2 * ============LICENSE_START====================================================
4 * ===========================================================================
5 * Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
6 * ===========================================================================
7 * Licensed under the Apache License, Version 2.0 (the "License");
8 * you may not use this file except in compliance with the License.
9 * You may obtain a copy of the License at
11 * http://www.apache.org/licenses/LICENSE-2.0
13 * Unless required by applicable law or agreed to in writing, software
14 * distributed under the License is distributed on an "AS IS" BASIS,
15 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16 * See the License for the specific language governing permissions and
17 * limitations under the License.
18 * ============LICENSE_END====================================================
22 package org.onap.aaf.cadi.olur;
24 import java.security.Principal;
25 import java.util.List;
27 import org.onap.aaf.cadi.CadiException;
28 import org.onap.aaf.cadi.LocatorException;
29 import org.onap.aaf.cadi.Lur;
30 import org.onap.aaf.cadi.Permission;
31 import org.onap.aaf.cadi.PropAccess;
32 import org.onap.aaf.cadi.Access.Level;
33 import org.onap.aaf.cadi.aaf.AAFPermission;
34 import org.onap.aaf.cadi.client.Result;
35 import org.onap.aaf.cadi.oauth.AbsOTafLur;
36 import org.onap.aaf.cadi.oauth.OAuth2Principal;
37 import org.onap.aaf.cadi.oauth.TimedToken;
38 import org.onap.aaf.cadi.oauth.TokenClient;
39 import org.onap.aaf.cadi.oauth.TokenPerm;
40 import org.onap.aaf.cadi.principal.Kind;
41 import org.onap.aaf.misc.env.APIException;
42 import org.onap.aaf.misc.env.util.Split;
43 import org.onap.aaf.misc.env.util.Pool.Pooled;
45 public class OLur extends AbsOTafLur implements Lur {
46 public OLur(PropAccess access, final String token_url, final String introspect_url) throws APIException, CadiException {
47 super(access, token_url, introspect_url);
51 * @see org.onap.aaf.cadi.Lur#fish(java.security.Principal, org.onap.aaf.cadi.Permission)
54 public boolean fish(Principal bait, Permission pond) {
56 if(bait instanceof OAuth2Principal) {
57 OAuth2Principal oa2p = (OAuth2Principal)bait;
58 tp = oa2p.tokenPerm();
63 // if no Token Perm preset, get
65 Pooled<TokenClient> tcp = tokenClientPool.get();
67 TokenClient tc = tcp.content;
68 tc.username(bait.getName());
69 Result<TimedToken> rtt = tc.getToken(Kind.getKind(bait),tc.defaultScope());
71 Result<TokenPerm> rtp = tkMgr.get(rtt.value.getAccessToken(), bait.getName().getBytes());
79 } catch (APIException | LocatorException | CadiException e) {
80 access.log(Level.ERROR, "Unable to Get a Token: " + e.getMessage());
84 if(tkMgr.access.willLog(Level.DEBUG)) {
85 StringBuilder sb = new StringBuilder("AAF Permissions for user ");
86 sb.append(bait.getName());
87 sb.append(", from token ");
88 sb.append(tp.get().getAccessToken());
89 for (AAFPermission p : tp.perms()) {
91 sb.append(p.getName());
93 sb.append(p.getInstance());
95 sb.append(p.getAction());
98 access.log(Level.DEBUG, sb);
100 for (AAFPermission p : tp.perms()) {
110 * @see org.onap.aaf.cadi.Lur#fishAll(java.security.Principal, java.util.List)
113 public void fishAll(Principal bait, List<Permission> permissions) {
114 if(bait instanceof OAuth2Principal) {
115 for (AAFPermission p : ((OAuth2Principal)bait).tokenPerm().perms()) {
122 * @see org.onap.aaf.cadi.Lur#handlesExclusively(org.onap.aaf.cadi.Permission)
125 public boolean handlesExclusively(Permission pond) {
130 * @see org.onap.aaf.cadi.Lur#handles(java.security.Principal)
133 public boolean handles(Principal principal) {
134 return principal instanceof OAuth2Principal;
138 * @see org.onap.aaf.cadi.Lur#createPerm(java.lang.String)
141 public Permission createPerm(final String p) {
142 String[] s = Split.split('|',p);
143 if(s!=null && s.length==3) {
144 return new AAFPermission(s[0],s[1],s[2]);