- private static final String GET_PERMS_BY_USER = "Get Perms by User";
- private static final String USER_HAS_PERM ="User Has Perm";
-// private static final String USER_IN_ROLE ="User Has Role";
-
- /**
- * Normal Init level APIs
- *
- * @param gwAPI
- * @param facade
- * @throws Exception
- */
- public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
-
-
- gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) {
- @Override
- public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
- TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
- try {
- final String accept = req.getHeader("ACCEPT");
- final String user = pathParam(req,":user");
- if(!user.contains("@")) {
- context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
- return;
- }
- final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
- TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
- Dated d;
- try {
- d = gwAPI.cacheUser.get(key);
- } finally {
- tt2.done();
- }
-
- if(d==null || d.data.isEmpty()) {
- tt2 = trans.start("AAF Service Call",Env.REMOTE);
- try {
- gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
- @Override
- public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
- Future<String> fp = client.read("/authz/perms/user/"+user,accept);
- if(fp.get(5000)) {
- gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
- resp.setStatus(HttpStatus.OK_200);
- ServletOutputStream sos;
- try {
- sos = resp.getOutputStream();
- sos.print(fp.value);
- } catch (IOException e) {
- throw new CadiException(e);
- }
- } else {
- gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
- context.error(trans,resp,fp.code(),fp.body());
- }
- return null;
- }
- });
- } finally {
- tt2.done();
- }
- } else {
- User u = (User)d.data.get(0);
- resp.setStatus(u.code);
- ServletOutputStream sos = resp.getOutputStream();
- sos.print(u.resp);
- }
- } finally {
- tt.done();
- }
- }
- });
+ private static final String GET_PERMS_BY_USER = "Get Perms by User";
+ private static final String USER_HAS_PERM ="User Has Perm";
+// private static final String USER_IN_ROLE ="User Has Role";
+
+ /**
+ * Normal Init level APIs
+ *
+ * @param gwAPI
+ * @param facade
+ * @throws Exception
+ */
+ public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+
+
+ gwAPI.route(HttpMethods.GET,"/authz/perms/user/:user",API.VOID,new LocateCode(facade,GET_PERMS_BY_USER, true) {
+ @Override
+ public void handle(final AuthzTrans trans, final HttpServletRequest req, final HttpServletResponse resp) throws Exception {
+ TimeTaken tt = trans.start(GET_PERMS_BY_USER, Env.SUB);
+ try {
+ final String accept = req.getHeader("ACCEPT");
+ final String user = pathParam(req,":user");
+ if(!user.contains("@")) {
+ context.error(trans,resp,Result.ERR_BadData,"User [%s] must be fully qualified with domain",user);
+ return;
+ }
+ final String key = trans.user() + user + (accept!=null&&accept.contains("xml")?"-xml":"-json");
+ TimeTaken tt2 = trans.start("Cache Lookup",Env.SUB);
+ Dated d;
+ try {
+ d = gwAPI.cacheUser.get(key);
+ } finally {
+ tt2.done();
+ }
+
+ if(d==null || d.data.isEmpty()) {
+ tt2 = trans.start("AAF Service Call",Env.REMOTE);
+ try {
+ gwAPI.clientAsUser(trans.getUserPrincipal(), new Retryable<Void>() {
+ @Override
+ public Void code(Rcli<?> client) throws CadiException, ConnectException, APIException {
+ Future<String> fp = client.read("/authz/perms/user/"+user,accept);
+ if(fp.get(5000)) {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
+ resp.setStatus(HttpStatus.OK_200);
+ ServletOutputStream sos;
+ try {
+ sos = resp.getOutputStream();
+ sos.print(fp.value);
+ } catch (IOException e) {
+ throw new CadiException(e);
+ }
+ } else {
+ gwAPI.cacheUser.put(key, new Dated(new User(fp.code(),fp.body()),gwAPI.expireIn));
+ context.error(trans,resp,fp.code(),fp.body());
+ }
+ return null;
+ }
+ });
+ } finally {
+ tt2.done();
+ }
+ } else {
+ User u = (User)d.data.get(0);
+ resp.setStatus(u.code);
+ ServletOutputStream sos = resp.getOutputStream();
+ sos.print(u.resp);
+ }
+ } finally {
+ tt.done();
+ }
+ }
+ });