2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.olur;
24 import java.security.Principal;
25 import java.util.HashSet;
26 import java.util.List;
29 import org.onap.aaf.cadi.Access.Level;
30 import org.onap.aaf.cadi.CadiException;
31 import org.onap.aaf.cadi.LocatorException;
32 import org.onap.aaf.cadi.Lur;
33 import org.onap.aaf.cadi.Permission;
34 import org.onap.aaf.cadi.PropAccess;
35 import org.onap.aaf.cadi.aaf.AAFPermission;
36 import org.onap.aaf.cadi.client.Result;
37 import org.onap.aaf.cadi.lur.LocalPermission;
38 import org.onap.aaf.cadi.oauth.AbsOTafLur;
39 import org.onap.aaf.cadi.oauth.OAuth2Principal;
40 import org.onap.aaf.cadi.oauth.TimedToken;
41 import org.onap.aaf.cadi.oauth.TokenClient;
42 import org.onap.aaf.cadi.oauth.TokenPerm;
43 import org.onap.aaf.cadi.principal.Kind;
44 import org.onap.aaf.misc.env.APIException;
45 import org.onap.aaf.misc.env.util.Pool.Pooled;
46 import org.onap.aaf.misc.env.util.Split;
48 public class OLur extends AbsOTafLur implements Lur {
49 public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
50 super(access, token_url, introspect_url);
54 * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
57 public boolean fish(Principal bait, Permission ... pond) {
59 if(bait instanceof OAuth2Principal) {
60 OAuth2Principal oa2p = (OAuth2Principal)bait;
61 tp = oa2p.tokenPerm();
66 // if no Token Perm preset, get
68 Pooled<TokenClient> tcp = tokenClientPool.get();
70 TokenClient tc = tcp.content;
71 tc.username(bait.getName());
72 Set<String> scopeSet = new HashSet<>();
73 scopeSet.add(tc.defaultScope());
75 for (Permission p : pond) {
76 if(p instanceof AAFPermission) {
77 ap = (AAFPermission)p;
78 scopeSet.add(ap.getNS());
81 String[] scopes = new String[scopeSet.size()];
82 scopeSet.toArray(scopes);
84 Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),scopes);
86 Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
94 } catch (APIException | LocatorException | CadiException e) {
95 access.log(e, "Unable to Get a Token");
101 if(tkMgr.access.willLog(Level.DEBUG)) {
102 StringBuilder sb = new StringBuilder("AAF Permissions for user ");
103 sb.append(bait.getName());
104 sb.append(", from token ");
105 sb.append(tp.get().getAccessToken());
106 for (AAFPermission p : tp.perms()) {
108 sb.append(p.getNS());
110 sb.append(p.getType());
112 sb.append(p.getInstance());
114 sb.append(p.getAction());
117 access.log(Level.DEBUG, sb);
119 for (Permission p : pond) {
123 for (AAFPermission perm : tp.perms()) {
124 if (rv=perm.match(p)) {
134 * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
137 public void fishAll(Principal bait, List<Permission> permissions) {
138 if(bait instanceof OAuth2Principal) {
139 for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
146 * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
149 public boolean handlesExclusively(Permission ... pond) {
154 * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
157 public boolean handles(Principal principal) {
158 return principal instanceof OAuth2Principal;
162 * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
165 public Permission createPerm(final String p) {
166 String[] s = Split.split('|',p);
169 return new AAFPermission(null, s[0],s[1],s[2]);
171 return new AAFPermission(s[0],s[1],s[2],s[3]);
173 return new LocalPermission(p);