authz-service/src/main/java/com/att/authz/cadi/DirectAAFLur.java

   1 /*******************************************************************************\r
   2  * ============LICENSE_START====================================================\r
   3  * * org.onap.aaf\r
   4  * * ===========================================================================\r
   5  * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.\r
   6  * * ===========================================================================\r
   7  * * Licensed under the Apache License, Version 2.0 (the "License");\r
   8  * * you may not use this file except in compliance with the License.\r
   9  * * You may obtain a copy of the License at\r
  10  * * \r
  11  *  *      http://www.apache.org/licenses/LICENSE-2.0\r
  12  * * \r
  13  *  * Unless required by applicable law or agreed to in writing, software\r
  14  * * distributed under the License is distributed on an "AS IS" BASIS,\r
  15  * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\r
  16  * * See the License for the specific language governing permissions and\r
  17  * * limitations under the License.\r
  18  * * ============LICENSE_END====================================================\r
  19  * *\r
  20  * * ECOMP is a trademark and service mark of AT&T Intellectual Property.\r
  21  * *\r
  22  ******************************************************************************/\r
  23 package com.att.authz.cadi;\r
  24 \r
  25 import static com.att.authz.layer.Result.OK;\r
  26 \r
  27 import java.security.Principal;\r
  28 import java.util.List;\r
  29 \r
  30 import com.att.authz.env.AuthzEnv;\r
  31 import com.att.authz.env.AuthzTrans;\r
  32 import com.att.authz.layer.Result;\r
  33 import com.att.cadi.Lur;\r
  34 import com.att.cadi.Permission;\r
  35 import com.att.dao.aaf.cass.PermDAO;\r
  36 import com.att.dao.aaf.cass.PermDAO.Data;\r
  37 import com.att.dao.aaf.hl.Question;\r
  38 \r
  39 public class DirectAAFLur implements Lur {\r
  40         private final AuthzEnv env;\r
  41         private final Question question;\r
  42         \r
  43         public DirectAAFLur(AuthzEnv env, Question question) {\r
  44                 this.env = env;\r
  45                 this.question = question;\r
  46         }\r
  47 \r
  48         @Override\r
  49         public boolean fish(Principal bait, Permission pond) {\r
  50                 return fish(env.newTransNoAvg(),bait,pond);\r
  51         }\r
  52         \r
  53         public boolean fish(AuthzTrans trans, Principal bait, Permission pond) {\r
  54                 Result<List<Data>> pdr = question.getPermsByUser(trans, bait.getName(),false);\r
  55                 switch(pdr.status) {\r
  56                         case OK:\r
  57                                 for(PermDAO.Data d : pdr.value) {\r
  58                                         if(new PermPermission(d).match(pond)) return true;\r
  59                                 }\r
  60                                 break;\r
  61                         default:\r
  62                                 trans.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-",pdr.details);\r
  63                 }\r
  64                 return false;\r
  65         }\r
  66 \r
  67         @Override\r
  68         public void fishAll(Principal bait, List<Permission> permissions) {\r
  69                 Result<List<Data>> pdr = question.getPermsByUser(env.newTrans(), bait.getName(),false);\r
  70                 switch(pdr.status) {\r
  71                         case OK:\r
  72                                 for(PermDAO.Data d : pdr.value) {\r
  73                                         permissions.add(new PermPermission(d));\r
  74                                 }\r
  75                                 break;\r
  76                         default:\r
  77                                 env.error().log("Can't access Cassandra to fulfill Permission Query: ",pdr.status,"-", pdr.details);\r
  78                 }\r
  79         }\r
  80         \r
  81         @Override\r
  82         public void destroy() {\r
  83         }\r
  84 \r
  85         @Override\r
  86         public boolean handlesExclusively(Permission pond) {\r
  87                 return false;\r
  88         }\r
  89         \r
  90         /**\r
  91          * Small Class implementing CADI's Permission with Cassandra Data\r
  92          *\r
  93          */\r
  94         public static class PermPermission implements Permission {\r
  95                 private PermDAO.Data data;\r
  96                 \r
  97                 public PermPermission(PermDAO.Data d) {\r
  98                         data = d;\r
  99                 }\r
 100                 \r
 101                 public PermPermission(AuthzTrans trans, Question q, String p) {\r
 102                         data = PermDAO.Data.create(trans, q, p);\r
 103                 }\r
 104                 \r
 105                 public PermPermission(String ns, String type, String instance, String action) {\r
 106                         data = new PermDAO.Data();\r
 107                         data.ns = ns;\r
 108                         data.type = type;\r
 109                         data.instance = instance;\r
 110                         data.action = action;\r
 111                 }\r
 112 \r
 113                 @Override\r
 114                 public String getKey() {\r
 115                         return data.type;\r
 116                 }\r
 117 \r
 118                 @Override\r
 119                 public boolean match(Permission p) {\r
 120                         if(p==null)return false;\r
 121                         PermDAO.Data pd;\r
 122                         if(p instanceof DirectAAFLur.PermPermission) {\r
 123                                 pd = ((DirectAAFLur.PermPermission)p).data;\r
 124                                 if(data.ns.equals(pd.ns))\r
 125                                         if(data.type.equals(pd.type))\r
 126                                                 if(data.instance!=null && (data.instance.equals(pd.instance) || "*".equals(data.instance)))\r
 127                                                         if(data.action!=null && (data.action.equals(pd.action) || "*".equals(data.action)))\r
 128                                                                 return true;\r
 129                         } else{\r
 130                                 String[] lp = p.getKey().split("\\|");\r
 131                                 if(lp.length<3)return false;\r
 132                                 if(data.fullType().equals(lp[0]))\r
 133                                         if(data.instance!=null && (data.instance.equals(lp[1]) || "*".equals(data.instance)))\r
 134                                                 if(data.action!=null && (data.action.equals(lp[2]) || "*".equals(data.action)))\r
 135                                                         return true;\r
 136                         }\r
 137                         return false;\r
 138                 }\r
 139 \r
 140                 @Override\r
 141                 public String permType() {\r
 142                         return "AAFLUR";\r
 143                 }\r
 144                 \r
 145         }\r
 146         \r
 147         public String toString() {\r
 148                 return "DirectAAFLur is enabled";\r
 149                 \r
 150         }\r
 151 \r
 152         @Override\r
 153         public boolean supports(String userName) {\r
 154                 //TODO\r
 155                 return true;\r
 156         }\r
 157 \r
 158         @Override\r
 159         public Permission createPerm(String p) {\r
 160                 // TODO Auto-generated method stub\r
 161                 return null;\r
 162         }\r
 163 \r
 164         @Override\r
 165         public void clear(Principal p, StringBuilder report) {\r
 166                 // TODO Auto-generated method stub\r
 167                 \r
 168         }\r
 169 }\r