 import aaf.v2_0.Perms;
79 import aaf.v2_0.RolePermRequest;
80 import aaf.v2_0.Roles;
81 import aaf.v2_0.UserRoles;
82 import aaf.v2_0.Users;
84 public class AuthGUI extends AbsServer implements State<Env>{
85 public static final int TIMEOUT = 60000;
86 public static final String app = "AAF GUI";
88 public RosettaDF<Perms> permsDF;
89 public RosettaDF<Roles> rolesDF;
90 public RosettaDF<Users> usersDF;
91 public RosettaDF<UserRoles> userrolesDF;
92 public RosettaDF<CredRequest> credReqDF;
93 public RosettaDF<RolePermRequest> rolePermReqDF;
94 public RosettaDF<Approvals> approvalsDF;
95 public RosettaDF<Nss> nssDF;
96 public RosettaDF<Api> apiDF;
97 public RosettaDF<Error> errDF;
98 public RosettaDF<History> historyDF;
100 public final AuthzEnv env;
101 public final Slot slot_httpServletRequest;
103 public AuthGUI(final AuthzEnv env) throws CadiException, GeneralSecurityException, IOException, APIException {
107 env.setLog4JNames("log4j.properties","authz","gui","audit","init","trace ");
108 OrganizationFactory.setDefaultOrg(env, "com.att.authz.org.att.ATT");
111 slot_httpServletRequest = env.slot("HTTP_SERVLET_REQUEST");
113 permsDF = env.newDataFactory(Perms.class);
114 rolesDF = env.newDataFactory(Roles.class);
115 // credsDF = env.newDataFactory(Cred.class);
116 usersDF = env.newDataFactory(Users.class);
117 userrolesDF = env.newDataFactory(UserRoles.class);
118 credReqDF = env.newDataFactory(CredRequest.class);
119 rolePermReqDF = env.newDataFactory(RolePermRequest.class);
120 approvalsDF = env.newDataFactory(Approvals.class);
121 nssDF = env.newDataFactory(Nss.class);
122 apiDF = env.newDataFactory(Api.class);
123 errDF = env.newDataFactory(Error.class);
124 historyDF = env.newDataFactory(History.class);
126 /////////////////////////
128 /////////////////////////
130 final Page start = new Display(this, GET, new Home(this)).page();
133 final Page myPerms = new Display(this, GET, new PermsShow(this, start)).page();
134 Page permDetail = new Display(this, GET, new PermDetail(this, start, myPerms)).page();
135 new Display(this, GET, new PermHistory(this,start,myPerms,permDetail));
138 final Page myRoles = new Display(this, GET, new RolesShow(this, start)).page();
139 Page roleDetail = new Display(this, GET, new RoleDetail(this, start, myRoles)).page();
140 new Display(this, GET, new RoleHistory(this,start,myRoles,roleDetail));
143 final Page myNamespaces = new Display(this, GET, new NssShow(this, start)).page();
144 Page nsDetail = new Display(this, GET, new NsDetail(this, start, myNamespaces)).page();
145 new Display(this, GET, new NsHistory(this, start,myNamespaces,nsDetail));
147 // Password Change Screens
148 final Page pwc = new Display(this, GET, new PassChangeForm(this, start)).page();
149 new Display(this, POST, new PassChangeAction(this, start, pwc));
151 // Validation Change Screens
152 final Page validate = new Display(this, GET, new ApprovalForm(this, start)).page();
153 new Display(this, POST, new ApprovalAction(this, start, validate));
155 // Onboard, Detailed Edit Screens
156 final Page onb = new Display(this, GET, new NsInfoForm(this, start)).page();
157 new Display(this, POST, new NsInfoAction(this, start, onb));
159 // Web Command Screens
160 /* final Page webCommand =*/ new Display(this, GET, new WebCommand(this, start)).page();
163 final Page apidocs = new Display(this, GET, new ApiDocs(this, start)).page();
164 new Display(this, GET, new ApiExample(this,start, apidocs)).page();
166 // Permission Grant Page
167 final Page permGrant = new Display(this, GET, new PermGrantForm(this, start)).page();
168 new Display(this, POST, new PermGrantAction(this, start, permGrant)).page();
170 // Login Landing if no credentials detected
171 final Page loginLanding = new Display(this, GET, new LoginLanding(this, start)).page();
172 new Display(this, POST, new LoginLandingAction(this, start, loginLanding));
174 // User Role Request Extend and Remove
175 new Display(this, GET, new UserRoleExtend(this, start,myRoles)).page();
176 new Display(this, GET, new UserRoleRemove(this, start,myRoles)).page();
178 // See my Pending Requests
