+ /*
+ * Security check for authentication and authorizations.
+ */
+ public static boolean checkPermissions(String clientEncoding, String requestID, String resource) {
+ try {
+ String[] userNamePass = PolicyUtils.decodeBasicEncoding(clientEncoding);
+ if (userNamePass == null || userNamePass.length == 0) {
+ String usernameAndPassword = null;
+ byte[] decodedBytes = Base64.getDecoder().decode(clientEncoding);
+ usernameAndPassword = new String(decodedBytes, "UTF-8");
+ StringTokenizer tokenizer = new StringTokenizer(usernameAndPassword, ":");
+ String username = tokenizer.nextToken();
+ String password = tokenizer.nextToken();
+ userNamePass = new String[] {username, password};
+ }
+ LOGGER.info("User " + userNamePass[0] + " is Accessing Policy Engine API.");
+ Boolean result = false;
+ // Check Backward Compatibility.
+ try {
+ /*
+ * If AAF is NOT enabled in the properties we will allow the user to continue to use the
+ * client.properties file to authenticate. Note: Disabling AAF is for testing purposes and not intended
+ * for production.
+ */
+ if ("false".equals(XACMLProperties.getProperty("enable_aaf"))) {
+ result = clientAuth(userNamePass);
+ }
+ } catch (Exception e) {
+ LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
+ }
+ if (!result) {
+ String aafPolicyNameSpace = XACMLProperties.getProperty("policy.aaf.namespace");
+ String aafResource = XACMLProperties.getProperty("policy.aaf.root.permission");
+ String type = null;
+ if (!userNamePass[0].contains("@") && aafPolicyNameSpace != null) {
+ userNamePass[0] = userNamePass[0] + "@" + reverseNamespace(aafPolicyNameSpace);
+ } else {
+ LOGGER.info("No AAF NameSpace specified in properties");
+ }
+ if (aafResource != null) {
+ type = aafResource + "." + resource;
+ } else {
+ LOGGER.warn("No AAF Resource specified in properties");
+ return false;
+ }
+ LOGGER.info("Contacting AAF in : " + environment);
+ result = aafClient.checkAuthPerm(userNamePass[0], userNamePass[1], type, environment, "*");
+ }
+ return result;
+ } catch (Exception e) {
+ LOGGER.error(MessageCodes.ERROR_PERMISSIONS, e);
+ return false;
+ }
+ }