1 /*******************************************************************************
\r
2 * ============LICENSE_START====================================================
\r
4 * * ===========================================================================
\r
5 * * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
\r
6 * * ===========================================================================
\r
7 * * Licensed under the Apache License, Version 2.0 (the "License");
\r
8 * * you may not use this file except in compliance with the License.
\r
9 * * You may obtain a copy of the License at
\r
11 * * http://www.apache.org/licenses/LICENSE-2.0
\r
13 * * Unless required by applicable law or agreed to in writing, software
\r
14 * * distributed under the License is distributed on an "AS IS" BASIS,
\r
15 * * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
\r
16 * * See the License for the specific language governing permissions and
\r
17 * * limitations under the License.
\r
18 * * ============LICENSE_END====================================================
\r
20 * * ECOMP is a trademark and service mark of AT&T Intellectual Property.
\r
22 ******************************************************************************/
\r
23 package com.att.cadi.aaf.cass;
\r
25 import java.io.File;
\r
26 import java.io.FileInputStream;
\r
27 import java.io.InputStream;
\r
28 import java.net.URL;
\r
29 import java.util.HashSet;
\r
30 import java.util.Properties;
\r
31 import java.util.Set;
\r
33 import org.apache.cassandra.auth.DataResource;
\r
34 import org.apache.cassandra.auth.IAuthenticator;
\r
35 import org.apache.cassandra.config.DatabaseDescriptor;
\r
36 import org.apache.cassandra.exceptions.ConfigurationException;
\r
38 import com.att.cadi.Access;
\r
39 import com.att.cadi.Access.Level;
\r
40 import com.att.cadi.Lur;
\r
41 import com.att.cadi.SLF4JAccess;
\r
42 import com.att.cadi.aaf.v2_0.AAFAuthn;
\r
43 import com.att.cadi.aaf.v2_0.AAFCon;
\r
44 import com.att.cadi.aaf.v2_0.AbsAAFLur;
\r
45 import com.att.cadi.config.Config;
\r
46 import com.att.cadi.lur.EpiLur;
\r
47 import com.att.cadi.lur.LocalLur;
\r
48 import com.att.cadi.aaf.AAFPermission;
\r
50 public abstract class AAFBase {
\r
51 protected static final Set<IAuthenticator.Option> options;
\r
52 protected static final Set<DataResource> dataResource;
\r
55 options = new HashSet<IAuthenticator.Option>();
\r
56 options.add(IAuthenticator.Option.PASSWORD);
\r
58 dataResource = new HashSet<DataResource>();
\r
59 dataResource.add(DataResource.columnFamily("system_auth", "credentials"));
\r
62 protected static Access access;
\r
63 protected static LocalLur localLur;
\r
64 protected static AAFCon<?> aafcon;
\r
65 protected static AAFAuthn<?> aafAuthn;
\r
66 protected static AbsAAFLur<AAFPermission> aafLur;
\r
67 protected static String default_realm;
\r
68 protected static String cluster_name;
\r
69 protected static String perm_type;
\r
70 private static boolean props_ok = false;
\r
73 * If you use your own Access Class, this must be called before
\r
74 * "setup()" is invoked by Cassandra.
\r
76 * Otherwise, it will default to reading Properties CADI style.
\r
80 public static void setAccess(Access access) {
\r
81 AAFBase.access = access;
\r
85 public void validateConfiguration() throws ConfigurationException {
\r
88 throw new ConfigurationException("AAF not initialized");
\r
92 @SuppressWarnings("unchecked")
\r
93 public synchronized void setup() {
\r
94 if(aafAuthn == null) {
\r
97 String value = System.getProperty(Config.CADI_PROP_FILES, "cadi.properties");
\r
98 Properties initial = new Properties();
\r
99 URL cadi_props = ClassLoader.getSystemResource(value);
\r
100 if(cadi_props == null) {
\r
101 File cp = new File(value);
\r
103 InputStream is = new FileInputStream(cp);
\r
110 System.out.printf("%s does not exist as File or in Classpath\n",value);
\r
111 initial.setProperty(Config.CADI_PROP_FILES, value);
\r
114 InputStream is = cadi_props.openStream();
\r
121 access = new SLF4JAccess(initial);
\r
124 if((perm_type = Config.logProp(access, "cass_group_name",null))==null) {
\r
127 perm_type = perm_type + ".cass";
\r
130 if((cluster_name = Config.logProp(access,"cass_cluster_name",null))==null) {
\r
131 if((cluster_name = DatabaseDescriptor.getClusterName())==null) {
\r
136 if((default_realm = Config.logProp(access, Config.AAF_DEFAULT_REALM, null))==null) {
\r
140 if(props_ok==false) {
\r
144 // AAFLur has pool of DME clients as needed, and Caches Client lookups
\r
145 Lur lur = Config.configLur(access);
\r
146 // Loop through to find AAFLur out of possible Lurs, to reuse AAFCon
\r
147 if(lur instanceof EpiLur) {
\r
148 EpiLur elur = (EpiLur)lur;
\r
149 for(int i=0; (lur = elur.get(i))!=null;++i) {
\r
150 if(lur instanceof AbsAAFLur) {
\r
151 aafLur=(AbsAAFLur<AAFPermission>)lur;
\r
152 aafcon = aafLur.aaf;
\r
153 aafAuthn = aafLur.aaf.newAuthn(aafLur);
\r
155 } else if(lur instanceof LocalLur) {
\r
156 localLur = (LocalLur)lur;
\r
159 } else if(lur instanceof AbsAAFLur) {
\r
160 aafLur=(AbsAAFLur<AAFPermission>)lur;
\r
161 aafcon = aafLur.aaf;
\r
162 aafAuthn = aafLur.aaf.newAuthn(aafLur);
\r
164 if(aafAuthn==null) {
\r
165 access.log(Level.INIT,"Failed to instantiate full AAF access");
\r
168 } catch (Exception e) {
\r
170 if(access!=null)access.log(e, "Failed to initialize AAF");
\r
176 public Set<DataResource> protectedResources() {
\r
177 access.log(Level.DEBUG, "Data Resource asked for: it's",dataResource.isEmpty()?"":"not","empty");
\r
178 return dataResource;
\r
181 public Set<IAuthenticator.Option> supportedOptions() {
\r
182 access.log(Level.DEBUG, "supportedOptions() called");
\r
186 public Set<IAuthenticator.Option> alterableOptions() {
\r
187 access.log(Level.DEBUG, "alterableOptions() called");
\r