179 final Page requestsShow = new Display(this, GET, new PendingRequestsShow(this, start)).page();
180 new Display(this, GET, new RequestDetail(this, start, requestsShow));
182 // Command line Mechanism
183 route(env, PUT, "/gui/cui", new CUI(this),"text/plain;charset=utf-8","*/*");
185 ///////////////////////
186 // WebContent Handler
187 ///////////////////////
188 route(env,GET,"/theme/:key", new CachingFileAccess<AuthzTrans>(env,
189 CachingFileAccess.CFA_WEB_DIR,"theme"));
190 ///////////////////////
193 public static void main(String[] args) {
194 setup(AuthGUI.class, "authGUI.props");
198 * Start up AuthzAPI as DME2 Service
201 * @throws DME2Exception
202 * @throws CadiException
204 public void startDME2(Properties props) throws DME2Exception, CadiException {
206 DME2Manager dme2 = new DME2Manager("AAF GUI DME2Manager", props);
207 DME2ServiceHolder svcHolder;
208 List<DME2ServletHolder> slist = new ArrayList<DME2ServletHolder>();
209 svcHolder = new DME2ServiceHolder();
210 String serviceName = env.getProperty("DMEServiceName",null);
211 if(serviceName!=null) {
212 svcHolder.setServiceURI(serviceName);
213 svcHolder.setManager(dme2);
214 svcHolder.setContext("/");
217 DME2ServletHolder srvHolder = new DME2ServletHolder(this, new String[]{"/gui"});
218 srvHolder.setContextPath("/*");
219 slist.add(srvHolder);
221 EnumSet<RequestDispatcherType> edlist = EnumSet.of(
222 RequestDispatcherType.REQUEST,
223 RequestDispatcherType.FORWARD,
224 RequestDispatcherType.ASYNC
227 ///////////////////////
229 ///////////////////////
230 List<DME2FilterHolder> flist = new ArrayList<DME2FilterHolder>();
232 // Secure all GUI interactions with AuthzTransFilter
233 flist.add(new DME2FilterHolder(new AuthzTransFilter(env, aafCon, new AAFTrustChecker(
234 env.getProperty(Config.CADI_TRUST_PROP, Config.CADI_USER_CHAIN),
235 Define.ROOT_NS + ".mechid|"+Define.ROOT_COMPANY+"|trust"
236 )),"/gui/*", edlist));
238 // Don't need security for display Artifacts or login page
239 AuthzTransOnlyFilter atof;
240 flist.add(new DME2FilterHolder(atof =new AuthzTransOnlyFilter(env),"/theme/*", edlist));
241 flist.add(new DME2FilterHolder(atof,"/js/*", edlist));
242 flist.add(new DME2FilterHolder(atof,"/login/*", edlist));
244 svcHolder.setFilters(flist);
245 svcHolder.setServletHolders(slist);
247 DME2Server dme2svr = dme2.getServer();
248 // dme2svr.setGracefulShutdownTimeMs(1000);
250 env.init().log("Starting AAF GUI with Jetty/DME2 server...");
252 DME2ServerProperties dsprops = dme2svr.getServerProperties();
254 // if(env.getProperty("NO_REGISTER",null)!=null)
255 dme2.bindService(svcHolder);
256 env.init().log("DME2 is available as HTTP"+(dsprops.isSslEnable()?"/S":""),"on port:",dsprops.getPort());
258 while(true) { // Per DME2 Examples...
261 } catch(InterruptedException e) {
262 env.init().log("AAF Jetty Server interrupted!");
263 } catch(Exception e) { // Error binding service doesn't seem to stop DME2 or Process
264 env.init().log(e,"DME2 Initialization Error");
269 env.init().log("Properties must contain DMEServiceName");
274 public AuthzEnv env() {
279 * Derive API Error Class from AAF Response (future)
281 public Error getError(AuthzTrans trans, Future<?> fp) {
283 String text = fp.body();
284 Error err = new Error();
285 err.setMessageId(Integer.toString(fp.code()));
286 if(text==null || text.length()==0) {
287 err.setText("**No Message**");
289 err.setText(fp.body());
292 // } catch (APIException e) {
293 // Error err = new Error();
294 // err.setMessageId(Integer.toString(fp.code()));
295 // err.setText("Could not obtain response from AAF Message: " + e.getMessage());
300 public void writeError(AuthzTrans trans, Future<?> fp, HTMLGen hgen) {
301 Error err = getError(trans,fp);
303 String messageBody = err.getText();
304 List<String> vars = err.getVariables();
305 for (int varCounter=0;varCounter<vars.size();) {
306 String var = vars.get(varCounter++);
307 if (messageBody.indexOf("%" + varCounter) >= 0) {
308 messageBody = messageBody.replace("%" + varCounter, var);
312 String msg = "[" + err.getMessageId() + "] " + messageBody;
316 trans.checkpoint("AAF Error: " + msg);