+// private static String service, version, envContext;
+
+ private static final String GET_PERMS_BY_USER = "Get Perms by User";
+ private static final String USER_HAS_PERM ="User Has Perm";
+// private static final String USER_IN_ROLE ="User Has Role";
+
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+
+
+ gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
+ try {
+ final String accept = req.getHeader("ACCEPT");
+ final String user = pathParam(req,":user");
+ if (!user.contains("@")) {
+ context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
+ return;
+ }
+ final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
+ TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
+ Dated d;
+ try {
+ d = gwAPI.cacheUser.get(key);
+ } finally {
+ tt2.done();
+ }
+
+ if (d==null || d.data.isEmpty()) {
+ tt2 = trans.start("AAF Service Call",Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<String> fp = client.read("/authz/perms/user/"+user,accept);
+ if (fp.get(5000)) {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
+ resp.setStatus(HttpStatus.OK_200);
+ ServletOutputStream sos;
+ try {
+ sos = resp.getOutputStream();
+ sos.print(fp.value);
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
+ } else {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
+ context.error(trans,resp,fp.code(),fp.body());
+ }
+ return null;
+ }
+ });
+ } finally {
+ tt2.done();
+ }
+ } else {
+ User u = (User)d.data.get(0);
+ resp.setStatus(u.code);
+ ServletOutputStream sos = resp.getOutputStream();
+ sos.print(u.resp);
+ }
+ } finally {
+ tt.done();
+ }
+ }
+ });
+
+
+ gwAPI.route(gwAPI.env,HttpMethods.GET,"/authn/basicAuth",new BasicAuthCode(gwAPI.aafAuthn,facade)
+ ,"text/plain","*/*","*");
+
+ /**
+ * Query User Has Perm is DEPRECATED
+ *
+ * Need to move towards NS declaration... is this even being used?
+ * @deprecated
+ */
+ gwAPI.route(HttpMethods.GET,"/ask/:user/has/:type/:instance/:action",API.VOID,new LocateCode(facade,USER_HAS_PERM, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ String type = pathParam(req,":type");
+ int idx = type.lastIndexOf('.');
+ String ns = type.substring(0,idx);
+ type = type.substring(idx+1);
+ resp.getOutputStream().print(
+ gwAPI.aafLurPerm.fish(new Principal() {
+ public String getName() {
+ return pathParam(req,":user");
+ };
+ }, new AAFPermission(
+ ns,
+ type,
+ pathParam(req,":instance"),
+ pathParam(req,":action"))));
+ resp.setStatus(HttpStatus.OK_200);
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });
+
+ gwAPI.route(HttpMethods.GET,"/gui/:path*",API.VOID,new LocateCode(facade,"Short Access PROD GUI for AAF", true) {
+ @Override
+ public void handle(AuthzTrans trans, HttpServletRequest req, HttpServletResponse resp) throws Exception {
+ try {
+ redirect(trans, req, resp, context,
+ gwAPI.getGUILocator(),
+ "gui/"+pathParam(req,":path"));
+ } catch (LocatorException e) {
+ context.error(trans, resp, Result.ERR_BadData, e.getMessage());
+ } catch (Exception e) {
+ context.error(trans, resp, Result.ERR_General, e.getMessage());
+ }
+ }
+ });