1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * Copyright © 2017 Amdocs
\r
7 * * ===========================================================================
\r
8 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
9 * * you may not use this file except in compliance with the License.
\r
10 * * You may obtain a copy of the License at
\r
12 * * http://www.apache.org/licenses/LICENSE-2.0
\r
14 * * Unless required by applicable law or agreed to in writing, software
\r
15 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
16 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
17 * * See the License for the specific language governing permissions and
\r
18 * * limitations under the License.
\r
19 * * ============LICENSE_END====================================================
\r
21 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
23 ******************************************************************************/
\r
24 package com.att.cadi.aaf.cass;
\r
26 import java.io.File;
\r
27 import java.io.FileInputStream;
\r
28 import java.io.InputStream;
\r
29 import java.net.URL;
\r
30 import java.util.HashSet;
\r
31 import java.util.Properties;
\r
32 import java.util.Set;
\r
34 import org.apache.cassandra.auth.DataResource;
\r
35 import org.apache.cassandra.auth.IAuthenticator;
\r
36 import org.apache.cassandra.config.DatabaseDescriptor;
\r
37 import org.apache.cassandra.exceptions.ConfigurationException;
\r
39 import com.att.cadi.Access;
\r
40 import com.att.cadi.Access.Level;
\r
41 import com.att.cadi.Lur;
\r
42 import com.att.cadi.SLF4JAccess;
\r
43 import com.att.cadi.aaf.v2_0.AAFAuthn;
\r
44 import com.att.cadi.aaf.v2_0.AAFCon;
\r
45 import com.att.cadi.aaf.v2_0.AbsAAFLur;
\r
46 import com.att.cadi.config.Config;
\r
47 import com.att.cadi.lur.EpiLur;
\r
48 import com.att.cadi.lur.LocalLur;
\r
49 import com.att.cadi.aaf.AAFPermission;
\r
51 public abstract class AAFBase {
\r
52 protected static final Set<IAuthenticator.Option> options;
\r
53 protected static final Set<DataResource> dataResource;
\r
56 options = new HashSet<IAuthenticator.Option>();
\r
57 options.add(IAuthenticator.Option.PASSWORD);
\r
59 dataResource = new HashSet<DataResource>();
\r
60 dataResource.add(DataResource.columnFamily("system_auth", "credentials"));
\r
63 protected static Access access;
\r
64 protected static LocalLur localLur;
\r
65 protected static AAFCon<?> aafcon;
\r
66 protected static AAFAuthn<?> aafAuthn;
\r
67 protected static AbsAAFLur<AAFPermission> aafLur;
\r
68 protected static String default_realm;
\r
69 protected static String cluster_name;
\r
70 protected static String perm_type;
\r
71 private static boolean props_ok = false;
\r
74 * If you use your own Access Class, this must be called before
\r
75 * "setup()" is invoked by Cassandra.
\r
77 * Otherwise, it will default to reading Properties CADI style.
\r
81 public static void setAccess(Access access) {
\r
82 AAFBase.access = access;
\r
86 public void validateConfiguration() throws ConfigurationException {
\r
89 throw new ConfigurationException("AAF not initialized");
\r
93 @SuppressWarnings("unchecked")
\r
94 public synchronized void setup() {
\r
95 if(aafAuthn == null) {
\r
98 String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties");
\r
99 Properties initial = new Properties();
\r
100 URL cadi_props = ClassLoader.getSystemResource(value);
\r
101 if(cadi_props == null) {
\r
102 File cp = new File(value);
\r
104 InputStream is = new FileInputStream(cp);
\r
111 System.out.printf("%s does not exist as File or in Classpath\n",value);
\r
112 initial.setProperty(Config.CADI_PROP_FILES, value);
\r
115 InputStream is = cadi_props.openStream();
\r
122 access = new SLF4JAccess(initial);
\r
125 if((perm_type = Config.logProp(access, "cass_group_name",null))==null) {
\r
128 perm_type = perm_type + ".cass";
\r
131 if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) {
\r
132 if((cluster_name = DatabaseDescriptor.getClusterName())==null) {
\r
137 if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) {
\r
141 if(props_ok==false) {
\r
145 // AAFLur has pool of DME clients as needed, and Caches Client lookups
\r
146 Lur lur = Config.configLur(access);
\r
147 // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon
\r
148 if(lur instanceof EpiLur) {
\r
149 EpiLur elur = (EpiLur)lur;
\r
150 for(int i=0; (lur = elur.get(i))!=null;++i) {
\r
151 if(lur instanceof AbsAAFLur) {
\r
152 aafLur=(AbsAAFLur<AAFPermission>)lur;
\r
153 aafcon = aafLur.aaf;
\r
154 aafAuthn = aafLur.aaf.newAuthn(aafLur);
\r
156 } else if(lur instanceof LocalLur) {
\r
157 localLur = (LocalLur)lur;
\r
160 } else if(lur instanceof AbsAAFLur) {
\r
161 aafLur=(AbsAAFLur<AAFPermission>)lur;
\r
162 aafcon = aafLur.aaf;
\r
163 aafAuthn = aafLur.aaf.newAuthn(aafLur);
\r
165 if(aafAuthn==null) {
\r
166 access.log(Level.INIT,"Failed to instantiate full AAF access");
\r
169 } catch (Exception e) {
\r
171 if(access!=null)access.log(e, "Failed to initialize AAF");
\r
177 public Set<DataResource> protectedResources() {
\r
178 access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty");
\r
179 return dataResource;
\r
182 public Set<IAuthenticator.Option> supportedOptions() {
\r
183 access.log(Level.DEBUG, "supportedOptions() called");
\r
187 public Set<IAuthenticator.Option> alterableOptions() {
\r
188 access.log(Level.DEBUG, "alterableOptions() called");
\r