2 * ============LICENSE_START=======================================================
4 * ================================================================================
5 * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
6 * Modifications Copyright (C) 2019 IBM.
7 * ================================================================================
8 * Licensed under the Apache License, Version 2.0 (the "License");
9 * you may not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS,
16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 * ============LICENSE_END=========================================================
22 package org.onap.dmaap.dbcapi.aaf;
24 import java.io.IOException;
25 import java.security.Principal;
26 import java.util.ArrayList;
27 import java.util.List;
29 import org.apache.log4j.Logger;
30 import org.onap.aaf.cadi.Access;
31 import org.onap.aaf.cadi.CadiException;
32 import org.onap.aaf.cadi.LocatorException;
33 import org.onap.aaf.cadi.Permission;
34 import org.onap.aaf.cadi.aaf.AAFPermission;
35 import org.onap.aaf.cadi.aaf.v2_0.AAFAuthn;
36 import org.onap.aaf.cadi.aaf.v2_0.AAFConHttp;
37 import org.onap.aaf.cadi.aaf.v2_0.AAFLurPerm;
38 import org.onap.aaf.cadi.principal.UnAuthPrincipal;
39 import org.onap.aaf.misc.env.APIException;
40 import org.onap.dmaap.dbcapi.logging.BaseLoggingClass;
43 * this service uses the AAF Lur object to lookup identities and perms
45 public class AafLurService extends BaseLoggingClass {
47 static Logger log = Logger.getLogger(AafLurService.class.getName());
50 private static AAFConHttp aafcon;
51 private static AAFLurPerm aafLur;
52 private static AAFAuthn<?> aafAuthn;
56 * singleton pattern suggested by AAF
58 private static AafLurService singleton;
59 private AafLurService() {}
63 private static void init( Access myAccess ) throws APIException, CadiException, LocatorException {
64 appLogger.info( "myAccess=" + myAccess );
66 aafcon = new AAFConHttp( myAccess );
67 } catch ( CadiException | LocatorException e) {
68 appLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
69 errorLogger.error( "Failure of AAFConHttp: " + e.getMessage() );
75 aafLur = aafcon.newLur();
76 } catch ( CadiException e) {
77 appLogger.error( "Failure of newLur(): " + e.getMessage() );
78 errorLogger.error( "Failure of newLur(): " + e.getMessage() );
83 aafAuthn = aafcon.newAuthn( aafLur );
86 public static synchronized AafLurService getInstance( Access myAccess ) throws APIException, CadiException, LocatorException{
87 if ( singleton == null ) {
88 singleton = new AafLurService();
91 } catch (APIException | CadiException | LocatorException e) {
102 public boolean checkPerm(String ns, String fqi, String pwd, DmaapPerm p) throws IOException, CadiException {
106 if ( aafAuthn == null ) {
107 appLogger.error( "AafLurService: aafAuthn not set as expected.");
111 String ok = aafAuthn.validate( fqi, pwd );
113 appLogger.info( "FAILED validation of fqi=" + fqi + "with response:" + ok );
117 Principal principal = new UnAuthPrincipal( fqi );
118 // if we pass ns as first arg to AAFPermission constructor it gets prpended to the instance...
119 // as in ns|instance|type|action. we don't want that.
120 Permission aafPerm = new AAFPermission( null, p.getPermission(), p.getPtype(), p.getAction());
121 if ( aafLur == null ) {
122 appLogger.error( "AafLurService: aafLur not set as expected.");
125 rc = aafLur.fish( principal, aafPerm );
131 List<Permission> perms = new ArrayList<>();
132 aafLur.fishAll( principal, perms);
133 String key = aafPerm.getKey();
134 for ( Permission prm: perms ) {
135 if ( prm.getKey().equals( key )) {
136 appLogger.info( principal + " has MATCHING perm " + prm.getKey() );
138 appLogger.info( principal + " has non-matching perm " + prm.getKey() );