2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.aaf.v2_0;
24 import java.security.Principal;
25 import java.util.ArrayList;
26 import java.util.Date;
27 import java.util.List;
29 import org.onap.aaf.cadi.AbsUserCache;
30 import org.onap.aaf.cadi.Access.Level;
31 import org.onap.aaf.cadi.CachingLur;
32 import org.onap.aaf.cadi.Lur;
33 import org.onap.aaf.cadi.Permission;
34 import org.onap.aaf.cadi.User;
35 import org.onap.aaf.cadi.aaf.AAFPermission;
36 import org.onap.aaf.cadi.config.Config;
37 import org.onap.aaf.misc.env.APIException;
38 import org.onap.aaf.misc.env.util.Split;
40 public abstract class AbsAAFLur<PERM extends Permission> extends AbsUserCache<PERM> implements CachingLur<PERM> {
41 protected static final byte[] BLANK_PASSWORD = new byte[0];
42 private String[] debug = null;
44 public Lur preemptiveLur=null; // Initial Use is for OAuth2, preemptive Lur
45 private String[] supports;
46 protected boolean details;
48 public AbsAAFLur(AAFCon<?> con) throws APIException {
49 super(con.access, con.cleanInterval, con.highCount, con.usageRefreshTriggerCount);
52 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
55 public AbsAAFLur(AAFCon<?> con, AbsUserCache<PERM> auc) throws APIException {
59 supports = con.access.getProperty(Config.AAF_DOMAIN_SUPPORT, Config.AAF_DOMAIN_SUPPORT_DEF).split("\\s*:\\s*");
63 public void setDebug(String ids) {
64 this.debug = ids==null?null:Split.split(',', ids);
67 public void details(boolean on) {
72 public void setPreemptiveLur(Lur preemptive) {
73 this.preemptiveLur = preemptive;
76 protected abstract User<PERM> loadUser(Principal bait);
79 public final boolean handles(Principal principal) {
80 if (preemptiveLur!=null) {
81 if (preemptiveLur.handles(principal)) {
85 String userName=principal.getName();
87 for (String s : supports) {
88 if (userName.endsWith(s))
96 protected abstract boolean isCorrectPermType(Permission pond);
98 // This is where you build AAF CLient Code. Answer the question "Is principal "bait" in the "pond"
99 public boolean fish(Principal bait, Permission ... pond) {
100 if (preemptiveLur!=null && preemptiveLur.handles(bait)) {
101 return preemptiveLur.fish(bait, pond);
108 StringBuilder sb = new StringBuilder("Log for ");
111 User<PERM> user = getUser(bait);
113 sb.append("\n\tUser is not in Cache");
115 if (user.noPerms()) {
116 sb.append("\n\tUser has no Perms");
118 if (user.permExpired()) {
119 sb.append("\n\tUser's perm expired [");
120 sb.append(new Date(user.permExpires()));
123 sb.append("\n\tUser's perm expires [");
124 sb.append(new Date(user.permExpires()));
128 if (user==null || user.permsUnloaded() || user.permExpired()) {
129 user = loadUser(bait);
130 sb.append("\n\tloadUser called");
132 for (Permission p : pond) {
134 sb.append("\n\tUser was not Loaded");
136 } else if (user.contains(p)) {
137 sb.append("\n\tUser contains ");
138 sb.append(p.getKey());
141 sb.append("\n\tUser does not contain ");
142 sb.append(p.getKey());
143 List<Permission> perms = new ArrayList<>();
144 user.copyPermsTo(perms);
145 for (Permission perm : perms) {
147 sb.append(perm.getKey());
152 sb.append("AAF Lur does not support [");
156 aaf.access.log(Level.INFO, sb);
161 User<PERM> user = getUser(bait);
162 if (user==null || user.permsUnloaded() || user.permExpired()) {
163 user = loadUser(bait);
168 for (Permission p : pond) {
169 if (rv=user.contains(p)) {
180 public void fishAll(Principal bait, List<Permission> perms) {
181 if (preemptiveLur!=null && preemptiveLur.handles(bait)) {
182 preemptiveLur.fishAll(bait, perms);
185 StringBuilder sb = new StringBuilder("Log for ");
188 User<PERM> user = getUser(bait);
190 sb.append("\n\tUser is not in Cache");
192 if (user.noPerms()) {
193 sb.append("\n\tUser has no Perms");
195 if (user.permExpired()) {
196 sb.append("\n\tUser's perm expired [");
197 sb.append(new Date(user.permExpires()));
200 sb.append("\n\tUser's perm expires [");
201 sb.append(new Date(user.permExpires()));
205 if (user==null || user.permsUnloaded() || user.permExpired()) {
206 user = loadUser(bait);
207 sb.append("\n\tloadUser called");
210 sb.append("\n\tUser was not Loaded");
212 sb.append("\n\tCopying Perms ");
213 user.copyPermsTo(perms);
214 for (Permission p : perms) {
216 sb.append(p.getKey());
220 sb.append("AAF Lur does not support [");
224 aaf.access.log(Level.INFO, sb);
227 User<PERM> user = getUser(bait);
228 if (user==null || user.permsUnloaded() || user.permExpired()) {
229 user = loadUser(bait);
232 user.copyPermsTo(perms);
240 public void remove(String user) {
244 private boolean isDebug(Principal p) {
246 if (debug.length==1 && "all".equals(debug[0])) {
249 String name = p.getName();
250 for (String s : debug) {
251 if (s.equals(name)) {
259 * This special case minimizes loops, avoids multiple Set hits, and calls all the appropriate Actions found.
267 public<A> void fishOneOf(Principal princ, A obj, String type, String instance, List<Action<A>> actions) {
268 User<PERM> user = getUser(princ);
269 if (user==null || user.permsUnloaded() || user.permExpired()) {
270 user = loadUser(princ);
273 ReuseAAFPermission perm = new ReuseAAFPermission(type,instance);
274 for (Action<A> action : actions) {
275 perm.setAction(action.getName());
276 if (user.contains(perm)) {
277 if (action.exec(obj))return;
283 public static interface Action<A> {
284 public String getName();
286 * Return false to continue, True to end now
289 public boolean exec(A a);
292 private class ReuseAAFPermission extends AAFPermission {
293 public ReuseAAFPermission(String type, String instance) {
294 super(type,instance,null,null);
297 public void setAction(String s) {
302 * This function understands that AAF Keys are hierarchical, :A:B:C,
303 * Cassandra follows a similar method, so we'll short circuit and do it more efficiently when there isn't a first hit